WO2016029668A1 - Secure connection method, device and system, and computer storage medium - Google Patents

Secure connection method, device and system, and computer storage medium Download PDF

Info

Publication number
WO2016029668A1
WO2016029668A1 PCT/CN2015/073292 CN2015073292W WO2016029668A1 WO 2016029668 A1 WO2016029668 A1 WO 2016029668A1 CN 2015073292 W CN2015073292 W CN 2015073292W WO 2016029668 A1 WO2016029668 A1 WO 2016029668A1
Authority
WO
WIPO (PCT)
Prior art keywords
wifi hotspot
authentication content
terminal
response message
authentication
Prior art date
Application number
PCT/CN2015/073292
Other languages
French (fr)
Chinese (zh)
Inventor
余庆平
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016029668A1 publication Critical patent/WO2016029668A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity

Definitions

  • the present invention relates to wireless local area network technology, and in particular, to a method, device and system for secure connection, and a computer storage medium.
  • Wireless Fidelity (WiFi) connection is the most commonly used wireless network connection for terminals.
  • the specific connection process is: after the terminal searches for the WiFi hotspot, the terminal initiates a connection request to the WiFi hotspot, and the WiFi hotspot performs password verification on the terminal; after the terminal passes the password verification of the WiFi hotspot, the WiFi hotspot completes the connection with the terminal.
  • FIG. 1 an application scenario in which a terminal is connected to a WiFi hotspot in the prior art is shown.
  • both the hotspot A and the hotspot B are WiFi hotspots, and the terminal and the terminal are connected through a wireless channel. Connection and interaction, as shown by the lightning-like connecting line in FIG. 1; the coverage of the hot spot A and the hot spot B is as shown by the elliptical solid line in FIG.
  • the terminal When the terminal is connected to a WiFi hotspot A for the first time, the terminal automatically records the Service Set Identifier (SSID), the encryption method, and the password of the hotspot A, so that the terminal searches for the hotspot A again according to the SSID of the hotspot A.
  • the connection request is initiated to the hotspot A by the SSID, encryption method, and password of the hotspot that has been automatically recorded, and the connection with the hotspot A is automatically completed.
  • the terminal searches for the simulated hotspot having the same SSID as the hotspot A. B. At this time, the terminal will automatically complete the connection according to the SSID, encryption mode and password of the hotspot A and the simulated hotspot B. Therefore, the terminal cannot connect with the desired WiFi hotspot, thereby reducing the connection between the terminal and the WiFi hotspot. Security.
  • the embodiment of the present invention is to provide a method, device, and system for secure connection, which can improve the security of establishing a connection between a terminal and a WiFi hotspot.
  • an embodiment of the present invention provides a method for securely connecting, and the method may include:
  • the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, the terminal completes connection with the WiFi hotspot.
  • the method further includes: when the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, the terminal terminates the connection with the WiFi hotspot.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
  • the terminal determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message, the terminal completes the connection with the WiFi hotspot, including:
  • the terminal compares the authentication content in the first response message with the authentication content saved by itself;
  • the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
  • the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, including:
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the method before the terminal sends a request message to the WiFi hotspot, the method further includes:
  • the terminal generates a pair of public and private keys, and saves the private key
  • the original authentication content is encrypted by the public key, and the encrypted authentication content and the authentication content identifier are obtained;
  • the terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the terminal compares the authentication content in the first response message with the authentication content saved by itself, including:
  • the terminal decrypts the authentication content in the first response message by using the private key, and compares the decrypted authentication content with the authentication content saved by the terminal itself.
  • an embodiment of the present invention provides another method for secure connection, where the method includes:
  • the WiFi hotspot receives a request message sent by the terminal, where the request message includes an authentication content identifier
  • the WiFi hotspot searches for the saved content according to the authentication content identifier in the request message.
  • Authentication content
  • the WiFi hotspot finds the authentication content corresponding to the authentication content identifier
  • the first response message is sent to the terminal, where the first response message includes the authentication content corresponding to the authentication content identifier.
  • the method further includes:
  • the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal, where the second response message is used to represent that the WiFi hotspot does not exist.
  • the authentication content corresponding to the authentication content identifier is described.
  • the method before the WiFi hotspot receives the request message sent by the terminal, the method further includes:
  • the authentication content in the first response message is the encrypted authentication content.
  • an embodiment of the present invention provides a terminal, where the terminal includes: a sending unit, a receiving unit, a determining unit, and a connection control unit, where
  • the sending unit is configured to send a request message to the WiFi hotspot in the process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
  • the receiving unit is configured to receive a response message sent by the WiFi hotspot
  • the determining unit is configured to determine, according to the response message received by the receiving unit, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit;
  • the connection control unit is configured to complete a connection with the WiFi hotspot when the determining unit determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
  • the determining unit is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit;
  • connection control unit is further configured to determine, when the determining unit is determined according to the response message When the WiFi hotspot is a non-trusted WiFi hotspot, the connection with the WiFi hotspot is terminated.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
  • the determining unit is configured to:
  • the receiving unit When the receiving unit receives the first response message, compare the authentication content in the first response message with the authentication content saved by the terminal itself;
  • the WiFi hotspot is a trusted WiFi hotspot.
  • the determining unit is configured to:
  • the receiving unit receives the second response message, determining that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the terminal further includes a generating unit and an encrypting unit;
  • the generating unit is configured to generate a pair of public and private keys, and save the private key
  • the receiving unit is further configured to receive the original authentication content
  • the encryption unit is configured to encrypt the original authentication content by using the public key after the terminal is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier;
  • the sending unit is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the determining unit is configured to decrypt the authentication content in the first response message by using a private key, and compare the decrypted authentication content with the authentication content saved by the terminal itself.
  • the embodiment of the present invention provides a WiFi hotspot, where the WiFi hotspot includes: a receiving unit, a searching unit, and a sending unit, where
  • the receiving unit is configured to receive a request message sent by the terminal, where the request message includes an authentication content identifier
  • the searching unit is configured to search, according to the authentication content identifier in the request message, the authentication content that has been saved by the WiFi hotspot itself;
  • the sending unit is configured to: when the searching unit searches for the authentication content corresponding to the authentication content identifier, send a first response message to the terminal; where the first response message includes the authentication The content of the authentication corresponding to the content identifier.
  • the sending unit is further configured to: when the searching unit cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  • the receiving unit is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
  • the authentication content in the first response message is the encrypted authentication content.
  • an embodiment of the present invention provides a secure connection system, where the system includes a terminal and a WiFi hotspot, where
  • the terminal is configured to:
  • the WiFi hotspot is configured as:
  • an embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, and the computer executable instructions are used to execute the foregoing method.
  • the embodiment of the invention provides a method, a device and a system for securely connecting, and a computer storage medium.
  • the terminal can improve the terminal by performing a security verification on the WiFi hotspot during the connection process with the target WiFi hotspot to be connected.
  • the security of establishing a connection with a WiFi hotspot is a method, a device and a system for securely connecting, and a computer storage medium.
  • FIG. 1 is a schematic diagram of an application scenario in which a terminal is connected to a WiFi hotspot in the prior art
  • FIG. 2 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process of setting and establishing authentication content between a terminal and a WiFi hotspot according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of another method for secure connection according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a process of setting and establishing authentication content between another terminal and a WiFi hotspot according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of determining a security of a WiFi hotspot by a terminal according to an embodiment of the present disclosure
  • FIG. 8 is a diagram of another terminal for determining the security of a WiFi hotspot according to an embodiment of the present invention. Schematic diagram of the process
  • FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of another terminal according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of a WiFi hotspot according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic structural diagram of a system for secure connection according to an embodiment of the present invention.
  • the basic idea of the embodiment of the present invention is to verify the target WiFi hotspot when the terminal is connected to the WiFi hotspot, so that the terminal can be connected with the WiFi hotspot that is desired to be connected, thereby improving the connection between the terminal and the WiFi hotspot. Security.
  • the embodiment of the present invention is still described by using the application scenario shown in FIG. 1 as an example. It is noted that the scenario is only used to detail the technical solution of the embodiment of the present invention. It is to be understood that the technical solution of the embodiments of the present invention can be applied to other scenarios without any labor in a person skilled in the art.
  • the method can be applied to a terminal having a WiFi connection function.
  • the enumeration may be an intelligent connection with a WiFi connection function.
  • the method can include:
  • S201 The terminal sends a request message to the WiFi hotspot during the process of connecting with the WiFi hotspot;
  • the request message includes an authentication content identifier, so that the WiFi hotspot sends the authentication content that has been saved by the WiFi hotspot to the terminal according to the authentication content identifier;
  • the authentication content may be any one of information for characterizing that the terminal has established a WiFi connection with the WiFi hotspot.
  • the authentication content may preferably be a security password saved by the terminal and the WiFi hotspot in the previous connection process.
  • the WiFi hotspot After the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two different situations, the WiFi hotspot will feedback the response message to the terminal:
  • S202 The terminal receives a response message sent by the WiFi hotspot.
  • the response message includes a first response message or a second response message, according to the two different situations in which the WiFi hotspot searches for the authentication content that has been saved by the user according to the authentication content identifier.
  • the first response message includes the authentication content corresponding to the authentication content identifier, and indicates that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier.
  • the second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot, and the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier.
  • the first response message includes a pair of authentication content identifiers saved by the WiFi hotspot.
  • the authentication content therefore, when the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by itself, when the authentication in the first response message When the content is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot. Therefore, when the terminal receives the second response message, the terminal determines that the WiFi hotspot is not available. Trusted WiFi hotspots.
  • the terminal confirms that the WiFi hotspot is a trusted WiFi hotspot, completing the connection with the WiFi hotspot; correspondingly, after the terminal confirms that the WiFi hotspot is a non-trusted WiFi hotspot, terminating the connection with the WiFi hotspot .
  • the process of setting and establishing the authentication content of the terminal and the WiFi hotspot is also required.
  • the process may specifically include:
  • S200a The terminal generates a pair of public and private keys, and saves the private key.
  • the terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot;
  • the terminal may encapsulate the encrypted authentication content and the authentication content identifier after the authentication grant message, and send the authentication grant message to the trusted WiFi hotspot.
  • the authentication content in the first response message may be the encrypted authentication content, and correspondingly, the terminal according to the authentication in the first response message
  • the content is compared with the content of the authentication stored by the terminal, and specifically includes: the terminal decrypts the authentication content in the first response message by using the private key, and the decrypted authentication content and the authentication content saved by the terminal itself Control.
  • the embodiment of the present invention provides a method for securely connecting, and the terminal can secure the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
  • the method is applied to a WiFi hotspot, and the method may include:
  • the WiFi hotspot receives a request message sent by the terminal.
  • the request message includes an authentication content identification.
  • the WiFi hotspot searches for the authentication content that has been saved according to the authentication content identifier in the request message.
  • the WiFi hotspot after the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two situations, the WiFi hotspot will feed back different response messages to the terminal:
  • S403 Send a first response message to the terminal when the WiFi hotspot finds the authentication content corresponding to the authentication content identifier.
  • the first response message includes the authentication content corresponding to the authentication content identifier, indicating that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier;
  • the WiFi hotspot when the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier, and the method may further include:
  • the terminal sends a second response message, where the second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  • the WiFi hotspot identifies two results obtained by searching for the authentication content that has been saved according to the authentication content in the request message, the first response message or the second response message is sent to the terminal, so that the terminal is configured according to the A response message or a second response message is used to determine whether the WiFi hotspot is a trusted WiFi hotspot.
  • the specific determining process is described in the foregoing embodiment, and details are not described herein again.
  • the process may specifically include:
  • S400a the encrypted authentication content sent by the WiFi hotspot receiving terminal and the authentication content identifier
  • the encrypted authentication content and the authentication content identifier may be sent by the terminal after the authentication grant message to the WiFi hotspot.
  • the authentication content in the first response message may be the encrypted authentication content.
  • the embodiment of the present invention provides another method for securely connecting.
  • the terminal can improve the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. safety.
  • FIG. 6 a detailed flow of a method for secure connection according to an embodiment of the present invention is shown.
  • the SSID of the WiFi hotspot A that has been connected to the terminal is AA, and the password is 12345678.
  • the WiFi hotspot B is the AID of the WiFi hotspot A, and the SSID of the WiFi hotspot B is also AA, and the password is 12345678.
  • the detailed process of the method can include:
  • S601 The terminal generates a pair of public and private keys, and saves the private key.
  • S602 The terminal receives the original authentication content.
  • the original authentication content may be a security password input by the user.
  • the WiFi hotspot A can be considered as a trusted WiFi hotspot that the terminal can trust.
  • the terminal sends the encrypted authentication content and the authentication content identifier to the WiFi hotspot A;
  • the terminal may encapsulate the encrypted security password and its identifier after the authentication grant message, and send the authentication grant message to the WiFi hotspot A.
  • S601 to S604 complete the authentication content setting process of the terminal and the WiFi hotspot A.
  • the terminal searches for the surrounding WiFi hotspot in the ellipse area shown in FIG. 1, it will find the WiFi hotspot with the SSID AA connected to itself. Therefore, the terminal can connect to the WiFi hotspot with the SSID of AA according to the password 12345678 used when connecting with the WiFi hotspot A. At this time, the terminal considers that the target WiFi hotspot connected to itself is the WiFi hotspot A.
  • the terminal may be connected to the WiFi hotspot A, or may be connected to the WiFi hotspot B.
  • the specific connection object is mainly related to the ordering of the WiFi hotspot A and the WiFi hotspot B in the connection list of the terminal.
  • the target WiFi hotspot connected to the terminal is the WiFi hotspot A. Therefore, the terminal needs to initiate authentication authentication to the WiFi hotspot whose SSID is AA.
  • the specific authentication content may be as described in step S604.
  • a security password, and in this embodiment, the authentication process may include:
  • S605 The terminal sends a request message to the WiFi hotspot in a process of connecting to a WiFi hotspot with an SSID of AA.
  • the request message includes an authentication content identifier.
  • the authentication content identifier may be an identifier corresponding to the encrypted security password.
  • S606 The WiFi hotspot with the SSID of AA is identified according to the authentication content in the request message. Find your own saved authentication content;
  • the WiFi hotspot A can find the encrypted security password saved by itself according to the identifier corresponding to the encrypted security password;
  • the WiFi hotspot B When the WiFi hotspot with the SSID of AA is the WiFi hotspot B, since the WiFi hotspot B only simulates the SSID, encryption mode and password of the WiFi hotspot A, the WiFi hotspot B cannot find the encrypted according to the identifier corresponding to the encrypted security password. Security password.
  • the WiFi hotspot with the SSID of AA will also feed back different response messages to the terminal:
  • the first response message includes the encrypted security password, indicating that the WiFi hotspot stores the encrypted security password.
  • the second response message is used to indicate that the encrypted security password does not exist in the WiFi hotspot.
  • the terminal will correspondingly determine the security of the WiFi hotspot:
  • the detailed process of the method further includes:
  • S608a When the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by the terminal;
  • the terminal encrypts the encrypted key through the private key saved by the terminal itself.
  • the full password is decrypted, and the decrypted security password is compared with the security password saved by the terminal itself.
  • S609a When the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a trusted WiFi hotspot, and completes the WiFi hotspot with the SSID AA. connection;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is a trusted WiFi hotspot, that is, the WiFi hotspot A.
  • S610a When the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the WiFi hotspot with the SSID AA. Connection;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is a non-trusted WiFi hotspot, that is, the WiFi hotspot B.
  • the detailed process of the method further includes:
  • S608b When the terminal receives the second response message, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the connection with the WiFi hotspot with the SSID AA;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is not the WiFi hotspot A.
  • the terminal determines whether the target WiFi hotspot is trusted by verifying the target WiFi hotspot, so that the terminal can connect with the desired WiFi hotspot, thereby improving The security of establishing a connection between the terminal and the WiFi hotspot.
  • the terminal 90 may include: a sending unit 901, a receiving unit 902, a determining unit 903, and a connection control unit 904, where
  • the sending unit 901 is configured to send, by the terminal 90, a request message to the WiFi hotspot in a process of connecting with a WiFi hotspot; wherein the request message includes an authentication content identifier;
  • the receiving unit 902 is configured to receive a response message sent by the WiFi hotspot
  • the determining unit 903 is configured to determine, according to the response message received by the receiving unit 902, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit 904;
  • the connection control unit 904 is configured to complete the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
  • the determining unit 903 is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit 904;
  • connection control unit 904 is further configured to terminate the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier, and the second response message represents the WiFi hotspot There is no authentication content corresponding to the authentication content identifier;
  • the determining unit 903 is configured to:
  • the receiving unit 902 When the receiving unit 902 receives the first response message, the authentication content in the first response message is compared with the authentication content saved by the terminal 90 itself;
  • the determining unit 903 is configured to:
  • the receiving unit 902 When the receiving unit 902 receives the second response message, it is determined that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the terminal 90 further includes a generating unit 905 and an encrypting unit 906;
  • the generating unit 905 is configured to generate a pair of public keys and private keys, and save the private keys;
  • the receiving unit 902 is further configured to receive the original authentication content
  • the encryption unit 906 is configured to encrypt the original authentication content by using the public key after the terminal 90 is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier.
  • the sending unit 901 is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the determining unit 903 is configured to decrypt the authentication content in the first response message by using the private key, and compare the decrypted authentication content with the authentication content saved by the terminal 90 itself.
  • the embodiment of the present invention provides a terminal 90.
  • the terminal 90 can secure the connection between the terminal 90 and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
  • a WiFi hotspot 110 which may include: a receiving unit 1101, a searching unit 1102, and a sending unit 1103, where
  • the receiving unit 1101 is configured to receive a request message sent by the terminal, where the request is The request message includes an authentication content identifier;
  • the searching unit 1102 is configured to search for the authentication content that the WiFi hotspot 110 itself has saved according to the authentication content identifier in the request message received by the receiving unit 1101;
  • the sending unit 1103 is configured to send a first response message to the terminal when the searching unit 1102 finds the authentication content corresponding to the authentication content identifier, where the first response message includes the The authentication content corresponding to the authentication content is identified.
  • the sending unit 1103 is further configured to: when the searching unit 1102 cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot 110.
  • the receiving unit 1101 is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
  • the authentication content in the first response message is the encrypted authentication content.
  • the WiFi hotspot 110 provided by the embodiment of the present invention can improve the security of establishing a connection between the terminal and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. .
  • the system 120 may include a terminal 90 and a WiFi hotspot 110, where
  • the terminal 90 is configured to:
  • the terminal 90 determines that the WiFi hotspot 110 is a trusted WiFi hotspot 110 according to the response message, completing the connection with the WiFi hotspot 110.
  • the WiFi hotspot 110 is configured to:
  • the WiFi hotspot 110 finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal 90, where the first response message includes the identifier corresponding to the authentication content identifier The content of the authentication.
  • the terminal 90 can improve the connection between the terminal 90 and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. safety.
  • the embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, the computer executable instructions being used to execute the method described in any one of the foregoing method embodiments.
  • Each of the above units may be implemented by a central processing unit (CPU), a digital signal processor (DSP), or a field-programmable gate array (FPGA) in an electronic device.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA field-programmable gate array
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

Disclosed in an embodiment of the present invention are a secure connection method, device and system, and computer storage medium, the method comprising: a terminal in the process of connecting to a WiFi hotspot transmits a request message to the WiFi hotspot; the terminal receives a response message transmitted by the WiFi hotspot; and when the terminal determines, according to the response message, that the WiFi hotspot is trustworthy, the terminal completes the connection to the WiFi hotspot.

Description

一种安全连接的方法、设备和系统、计算机存储介质Method, device and system for safe connection, computer storage medium 技术领域Technical field
本发明涉及无线局域网技术,尤其涉及一种安全连接的方法、设备和系统、计算机存储介质。The present invention relates to wireless local area network technology, and in particular, to a method, device and system for secure connection, and a computer storage medium.
背景技术Background technique
无线保真(WiFi,Wireless Fidelity)连接是目前终端最常用的一种无线网络连接。具体的连接过程为:终端在搜索到WiFi热点之后,对该WiFi热点发起连接请求,该WiFi热点对终端进行密码验证;当终端通过该WiFi热点的密码验证后,该WiFi热点与终端完成连接。Wireless Fidelity (WiFi) connection is the most commonly used wireless network connection for terminals. The specific connection process is: after the terminal searches for the WiFi hotspot, the terminal initiates a connection request to the WiFi hotspot, and the WiFi hotspot performs password verification on the terminal; after the terminal passes the password verification of the WiFi hotspot, the WiFi hotspot completes the connection with the terminal.
参见图1,其示出了现有技术中终端与WiFi热点连接的一个应用场景,在图1所示的场景中,热点A和热点B均为WiFi热点,它们与终端之间通过无线信道进行连接和交互,如图1中的闪电状连接线所示;热点A和热点B的覆盖范围如图1中的椭圆实线围成的区域所示。Referring to FIG. 1 , an application scenario in which a terminal is connected to a WiFi hotspot in the prior art is shown. In the scenario shown in FIG. 1 , both the hotspot A and the hotspot B are WiFi hotspots, and the terminal and the terminal are connected through a wireless channel. Connection and interaction, as shown by the lightning-like connecting line in FIG. 1; the coverage of the hot spot A and the hot spot B is as shown by the elliptical solid line in FIG.
终端在首次连接至某个WiFi热点A的时候,会自动记录热点A的服务集标识(SSID,Service Set Identifier)、加密方式以及密码,以使得终端根据热点A的SSID再次搜素到热点A,通过已经自动记录的该热点的SSID、加密方式以及密码向热点A发起连接请求,并自动完成与热点A的连接。When the terminal is connected to a WiFi hotspot A for the first time, the terminal automatically records the Service Set Identifier (SSID), the encryption method, and the password of the hotspot A, so that the terminal searches for the hotspot A again according to the SSID of the hotspot A. The connection request is initiated to the hotspot A by the SSID, encryption method, and password of the hotspot that has been automatically recorded, and the connection with the hotspot A is automatically completed.
但是,如果热点A的SSID、加密方式以及密码均被第三方的WiFi热点B模拟,那么当终端打开WiFi连接并期望与热点A进行连接时,终端会搜索到与热点A具有相同SSID的模拟热点B,此时,终端将会根据热点A的SSID、加密方式以及密码与模拟热点B自动完成连接。从而使得终端无法与期望的WiFi热点进行连接,降低了终端与WiFi热点之间建立连接 的安全性。However, if the SSID, encryption mode, and password of the hotspot A are all simulated by the third party's WiFi hotspot B, when the terminal opens the WiFi connection and expects to connect with the hotspot A, the terminal searches for the simulated hotspot having the same SSID as the hotspot A. B. At this time, the terminal will automatically complete the connection according to the SSID, encryption mode and password of the hotspot A and the simulated hotspot B. Therefore, the terminal cannot connect with the desired WiFi hotspot, thereby reducing the connection between the terminal and the WiFi hotspot. Security.
发明内容Summary of the invention
为解决上述技术问题,本发明实施例期望提供一种安全连接的方法、设备和系统,能够提高终端与WiFi热点之间建立连接的安全性。To solve the above technical problem, the embodiment of the present invention is to provide a method, device, and system for secure connection, which can improve the security of establishing a connection between a terminal and a WiFi hotspot.
本发明的技术方案是这样实现的:The technical solution of the present invention is implemented as follows:
第一方面,本发明实施例提供了一种安全连接的方法,该方法可以包括:In a first aspect, an embodiment of the present invention provides a method for securely connecting, and the method may include:
终端在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;Sending, by the terminal, a request message to the WiFi hotspot in a process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
所述终端接收所述WiFi热点发送的响应消息;Receiving, by the terminal, a response message sent by the WiFi hotspot;
当所述终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,所述终端完成与所述WiFi热点的连接。When the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, the terminal completes connection with the WiFi hotspot.
一具体实施例中,所述方法还包括:当所述终端根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点时,所述终端终止与所述WiFi热点的连接。In a specific embodiment, the method further includes: when the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, the terminal terminates the connection with the WiFi hotspot.
一具体实施例中,所述响应消息包括第一响应消息或第二响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容;所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容;In a specific embodiment, the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
相应地,所述当所述终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,所述终端完成与所述WiFi热点的连接,包括:Correspondingly, when the terminal determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message, the terminal completes the connection with the WiFi hotspot, including:
当所述终端接收到所述第一响应消息时,所述终端根据所述第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照;When the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by itself;
当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容一致时,所述终端确定所述WiFi热点为可信任的WiFi热点。 When the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
一具体实施例中,所述终端根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点,包括:In a specific embodiment, the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, including:
当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容不一致时,所述终端确定所述WiFi热点为非可信任的WiFi热点;或者,When the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot; or
当所述终端接收到所述第二响应消息时,所述终端确定所述WiFi热点为非可信任的WiFi热点。When the terminal receives the second response message, the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
一具体实施例中,所述终端向所述WiFi热点发送请求消息之前,所述方法还包括:In a specific embodiment, before the terminal sends a request message to the WiFi hotspot, the method further includes:
所述终端生成一对公钥和私钥,并将私钥进行保存;The terminal generates a pair of public and private keys, and saves the private key;
所述终端接收原始鉴权内容;Receiving, by the terminal, original authentication content;
所述终端连接至可信任的WiFi热点之后,通过公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;After the terminal is connected to the trusted WiFi hotspot, the original authentication content is encrypted by the public key, and the encrypted authentication content and the authentication content identifier are obtained;
所述终端将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点。The terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
一具体实施例中,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容;In an embodiment, the authentication content in the first response message is the encrypted authentication content;
相应地,所述终端根据所述第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照,包括:Correspondingly, the terminal compares the authentication content in the first response message with the authentication content saved by itself, including:
所述终端通过私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端自身保存的鉴权内容进行对照。The terminal decrypts the authentication content in the first response message by using the private key, and compares the decrypted authentication content with the authentication content saved by the terminal itself.
第二方面,本发明实施例提供了另一种安全连接的方法,所述方法包括:In a second aspect, an embodiment of the present invention provides another method for secure connection, where the method includes:
WiFi热点接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;The WiFi hotspot receives a request message sent by the terminal, where the request message includes an authentication content identifier;
所述WiFi热点根据所述请求消息中的鉴权内容标识查找自身已保存的 鉴权内容;The WiFi hotspot searches for the saved content according to the authentication content identifier in the request message. Authentication content;
当所述WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。When the WiFi hotspot finds the authentication content corresponding to the authentication content identifier, the first response message is sent to the terminal, where the first response message includes the authentication content corresponding to the authentication content identifier. .
一具体实施例中,所述方法还包括:In a specific embodiment, the method further includes:
当所述WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容。When the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal, where the second response message is used to represent that the WiFi hotspot does not exist. The authentication content corresponding to the authentication content identifier is described.
一具体实施例中,所述WiFi热点接收终端发送的请求消息之前,所述方法还包括:In a specific embodiment, before the WiFi hotspot receives the request message sent by the terminal, the method further includes:
所述WiFi热点接收所述终端发送的加密后的鉴权内容以及鉴权内容标识;Receiving, by the WiFi hotspot, the encrypted authentication content and the authentication content identifier sent by the terminal;
相应地,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容。Correspondingly, the authentication content in the first response message is the encrypted authentication content.
第三方面,本发明实施例提供了一种终端,所述终端包括:发送单元、接收单元、确定单元和连接控制单元,其中,In a third aspect, an embodiment of the present invention provides a terminal, where the terminal includes: a sending unit, a receiving unit, a determining unit, and a connection control unit, where
所述发送单元,配置为所述终端在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;The sending unit is configured to send a request message to the WiFi hotspot in the process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
所述接收单元,配置为接收所述WiFi热点发送的响应消息;The receiving unit is configured to receive a response message sent by the WiFi hotspot;
所述确定单元,配置为根据所述接收单元接收的响应消息确定所述WiFi热点为可信任的WiFi热点,并触发所述连接控制单元;The determining unit is configured to determine, according to the response message received by the receiving unit, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit;
所述连接控制单元,配置为当所述确定单元根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,完成与所述WiFi热点的连接。The connection control unit is configured to complete a connection with the WiFi hotspot when the determining unit determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
一具体实施例中,所述确定单元,还配置为根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点,并触发所述连接控制单元;In a specific embodiment, the determining unit is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit;
所述连接控制单元,还配置为当所述确定单元根据所述响应消息确定 所述WiFi热点为非可信任的WiFi热点时,终止与所述WiFi热点的连接。The connection control unit is further configured to determine, when the determining unit is determined according to the response message When the WiFi hotspot is a non-trusted WiFi hotspot, the connection with the WiFi hotspot is terminated.
一具体实施例中,所述响应消息包括第一响应消息或第二响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容;所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容;In a specific embodiment, the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
相应地,所述确定单元,配置为:Correspondingly, the determining unit is configured to:
当所述接收单元接收到所述第一响应消息时,根据所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容进行对照;When the receiving unit receives the first response message, compare the authentication content in the first response message with the authentication content saved by the terminal itself;
以及,当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容一致时,确定所述WiFi热点为可信任的WiFi热点。And determining, when the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the WiFi hotspot is a trusted WiFi hotspot.
一具体实施例中,所述确定单元,配置为:In a specific embodiment, the determining unit is configured to:
当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容不一致时,确定所述WiFi热点为非可信任的WiFi热点;或者,Determining that the WiFi hotspot is a non-trusted WiFi hotspot when the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself; or
当所述接收单元接收到所述第二响应消息时,确定所述WiFi热点为非可信任的WiFi热点。And when the receiving unit receives the second response message, determining that the WiFi hotspot is a non-trusted WiFi hotspot.
一具体实施例中,所述终端还包括生成单元和加密单元;In a specific embodiment, the terminal further includes a generating unit and an encrypting unit;
所述生成单元,配置为生成一对公钥和私钥,并将所述私钥进行保存;The generating unit is configured to generate a pair of public and private keys, and save the private key;
所述接收单元,还配置为接收原始鉴权内容;The receiving unit is further configured to receive the original authentication content;
所述加密单元,配置为所述终端连接至可信任的WiFi热点之后,通过所述公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;The encryption unit is configured to encrypt the original authentication content by using the public key after the terminal is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier;
所述发送单元,还配置为将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点。The sending unit is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
一具体实施例中,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容; In an embodiment, the authentication content in the first response message is the encrypted authentication content;
相应地,所述确定单元,配置为通过私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端自身保存的鉴权内容进行对照。Correspondingly, the determining unit is configured to decrypt the authentication content in the first response message by using a private key, and compare the decrypted authentication content with the authentication content saved by the terminal itself.
第四方面,本发明实施例提供了一种WiFi热点,所述WiFi热点包括:接收单元、查找单元和发送单元,其中,In a fourth aspect, the embodiment of the present invention provides a WiFi hotspot, where the WiFi hotspot includes: a receiving unit, a searching unit, and a sending unit, where
所述接收单元,配置为接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;The receiving unit is configured to receive a request message sent by the terminal, where the request message includes an authentication content identifier;
所述查找单元,配置为根据所述请求消息中的鉴权内容标识查找所述WiFi热点自身已保存的鉴权内容;The searching unit is configured to search, according to the authentication content identifier in the request message, the authentication content that has been saved by the WiFi hotspot itself;
所述发送单元,配置为当所述查找单元查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。The sending unit is configured to: when the searching unit searches for the authentication content corresponding to the authentication content identifier, send a first response message to the terminal; where the first response message includes the authentication The content of the authentication corresponding to the content identifier.
一具体实施例中,所述发送单元,还配置为当所述查找单元无法查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容。In a specific embodiment, the sending unit is further configured to: when the searching unit cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
一具体实施例中,其中,所述接收单元,还配置为接收所述终端发送的加密后的鉴权内容以及鉴权内容标识;In a specific embodiment, the receiving unit is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
相应地,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容。Correspondingly, the authentication content in the first response message is the encrypted authentication content.
第五方面,本发明实施例提供了一种安全连接的系统,所述系统包括终端和WiFi热点,其中,In a fifth aspect, an embodiment of the present invention provides a secure connection system, where the system includes a terminal and a WiFi hotspot, where
所述终端,配置为:The terminal is configured to:
在与所述WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;Sending a request message to the WiFi hotspot in a process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
以及,接收所述WiFi热点发送的响应消息;And receiving a response message sent by the WiFi hotspot;
以及,当所述终端根据所述响应消息确定所述WiFi热点为可信任的 WiFi热点时,完成与所述WiFi热点的连接。And determining, by the terminal, that the WiFi hotspot is trusted according to the response message When the WiFi hotspot is connected, the connection with the WiFi hotspot is completed.
所述WiFi热点,配置为:The WiFi hotspot is configured as:
接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;Receiving a request message sent by the terminal, where the request message includes an authentication content identifier;
以及,根据所述请求消息中的鉴权内容标识查找自身已保存的鉴权内容;And searching for the authentication content that has been saved according to the authentication content identifier in the request message;
以及,当所述WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。And, when the WiFi hotspot finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal, where the first response message includes a reference corresponding to the authentication content identifier. Right content.
第五方面,本发明实施例还提供一种计算机存储介质,其中存储有计算机可执行指令,所述计算机可执行指令用于执行上述方法。In a fifth aspect, an embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, and the computer executable instructions are used to execute the foregoing method.
本发明实施例提供了一种安全连接的方法、设备和系统、计算机存储介质,终端通过在与待连接的目标WiFi热点的连接过程中,对该WiFi热点进行安全验证的方式,够提高了终端与WiFi热点之间建立连接的安全性。The embodiment of the invention provides a method, a device and a system for securely connecting, and a computer storage medium. The terminal can improve the terminal by performing a security verification on the WiFi hotspot during the connection process with the target WiFi hotspot to be connected. The security of establishing a connection with a WiFi hotspot.
附图说明DRAWINGS
图1为现有技术中终端与WiFi热点连接的一个应用场景示意图;FIG. 1 is a schematic diagram of an application scenario in which a terminal is connected to a WiFi hotspot in the prior art;
图2为本发明实施例提供的一种安全连接的方法流程示意图;2 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention;
图3为本发明实施例提供的一种终端和WiFi热点之间设置与建立鉴权内容的过程示意图;FIG. 3 is a schematic diagram of a process of setting and establishing authentication content between a terminal and a WiFi hotspot according to an embodiment of the present invention;
图4为本发明实施例提供的另一种安全连接的方法流程示意图;4 is a schematic flowchart of another method for secure connection according to an embodiment of the present invention;
图5为本发明实施例提供的另一种终端和WiFi热点之间设置与建立鉴权内容的过程示意图;FIG. 5 is a schematic diagram of a process of setting and establishing authentication content between another terminal and a WiFi hotspot according to an embodiment of the present invention;
图6为本发明实施例提供的一种安全连接的方法详细流程示意图;FIG. 6 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention;
图7为本发明实施例提供的一种终端对WiFi热点的安全性进行判断的流程示意图;FIG. 7 is a schematic flowchart of determining a security of a WiFi hotspot by a terminal according to an embodiment of the present disclosure;
图8为本发明实施例提供的另一种终端对WiFi热点的安全性进行判断 的流程示意图;FIG. 8 is a diagram of another terminal for determining the security of a WiFi hotspot according to an embodiment of the present invention. Schematic diagram of the process;
图9为本发明实施例提供的一种终端结构示意图;FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;
图10为本发明实施例提供的另一种终端结构示意图;FIG. 10 is a schematic structural diagram of another terminal according to an embodiment of the present disclosure;
图11为本发明实施例提供的一种WiFi热点结构示意图;FIG. 11 is a schematic structural diagram of a WiFi hotspot according to an embodiment of the present disclosure;
图12为本发明实施例提供的一种安全连接的系统的结构示意图。FIG. 12 is a schematic structural diagram of a system for secure connection according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings.
本发明实施例的基本思想是,在终端与WiFi热点进行连接时,对目标WiFi热点进行验证,从而可以使得终端能够与期望连接的WiFi热点进行连接,进而提高了终端与WiFi热点之间建立连接的安全性。The basic idea of the embodiment of the present invention is to verify the target WiFi hotspot when the terminal is connected to the WiFi hotspot, so that the terminal can be connected with the WiFi hotspot that is desired to be connected, thereby improving the connection between the terminal and the WiFi hotspot. Security.
需要注意的是:在本发明实施例描述及附图当中,“WiFi热点”与“热点”表示为相同意义,后续说明书及附图的实施例描述中不再做赘述。It should be noted that, in the description of the embodiments of the present invention and the accompanying drawings, the "WiFi hotspot" and the "hotspot" are expressed in the same meaning, and the description of the embodiments of the following description and the drawings will not be repeated.
为了能够清楚地说明本发明实施例的技术方案,本发明实施例仍以图1所示的应用场景为例进行说明,值得注意的是,该场景仅用于对本发明实施例的技术方案进行详细说明,并不作任何限定,本领域技术人员可以无需创造性劳动将本发明实施例的技术方案应用于其他场景中。In order to be able to clearly illustrate the technical solution of the embodiment of the present invention, the embodiment of the present invention is still described by using the application scenario shown in FIG. 1 as an example. It is noted that the scenario is only used to detail the technical solution of the embodiment of the present invention. It is to be understood that the technical solution of the embodiments of the present invention can be applied to other scenarios without any labor in a person skilled in the art.
参见图2,其示出了本发明实施例提供的一种安全连接的方法,该方法可以应用于具有WiFi连接功能的终端,列举而非限定的,所述终端可以为具有WiFi连接功能的智能手机、平板电脑、掌上电脑、电子书阅读器、个人数字助理(PDA,Personal Digital Assistant)、销售终端(POS,Point of Sale)、车载电脑、动态影像专家压缩标准音频层面3播放器(MP3,Moving Picture Experts Group Audio Layer III)、动态影像专家压缩标准音频层面4(MP4,Moving Picture Experts Group Audio Layer IV)播放器、移动互联网设备(MID,Mobile Internet Device)、数字媒体播放器(DMP,Digital Media  Player)等电子设备。该方法可以包括:Referring to FIG. 2, a method for secure connection according to an embodiment of the present invention is shown. The method can be applied to a terminal having a WiFi connection function. The enumeration, but not limited, may be an intelligent connection with a WiFi connection function. Mobile phones, tablets, PDAs, e-book readers, personal digital assistants (PDAs), POS (Point of Sale), on-board computers, motion picture experts, compressed standard audio level 3 players (MP3, Moving Picture Experts Group Audio Layer III), Motion Picture Experts Group Audio Layer IV (MP4), Mobile Internet Device (MID), Digital Media Player (DMP, Digital) Media Player) and other electronic devices. The method can include:
S201:终端在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;S201: The terminal sends a request message to the WiFi hotspot during the process of connecting with the WiFi hotspot;
示例性地,所述请求消息包括鉴权内容标识,以使得所述WiFi热点根据所述鉴权内容标识向所述终端发送所述WiFi热点已保存的所述鉴权内容;Illustratively, the request message includes an authentication content identifier, so that the WiFi hotspot sends the authentication content that has been saved by the WiFi hotspot to the terminal according to the authentication content identifier;
具体地,所述鉴权内容可以是用于任意一种表征所述终端与所述WiFi热点曾建立过WiFi连接的信息。在本实施例中,鉴权内容可以优选为终端与WiFi热点在之前连接过程中各自保存的安全口令。Specifically, the authentication content may be any one of information for characterizing that the terminal has established a WiFi connection with the WiFi hotspot. In this embodiment, the authentication content may preferably be a security password saved by the terminal and the WiFi hotspot in the previous connection process.
可以理解的,当WiFi热点接收到请求消息之后,会根据请求消息中的鉴权内容标识查找自身已保存的鉴权内容,从而会出现以下两种情况:WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容以及WiFi热点查找到所述鉴权内容标识对应的鉴权内容。依据这两种不同情况,WiFi热点均会向终端反馈响应消息:It can be understood that, after the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two different situations, the WiFi hotspot will feedback the response message to the terminal:
S202:终端接收WiFi热点发送的响应消息;S202: The terminal receives a response message sent by the WiFi hotspot.
示例性地,根据上述WiFi热点根据鉴权内容标识搜索自身已保存的鉴权内容所出现的两种不同的情况,对应地,所述响应消息包括第一响应消息或第二响应消息;Illustratively, the response message includes a first response message or a second response message, according to the two different situations in which the WiFi hotspot searches for the authentication content that has been saved by the user according to the authentication content identifier.
其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容,表明WiFi热点保存了所述鉴权内容标识对应的鉴权内容;The first response message includes the authentication content corresponding to the authentication content identifier, and indicates that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier.
所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容,说明WiFi热点并没有保存所述鉴权内容标识对应的鉴权内容。The second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot, and the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier.
S203:当终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,所述终端完成与所述WiFi热点的连接;S203: When the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, the terminal completes a connection with the WiFi hotspot;
可选地,由于第一响应消息中包括WiFi热点保存的与鉴权内容标识对 应的鉴权内容,因此,当终端接收到第一响应消息时,终端根据第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照,当所述第一响应消息中的鉴权内容与终端自身保存的鉴权内容一致时,所述终端确定所述WiFi热点为可信任的WiFi热点。Optionally, the first response message includes a pair of authentication content identifiers saved by the WiFi hotspot. The authentication content, therefore, when the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by itself, when the authentication in the first response message When the content is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
一具体实施例中,当所述第一响应消息中的鉴权内容与终端自身保存的鉴权内容不一致时,所述终端确定所述WiFi热点为非可信任的WiFi热点。In a specific embodiment, when the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
可选地,由于第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容,因此,当终端接收到第二响应消息时,终端确定所述WiFi热点为非可信任的WiFi热点。Optionally, the second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot. Therefore, when the terminal receives the second response message, the terminal determines that the WiFi hotspot is not available. Trusted WiFi hotspots.
具体地,当终端确认WiFi热点为可信任的WiFi热点之后,完成与所述WiFi热点的连接;相应地,当终端确认WiFi热点为非可信任的WiFi热点之后,终止与所述WiFi热点的连接。Specifically, after the terminal confirms that the WiFi hotspot is a trusted WiFi hotspot, completing the connection with the WiFi hotspot; correspondingly, after the terminal confirms that the WiFi hotspot is a non-trusted WiFi hotspot, terminating the connection with the WiFi hotspot .
示例性的,在步骤S201至S203之前,还需要包括终端和WiFi热点的鉴权内容的设置与建立的过程,参见图3,该过程具体可以包括:For example, before the steps S201 to S203, the process of setting and establishing the authentication content of the terminal and the WiFi hotspot is also required. Referring to FIG. 3, the process may specifically include:
S200a:终端生成一对公钥和私钥,并将私钥进行保存;S200a: The terminal generates a pair of public and private keys, and saves the private key.
S200b:终端接收原始鉴权内容;S200b: the terminal receives the original authentication content;
S200c:终端连接至可信任的WiFi热点之后,通过公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;S200c: After the terminal is connected to the trusted WiFi hotspot, the original authentication content is encrypted by using a public key, and the encrypted authentication content and the authentication content identifier are obtained.
S200d:终端将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点;S200d: The terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot;
具体地,终端可以将加密后的鉴权内容以及鉴权内容标识封装在鉴权授予消息之后,向所述可信任的WiFi热点发送所述鉴权授予消息。Specifically, the terminal may encapsulate the encrypted authentication content and the authentication content identifier after the authentication grant message, and send the authentication grant message to the trusted WiFi hotspot.
优选地,结合S200d,在图2所示的实施例中,第一响应消息中的鉴权内容可以是加密后的鉴权内容,相应地,终端根据第一响应消息中的鉴权 内容与自身保存的鉴权内容进行对照,具体可以包括:所述终端通过私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端自身保存的鉴权内容进行对照。Preferably, in combination with S200d, in the embodiment shown in FIG. 2, the authentication content in the first response message may be the encrypted authentication content, and correspondingly, the terminal according to the authentication in the first response message The content is compared with the content of the authentication stored by the terminal, and specifically includes: the terminal decrypts the authentication content in the first response message by using the private key, and the decrypted authentication content and the authentication content saved by the terminal itself Control.
本发明实施例提供了一种安全连接的方法,终端通过在与待连接的目标WiFi热点的连接过程中,对该WiFi热点进行安全验证的方式,能够提高终端与WiFi热点之间建立连接的安全性。The embodiment of the present invention provides a method for securely connecting, and the terminal can secure the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
参见图4,其示出了本发明实施例提供的另一种安全连接的方法,该方法应用于WiFi热点,该方法可以包括:Referring to FIG. 4, there is shown another method for secure connection according to an embodiment of the present invention. The method is applied to a WiFi hotspot, and the method may include:
S401:WiFi热点接收终端发送的请求消息;S401: The WiFi hotspot receives a request message sent by the terminal.
示例性地,所述请求消息包括鉴权内容标识。Illustratively, the request message includes an authentication content identification.
S402:WiFi热点根据所述请求消息中的鉴权内容标识查找自身已保存的鉴权内容;S402: The WiFi hotspot searches for the authentication content that has been saved according to the authentication content identifier in the request message.
示例性地,当WiFi热点接收到请求消息之后,会根据请求消息中的鉴权内容标识查找自身已保存的鉴权内容,从而会出现以下两种情况:WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容以及WiFi热点查找到所述鉴权内容标识对应的鉴权内容。依据这两种情况,WiFi热点会向终端反馈不同的响应消息:Illustratively, after the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two situations, the WiFi hotspot will feed back different response messages to the terminal:
S403:当WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;S403: Send a first response message to the terminal when the WiFi hotspot finds the authentication content corresponding to the authentication content identifier.
示例性地,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容,表明WiFi热点保存了所述鉴权内容标识对应的鉴权内容;Illustratively, the first response message includes the authentication content corresponding to the authentication content identifier, indicating that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier;
一具体实施例中,当WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容时,说明WiFi热点并没有保存所述鉴权内容标识对应的鉴权内容,该方法还可以包括:In a specific embodiment, when the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier, and the method may further include:
当WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容时,向所述 终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容。When the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, The terminal sends a second response message, where the second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
可以理解地,当WiFi热点根据请求消息中的鉴权内容标识查找自身已保存的鉴权内容所得到的两种结果,会向终端发送第一响应消息或第二响应消息,以使得终端根据第一响应消息或第二响应消息来确定WiFi热点是否为可信任的WiFi热点,具体的确定过程前述实施例中已有描述,在此不再赘述。It can be understood that when the WiFi hotspot identifies two results obtained by searching for the authentication content that has been saved according to the authentication content in the request message, the first response message or the second response message is sent to the terminal, so that the terminal is configured according to the A response message or a second response message is used to determine whether the WiFi hotspot is a trusted WiFi hotspot. The specific determining process is described in the foregoing embodiment, and details are not described herein again.
需要说明的是,在步骤S401至S403之前,还需要包括WiFi热点和终端的鉴权内容的设置与建立的过程,参见图5,该过程具体可以包括:It should be noted that, before the steps S401 to S403, a process of setting and establishing the authentication content of the WiFi hotspot and the terminal is required. Referring to FIG. 5, the process may specifically include:
S400a:WiFi热点接收终端发送的加密后的鉴权内容以及鉴权内容标识;S400a: the encrypted authentication content sent by the WiFi hotspot receiving terminal and the authentication content identifier;
示例性地,所述加密后的鉴权内容以及鉴权内容标识可以由终端封装在鉴权授予消息之后,向所述WiFi热点进行发送。Exemplarily, the encrypted authentication content and the authentication content identifier may be sent by the terminal after the authentication grant message to the WiFi hotspot.
优选地,结合图4所示的实施例,第一响应消息中的鉴权内容可以是加密后的鉴权内容。Preferably, in combination with the embodiment shown in FIG. 4, the authentication content in the first response message may be the encrypted authentication content.
本发明实施例提供了另一种安全连接的方法,终端通过在与待连接的目标WiFi热点的连接过程中,对该WiFi热点进行安全验证的方式,能够提高终端与WiFi热点之间建立连接的安全性。The embodiment of the present invention provides another method for securely connecting. The terminal can improve the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. safety.
基于上述图2至图5所示的实施例以及图1所示的应用场景,参见图6,其示出了本发明实施例提供的一种安全连接的方法详细流程,在本实施例中,设定曾与终端进行过连接的WiFi热点A的SSID为AA,密码为12345678;而WiFi热点B由于模拟WiFi热点A的SSID和密码,因此WiFi热点B的SSID也为AA,密码为12345678。该方法的详细流程可以包括:Based on the foregoing embodiment shown in FIG. 2 to FIG. 5 and the application scenario shown in FIG. 1 , referring to FIG. 6 , a detailed flow of a method for secure connection according to an embodiment of the present invention is shown. In this embodiment, The SSID of the WiFi hotspot A that has been connected to the terminal is AA, and the password is 12345678. The WiFi hotspot B is the AID of the WiFi hotspot A, and the SSID of the WiFi hotspot B is also AA, and the password is 12345678. The detailed process of the method can include:
S601:终端生成一对公钥和私钥,并将私钥进行保存;S601: The terminal generates a pair of public and private keys, and saves the private key.
S602:终端接收原始鉴权内容; S602: The terminal receives the original authentication content.
需要说明的是,在本实施例中,原始鉴权内容可以是用户输入的安全口令。It should be noted that, in this embodiment, the original authentication content may be a security password input by the user.
S603:终端连接至WiFi热点A之后,通过公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;S603: After the terminal is connected to the WiFi hotspot A, the original authentication content is encrypted by using a public key, and the encrypted authentication content and the authentication content identifier are obtained.
此时,可以认为WiFi热点A为终端可信任的可信任的WiFi热点。At this time, the WiFi hotspot A can be considered as a trusted WiFi hotspot that the terminal can trust.
S604:终端将所述加密后的鉴权内容以及鉴权内容标识发送至WiFi热点A;S604: The terminal sends the encrypted authentication content and the authentication content identifier to the WiFi hotspot A;
具体地,终端可以将加密后的安全口令及其标识封装在鉴权授予消息之后,向WiFi热点A发送所述鉴权授予消息。Specifically, the terminal may encapsulate the encrypted security password and its identifier after the authentication grant message, and send the authentication grant message to the WiFi hotspot A.
S601至S604就完成了终端和WiFi热点A的鉴权内容设置过程,当终端在图1所示的椭圆区域中搜索周围的WiFi热点时,会发现曾与自身连接过的SSID为AA的WiFi热点,于是,终端可以根据曾经和WiFi热点A连接时使用的密码12345678与SSID为AA的WiFi热点进行连接,此时,终端会认为自身连接的目标WiFi热点为WiFi热点A。S601 to S604 complete the authentication content setting process of the terminal and the WiFi hotspot A. When the terminal searches for the surrounding WiFi hotspot in the ellipse area shown in FIG. 1, it will find the WiFi hotspot with the SSID AA connected to itself. Therefore, the terminal can connect to the WiFi hotspot with the SSID of AA according to the password 12345678 used when connecting with the WiFi hotspot A. At this time, the terminal considers that the target WiFi hotspot connected to itself is the WiFi hotspot A.
但是在实际的连接过程中,终端可能会连接到WiFi热点A,也可能会连接到WiFi热点B,具体的连接对象主要是依据WiFi热点A与WiFi热点B在终端的连接列表中的排序有关,但是终端连接的目标WiFi热点为WiFi热点A,因此,终端需要向自身发现的SSID为AA的WiFi热点发起鉴权认证,而本实施例中,具体的鉴权内容可以是步骤S604中所述的安全口令,而本实施例中,鉴权认证过程可以包括:However, in the actual connection process, the terminal may be connected to the WiFi hotspot A, or may be connected to the WiFi hotspot B. The specific connection object is mainly related to the ordering of the WiFi hotspot A and the WiFi hotspot B in the connection list of the terminal. However, the target WiFi hotspot connected to the terminal is the WiFi hotspot A. Therefore, the terminal needs to initiate authentication authentication to the WiFi hotspot whose SSID is AA. In this embodiment, the specific authentication content may be as described in step S604. A security password, and in this embodiment, the authentication process may include:
S605:终端在与SSID为AA的WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;S605: The terminal sends a request message to the WiFi hotspot in a process of connecting to a WiFi hotspot with an SSID of AA.
示例性地,所述请求消息包括鉴权内容标识,在本实施例中,鉴权内容标识可以是加密后的安全口令对应的标识。Illustratively, the request message includes an authentication content identifier. In this embodiment, the authentication content identifier may be an identifier corresponding to the encrypted security password.
S606:SSID为AA的WiFi热点根据所述请求消息中的鉴权内容标识 查找自身已保存的鉴权内容;S606: The WiFi hotspot with the SSID of AA is identified according to the authentication content in the request message. Find your own saved authentication content;
具体地,当SSID为AA的WiFi热点为WiFi热点A时,WiFi热点A能够根据加密后的安全口令对应的标识查找到自身保存的加密后的安全口令;Specifically, when the WiFi hotspot with the SSID of AA is the WiFi hotspot A, the WiFi hotspot A can find the encrypted security password saved by itself according to the identifier corresponding to the encrypted security password;
当SSID为AA的WiFi热点为WiFi热点B时,由于WiFi热点B仅模拟了WiFi热点A的SSID、加密方式和密码,因此,WiFi热点B无法根据加密后的安全口令对应的标识查找到加密后的安全口令。When the WiFi hotspot with the SSID of AA is the WiFi hotspot B, since the WiFi hotspot B only simulates the SSID, encryption mode and password of the WiFi hotspot A, the WiFi hotspot B cannot find the encrypted according to the identifier corresponding to the encrypted security password. Security password.
针对上述两种不同的情况,SSID为AA的WiFi热点也会向终端反馈不同的响应消息:For the above two different situations, the WiFi hotspot with the SSID of AA will also feed back different response messages to the terminal:
S607a:当SSID为AA的WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;S607a: When the WiFi hotspot with the SSID of AA finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal;
在本实施例中,第一响应消息包括加密后的安全口令,表明WiFi热点保存了加密后的安全口令。In this embodiment, the first response message includes the encrypted security password, indicating that the WiFi hotspot stores the encrypted security password.
S607b:当SSID为AA的WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第二响应消息;S607b: When the WiFi hotspot whose SSID is AA cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal;
在本实施例中,第二响应消息用于表征所述WiFi热点中不存在加密后的安全口令。In this embodiment, the second response message is used to indicate that the encrypted security password does not exist in the WiFi hotspot.
根据S607a与S607b之间的区别,终端会对应地对该WiFi热点的安全性做出判断:According to the difference between S607a and S607b, the terminal will correspondingly determine the security of the WiFi hotspot:
可选地,参见图7,当SSID为AA的WiFi热点向所述终端发送第一响应消息时,所述方法的详细流程还包括:Optionally, referring to FIG. 7, when a WiFi hotspot with an SSID of AA sends a first response message to the terminal, the detailed process of the method further includes:
S608a:当终端接收到第一响应消息时,终端根据第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照;S608a: When the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by the terminal;
具体地,由于第一响应消息中的鉴权内容为加密后的安全口令,因此,终端在接收到第一响应消息之后,通过终端自身保存的私钥将加密后的安 全口令进行解密,并将解密后的安全口令与终端自身保存的安全口令进行对照。Specifically, since the authentication content in the first response message is the encrypted security password, after receiving the first response message, the terminal encrypts the encrypted key through the private key saved by the terminal itself. The full password is decrypted, and the decrypted security password is compared with the security password saved by the terminal itself.
S609a:当所述第一响应消息中的鉴权内容与终端自身保存的鉴权内容一致时,终端确定SSID为AA的WiFi热点为可信任的WiFi热点,并完成与SSID为AA的WiFi热点的连接;S609a: When the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a trusted WiFi hotspot, and completes the WiFi hotspot with the SSID AA. connection;
具体在本实施例中,当解密后的安全口令与终端自身保存的安全口令一致时,终端可以确定SSID为AA的WiFi热点为可信任的WiFi热点,即WiFi热点A。Specifically, in this embodiment, when the decrypted security password is consistent with the security password saved by the terminal itself, the terminal may determine that the WiFi hotspot with the SSID of AA is a trusted WiFi hotspot, that is, the WiFi hotspot A.
S610a:当所述第一响应消息中的鉴权内容与终端自身保存的鉴权内容不一致时,终端确定SSID为AA的WiFi热点为非可信任的WiFi热点,并终止与SSID为AA的WiFi热点的连接;S610a: When the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the WiFi hotspot with the SSID AA. Connection;
具体在本实施例中,当解密后的安全口令与终端自身保存的安全口令不一致时,终端可以确定SSID为AA的WiFi热点为非可信任的WiFi热点,即WiFi热点B。Specifically, in this embodiment, when the decrypted security password is inconsistent with the security password saved by the terminal itself, the terminal may determine that the WiFi hotspot with the SSID of AA is a non-trusted WiFi hotspot, that is, the WiFi hotspot B.
可选地,参见图8,当SSID为AA的WiFi热点向所述终端发送第二响应消息时,所述方法的详细流程还包括:Optionally, referring to FIG. 8, when the WiFi hotspot with the SSID of AA sends a second response message to the terminal, the detailed process of the method further includes:
S608b:当终端接收到第二响应消息时,终端确定SSID为AA的WiFi热点为非可信任的WiFi热点,并终止与SSID为AA的WiFi热点的连接;S608b: When the terminal receives the second response message, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the connection with the WiFi hotspot with the SSID AA;
具体地,终端接收到第二响应消息时,可以判定SSID为AA的WiFi热点并不是WiFi热点A。Specifically, when the terminal receives the second response message, the terminal may determine that the WiFi hotspot with the SSID of AA is not the WiFi hotspot A.
通过以上的详细流程可以得知,终端在和WiFi热点的连接过程中,通过对目标WiFi热点的验证来确定目标WiFi热点是否可信任,从而使得终端能够与期望连接的WiFi热点进行连接,进而提高了终端与WiFi热点之间建立连接的安全性。Through the above detailed process, it can be known that, during the connection with the WiFi hotspot, the terminal determines whether the target WiFi hotspot is trusted by verifying the target WiFi hotspot, so that the terminal can connect with the desired WiFi hotspot, thereby improving The security of establishing a connection between the terminal and the WiFi hotspot.
基于前述实施例相同的技术构思,参见图9,其示出了本发明实施例提 供的一种终端90,该终端90可以包括:发送单元901、接收单元902、确定单元903和连接控制单元904,其中,Based on the same technical concept of the foregoing embodiment, referring to FIG. 9, which illustrates an embodiment of the present invention A terminal 90 is provided. The terminal 90 may include: a sending unit 901, a receiving unit 902, a determining unit 903, and a connection control unit 904, where
所述发送单元901,配置为所述终端90在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;The sending unit 901 is configured to send, by the terminal 90, a request message to the WiFi hotspot in a process of connecting with a WiFi hotspot; wherein the request message includes an authentication content identifier;
所述接收单元902,配置为接收所述WiFi热点发送的响应消息;The receiving unit 902 is configured to receive a response message sent by the WiFi hotspot;
所述确定单元903,配置为根据所述接收单元902接收的响应消息确定所述WiFi热点为可信任的WiFi热点,并触发所述连接控制单元904;The determining unit 903 is configured to determine, according to the response message received by the receiving unit 902, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit 904;
所述连接控制单元904,配置为当所述确定单元903根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,完成与所述WiFi热点的连接。The connection control unit 904 is configured to complete the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
示例性地,所述确定单元903,还配置为根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点,并触发所述连接控制单元904;Exemplarily, the determining unit 903 is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit 904;
所述连接控制单元904,还配置为当所述确定单元903根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点时,终止与所述WiFi热点的连接。The connection control unit 904 is further configured to terminate the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message.
具体地,所述响应消息包括第一响应消息或第二响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容;所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容;Specifically, the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier, and the second response message represents the WiFi hotspot There is no authentication content corresponding to the authentication content identifier;
相应地,所述确定单元903,配置为:Correspondingly, the determining unit 903 is configured to:
当所述接收单元902接收到所述第一响应消息时,根据所述第一响应消息中的鉴权内容与所述终端90自身保存的鉴权内容进行对照;When the receiving unit 902 receives the first response message, the authentication content in the first response message is compared with the authentication content saved by the terminal 90 itself;
以及,当所述第一响应消息中的鉴权内容与所述终端90自身保存的鉴权内容一致时,确定所述WiFi热点为可信任的WiFi热点。And determining that the WiFi hotspot is a trusted WiFi hotspot when the authentication content in the first response message is consistent with the authentication content saved by the terminal 90 itself.
一具体实施例中,所述确定单元903,配置为:In a specific embodiment, the determining unit 903 is configured to:
当所述第一响应消息中的鉴权内容与所述终端90自身保存的鉴权内容 不一致时,确定所述WiFi热点为非可信任的WiFi热点;或者,When the authentication content in the first response message and the authentication content saved by the terminal 90 itself In case of inconsistency, determining that the WiFi hotspot is an untrusted WiFi hotspot; or
当所述接收单元902接收到所述第二响应消息时,确定所述WiFi热点为非可信任的WiFi热点。When the receiving unit 902 receives the second response message, it is determined that the WiFi hotspot is a non-trusted WiFi hotspot.
示例性地,参见图10,所述终端90还包括生成单元905和加密单元906;Illustratively, referring to FIG. 10, the terminal 90 further includes a generating unit 905 and an encrypting unit 906;
所述生成单元905,配置为生成一对公钥和私钥,并将所述私钥进行保存;The generating unit 905 is configured to generate a pair of public keys and private keys, and save the private keys;
所述接收单元902,还配置为接收原始鉴权内容;The receiving unit 902 is further configured to receive the original authentication content;
所述加密单元906,配置为所述终端90连接至可信任的WiFi热点之后,通过所述公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;The encryption unit 906 is configured to encrypt the original authentication content by using the public key after the terminal 90 is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier.
所述发送单元901,还配置为将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点。The sending unit 901 is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
一具体实施例中,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容;In an embodiment, the authentication content in the first response message is the encrypted authentication content;
相应地,所述确定单元903,配置为通过所述私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端90自身保存的鉴权内容进行对照。Correspondingly, the determining unit 903 is configured to decrypt the authentication content in the first response message by using the private key, and compare the decrypted authentication content with the authentication content saved by the terminal 90 itself.
本发明实施例提供了一种终端90,终端90通过在与待连接的目标WiFi热点的连接过程中,对该WiFi热点进行安全验证的方式,能够提高终端90与WiFi热点之间建立连接的安全性。The embodiment of the present invention provides a terminal 90. The terminal 90 can secure the connection between the terminal 90 and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
基于前述实施例相同的技术构思,参见图11,其示出了本发明实施例提供的一种WiFi热点110,该WiFi热点110可以包括:接收单元1101、查找单元1102和发送单元1103,其中,Based on the same technical concept of the foregoing embodiment, referring to FIG. 11 , a WiFi hotspot 110 is provided, which may include: a receiving unit 1101, a searching unit 1102, and a sending unit 1103, where
所述接收单元1101,配置为接收终端发送的请求消息;其中,所述请 求消息包括鉴权内容标识;The receiving unit 1101 is configured to receive a request message sent by the terminal, where the request is The request message includes an authentication content identifier;
所述查找单元1102,配置为根据所述接收单元1101接收的请求消息中的鉴权内容标识查找所述WiFi热点110自身已保存的鉴权内容;The searching unit 1102 is configured to search for the authentication content that the WiFi hotspot 110 itself has saved according to the authentication content identifier in the request message received by the receiving unit 1101;
所述发送单元1103,配置为当所述查找单元1102查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。The sending unit 1103 is configured to send a first response message to the terminal when the searching unit 1102 finds the authentication content corresponding to the authentication content identifier, where the first response message includes the The authentication content corresponding to the authentication content is identified.
示例性地,所述发送单元1103,还配置为当所述查找单元1102无法查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点110中不存在所述鉴权内容标识对应的鉴权内容。Illustratively, the sending unit 1103 is further configured to: when the searching unit 1102 cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot 110.
示例性地,所述接收单元1101,还配置为接收所述终端发送的加密后的鉴权内容以及鉴权内容标识;Illustratively, the receiving unit 1101 is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
相应地,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容。Correspondingly, the authentication content in the first response message is the encrypted authentication content.
本发明实施例提供的一种WiFi热点110,终端通过在与该WiFi热点110的连接过程中,对该WiFi热点110进行安全验证的方式,能够提高终端与WiFi热点110之间建立连接的安全性。The WiFi hotspot 110 provided by the embodiment of the present invention can improve the security of establishing a connection between the terminal and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. .
基于前述实施例相同的技术构思,参见图12,其示出了本发明实施例提供的一种安全连接的系统120,该系统120可以包括终端90和WiFi热点110,其中,Based on the same technical concept of the foregoing embodiment, referring to FIG. 12, a system 120 for secure connection according to an embodiment of the present invention is provided. The system 120 may include a terminal 90 and a WiFi hotspot 110, where
所述终端90,配置为:The terminal 90 is configured to:
在与所述WiFi热点110进行连接的过程中,向所述WiFi热点110发送请求消息;其中,所述请求消息包括鉴权内容标识;Sending a request message to the WiFi hotspot 110 during the process of connecting with the WiFi hotspot 110; wherein the request message includes an authentication content identifier;
以及,接收所述WiFi热点110发送的响应消息;And receiving a response message sent by the WiFi hotspot 110;
以及,当所述终端90根据所述响应消息确定所述WiFi热点110为可信任的WiFi热点110时,完成与所述WiFi热点110的连接。 And when the terminal 90 determines that the WiFi hotspot 110 is a trusted WiFi hotspot 110 according to the response message, completing the connection with the WiFi hotspot 110.
所述WiFi热点110,配置为:The WiFi hotspot 110 is configured to:
接收终端90发送的请求消息;其中,所述请求消息包括鉴权内容标识;Receiving a request message sent by the terminal 90; wherein the request message includes an authentication content identifier;
以及,根据所述请求消息中的鉴权内容标识查找自身已保存的鉴权内容;And searching for the authentication content that has been saved according to the authentication content identifier in the request message;
以及,当所述WiFi热点110查找到所述鉴权内容标识对应的鉴权内容时,向所述终端90发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。And when the WiFi hotspot 110 finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal 90, where the first response message includes the identifier corresponding to the authentication content identifier The content of the authentication.
本发明实施例提供的一种安全连接的系统100,终端90通过在与WiFi热点110的连接过程中,对WiFi热点110进行安全验证的方式,能够提高终端90与WiFi热点110之间建立连接的安全性。In the system 100 for secure connection provided by the embodiment of the present invention, the terminal 90 can improve the connection between the terminal 90 and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. safety.
本发明实施例还提供一种计算机存储介质,其中存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一方法实施例所述的方法。The embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, the computer executable instructions being used to execute the method described in any one of the foregoing method embodiments.
上述各单元可以由电子设备中的中央处理器(Central Processing Unit,CPU)、数字信号处理器(Digital Signal Processor,DSP)或可编程逻辑阵列(Field-Programmable Gate Array,FPGA)实现。Each of the above units may be implemented by a central processing unit (CPU), a digital signal processor (DSP), or a field-programmable gate array (FPGA) in an electronic device.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得 通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine such that Instructions executed by a processor of a computer or other programmable data processing device generate means for implementing the functions specified in a block or blocks of a flow or a flow and/or a block diagram of the flowchart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。 These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Claims (20)

  1. 一种安全连接的方法,其中,所述方法包括:A method of securely connecting, wherein the method comprises:
    终端在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;Sending, by the terminal, a request message to the WiFi hotspot in a process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
    所述终端接收所述WiFi热点发送的响应消息;Receiving, by the terminal, a response message sent by the WiFi hotspot;
    当所述终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,所述终端完成与所述WiFi热点的连接。When the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, the terminal completes connection with the WiFi hotspot.
  2. 根据权利要求1所述的方法,其中,所述方法还包括:当所述终端根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点时,所述终端终止与所述WiFi热点的连接。The method according to claim 1, wherein the method further comprises: when the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message, the terminal terminates with the WiFi hotspot connection.
  3. 根据权利要求2所述的方法,其中,所述响应消息包括第一响应消息或第二响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容;所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容;The method of claim 2, wherein the response message comprises a first response message or a second response message; wherein the first response message comprises an authentication content corresponding to the authentication content identifier; The second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
    相应地,所述当所述终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,所述终端完成与所述WiFi热点的连接,包括:Correspondingly, when the terminal determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message, the terminal completes the connection with the WiFi hotspot, including:
    当所述终端接收到所述第一响应消息时,所述终端根据所述第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照;When the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by itself;
    当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容一致时,所述终端确定所述WiFi热点为可信任的WiFi热点。When the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
  4. 根据权利要求3所述的方法,其中,所述终端根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点,包括:The method of claim 3, wherein the determining, by the terminal, that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message comprises:
    当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容不一致时,所述终端确定所述WiFi热点为非可信任的WiFi热点;或者,When the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot; or
    当所述终端接收到所述第二响应消息时,所述终端确定所述WiFi热点 为非可信任的WiFi热点。When the terminal receives the second response message, the terminal determines the WiFi hotspot For non-trusted WiFi hotspots.
  5. 根据权利要求3所述的方法,其中,所述终端向所述WiFi热点发送请求消息之前,所述方法还包括:The method of claim 3, wherein the method further comprises: before the terminal sends a request message to the WiFi hotspot, the method further comprising:
    所述终端生成一对公钥和私钥,并将私钥进行保存;The terminal generates a pair of public and private keys, and saves the private key;
    所述终端接收原始鉴权内容;Receiving, by the terminal, original authentication content;
    所述终端连接至可信任的WiFi热点之后,通过公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;After the terminal is connected to the trusted WiFi hotspot, the original authentication content is encrypted by the public key, and the encrypted authentication content and the authentication content identifier are obtained;
    所述终端将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点。The terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  6. 根据权利要求5所述的方法,其中,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容;The method according to claim 5, wherein the authentication content in the first response message is the encrypted authentication content;
    相应地,所述终端根据所述第一响应消息中的鉴权内容与自身保存的鉴权内容进行对照,包括:Correspondingly, the terminal compares the authentication content in the first response message with the authentication content saved by itself, including:
    所述终端通过私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端自身保存的鉴权内容进行对照。The terminal decrypts the authentication content in the first response message by using the private key, and compares the decrypted authentication content with the authentication content saved by the terminal itself.
  7. 一种安全连接的方法,其中,所述方法包括:A method of securely connecting, wherein the method comprises:
    WiFi热点接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;The WiFi hotspot receives a request message sent by the terminal, where the request message includes an authentication content identifier;
    所述WiFi热点根据所述请求消息中的鉴权内容标识查找自身已保存的鉴权内容;The WiFi hotspot searches for the authentication content that has been saved according to the authentication content identifier in the request message;
    当所述WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。When the WiFi hotspot finds the authentication content corresponding to the authentication content identifier, the first response message is sent to the terminal, where the first response message includes the authentication content corresponding to the authentication content identifier. .
  8. 根据权利要求7所述的方法,其中,所述方法还包括:The method of claim 7 wherein the method further comprises:
    当所述WiFi热点无法查找到所述鉴权内容标识对应的鉴权内容时,向 所述终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容。When the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, The terminal sends a second response message, where the second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  9. 根据权利要求7所述的方法,其中,所述WiFi热点接收终端发送的请求消息之前,所述方法还包括:The method of claim 7, wherein the method further comprises: before the WiFi hotspot receives the request message sent by the terminal:
    所述WiFi热点接收所述终端发送的加密后的鉴权内容以及鉴权内容标识;Receiving, by the WiFi hotspot, the encrypted authentication content and the authentication content identifier sent by the terminal;
    相应地,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容。Correspondingly, the authentication content in the first response message is the encrypted authentication content.
  10. 一种终端,其中,所述终端包括:发送单元、接收单元、确定单元和连接控制单元,其中,A terminal, where the terminal includes: a sending unit, a receiving unit, a determining unit, and a connection control unit, where
    所述发送单元,配置为所述终端在与WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;The sending unit is configured to send a request message to the WiFi hotspot in the process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
    所述接收单元,配置为接收所述WiFi热点发送的响应消息;The receiving unit is configured to receive a response message sent by the WiFi hotspot;
    所述确定单元,配置为根据所述接收单元接收的响应消息确定所述WiFi热点为可信任的WiFi热点,并触发所述连接控制单元;The determining unit is configured to determine, according to the response message received by the receiving unit, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit;
    所述连接控制单元,配置为当所述确定单元根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,完成与所述WiFi热点的连接。The connection control unit is configured to complete a connection with the WiFi hotspot when the determining unit determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
  11. 根据权利要求10所述的终端,其中,所述确定单元,还配置为根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点,并触发所述连接控制单元;The terminal according to claim 10, wherein the determining unit is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit;
    所述连接控制单元,还配置为当所述确定单元根据所述响应消息确定所述WiFi热点为非可信任的WiFi热点时,终止与所述WiFi热点的连接。The connection control unit is further configured to terminate the connection with the WiFi hotspot when the determining unit determines that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message.
  12. 根据权利要求11所述的终端,其中,所述响应消息包括第一响应消息或第二响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容;所述第二响应消息表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容; The terminal according to claim 11, wherein the response message includes a first response message or a second response message, wherein the first response message includes an authentication content corresponding to the authentication content identifier; The second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
    相应地,所述确定单元,配置为:Correspondingly, the determining unit is configured to:
    当所述接收单元接收到所述第一响应消息时,根据所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容进行对照;When the receiving unit receives the first response message, compare the authentication content in the first response message with the authentication content saved by the terminal itself;
    以及,当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容一致时,确定所述WiFi热点为可信任的WiFi热点。And determining, when the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the WiFi hotspot is a trusted WiFi hotspot.
  13. 根据权利要求12所述的终端,其中,所述确定单元,配置为:The terminal according to claim 12, wherein the determining unit is configured to:
    当所述第一响应消息中的鉴权内容与所述终端自身保存的鉴权内容不一致时,确定所述WiFi热点为非可信任的WiFi热点;或者,Determining that the WiFi hotspot is a non-trusted WiFi hotspot when the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself; or
    当所述接收单元接收到所述第二响应消息时,确定所述WiFi热点为非可信任的WiFi热点。And when the receiving unit receives the second response message, determining that the WiFi hotspot is a non-trusted WiFi hotspot.
  14. 根据权利要求12所述的终端,其中,所述终端还包括生成单元和加密单元;The terminal according to claim 12, wherein the terminal further comprises a generating unit and an encrypting unit;
    所述生成单元,配置为生成一对公钥和私钥,并将所述私钥进行保存;The generating unit is configured to generate a pair of public and private keys, and save the private key;
    所述接收单元,还配置为接收原始鉴权内容;The receiving unit is further configured to receive the original authentication content;
    所述加密单元,配置为所述终端连接至可信任的WiFi热点之后,通过所述公钥对所述原始鉴权内容进行加密,获得加密后的鉴权内容以及鉴权内容标识;The encryption unit is configured to encrypt the original authentication content by using the public key after the terminal is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier;
    所述发送单元,还配置为将所述加密后的鉴权内容以及鉴权内容标识发送至所述可信任的WiFi热点。The sending unit is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  15. 根据权利要求14所述的终端,其中,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容;The terminal according to claim 14, wherein the authentication content in the first response message is the encrypted authentication content;
    相应地,所述确定单元,配置为通过私钥将第一响应消息中的鉴权内容进行解密,并将解密后的鉴权内容与终端自身保存的鉴权内容进行对照。Correspondingly, the determining unit is configured to decrypt the authentication content in the first response message by using a private key, and compare the decrypted authentication content with the authentication content saved by the terminal itself.
  16. 一种WiFi热点,其中,所述WiFi热点包括:接收单元、查找单元和发送单元,其中, A WiFi hotspot, where the WiFi hotspot includes: a receiving unit, a searching unit, and a sending unit, where
    所述接收单元,配置为接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;The receiving unit is configured to receive a request message sent by the terminal, where the request message includes an authentication content identifier;
    所述查找单元,配置为根据所述请求消息中的鉴权内容标识查找所述WiFi热点自身已保存的鉴权内容;The searching unit is configured to search, according to the authentication content identifier in the request message, the authentication content that has been saved by the WiFi hotspot itself;
    所述发送单元,配置为当所述查找单元查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。The sending unit is configured to: when the searching unit searches for the authentication content corresponding to the authentication content identifier, send a first response message to the terminal; where the first response message includes the authentication The content of the authentication corresponding to the content identifier.
  17. 根据权利要求16所述的WiFi热点,其中,所述发送单元,还配置为当所述查找单元无法查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第二响应消息;其中,所述第二响应消息用于表征所述WiFi热点中不存在所述鉴权内容标识对应的鉴权内容。The WiFi hotspot according to claim 16, wherein the sending unit is further configured to send a second response message to the terminal when the searching unit cannot find the authentication content corresponding to the authentication content identifier. The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  18. 根据权利要求16所述的WiFi热点,其中,所述接收单元,还配置为接收所述终端发送的加密后的鉴权内容以及鉴权内容标识;The WiFi hotspot according to claim 16, wherein the receiving unit is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
    相应地,所述第一响应消息中的鉴权内容为所述加密后的鉴权内容。Correspondingly, the authentication content in the first response message is the encrypted authentication content.
  19. 一种安全连接的系统,其中,所述系统包括终端和WiFi热点,其中,A securely connected system, wherein the system includes a terminal and a WiFi hotspot, wherein
    所述终端,配置为:The terminal is configured to:
    在与所述WiFi热点进行连接的过程中,向所述WiFi热点发送请求消息;其中,所述请求消息包括鉴权内容标识;Sending a request message to the WiFi hotspot in a process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
    以及,接收所述WiFi热点发送的响应消息;And receiving a response message sent by the WiFi hotspot;
    以及,当所述终端根据所述响应消息确定所述WiFi热点为可信任的WiFi热点时,完成与所述WiFi热点的连接。And, when the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, completing a connection with the WiFi hotspot.
    所述WiFi热点,配置为:The WiFi hotspot is configured as:
    接收终端发送的请求消息;其中,所述请求消息包括鉴权内容标识;Receiving a request message sent by the terminal, where the request message includes an authentication content identifier;
    以及,根据所述请求消息中的鉴权内容标识查找自身已保存的鉴权内 容;And searching for the saved authentication content according to the authentication content identifier in the request message. Capacity
    以及,当所述WiFi热点查找到所述鉴权内容标识对应的鉴权内容时,向所述终端发送第一响应消息;其中,所述第一响应消息包括所述鉴权内容标识对应的鉴权内容。And, when the WiFi hotspot finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal, where the first response message includes a reference corresponding to the authentication content identifier. Right content.
  20. 一种计算机存储介质,其中存储有计算机可执行指令,所述计算机可执行指令用于执行所述权利要求1至6、权利要求7至9任一项所述的方法。 A computer storage medium having stored therein computer executable instructions for performing the method of any one of claims 1 to 6 and 7 to 9.
PCT/CN2015/073292 2014-08-27 2015-02-26 Secure connection method, device and system, and computer storage medium WO2016029668A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410429602.9A CN105472606A (en) 2014-08-27 2014-08-27 Safety connection method, device and system
CN201410429602.9 2014-08-27

Publications (1)

Publication Number Publication Date
WO2016029668A1 true WO2016029668A1 (en) 2016-03-03

Family

ID=55398713

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073292 WO2016029668A1 (en) 2014-08-27 2015-02-26 Secure connection method, device and system, and computer storage medium

Country Status (2)

Country Link
CN (1) CN105472606A (en)
WO (1) WO2016029668A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021179015A1 (en) * 2020-03-05 2021-09-10 Cisco Technology, Inc. Identifying trusted service set identifiers for wireless networks t

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105657702A (en) * 2016-04-07 2016-06-08 中国联合网络通信集团有限公司 Authentication method, authentication system, authentication method of mobile terminal and mobile terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874271A (en) * 2005-06-03 2006-12-06 阿尔卡特公司 Protection for wireless devices against false access-point attacks
CN101990279A (en) * 2009-07-31 2011-03-23 中兴通讯股份有限公司 Network selecting method and terminal
CN102869014A (en) * 2012-09-18 2013-01-09 东莞宇龙通信科技有限公司 Terminal and data communication method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102595409B (en) * 2012-03-21 2015-03-25 华为技术有限公司 Method, equipment and system for acquiring encryption information based on wireless access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874271A (en) * 2005-06-03 2006-12-06 阿尔卡特公司 Protection for wireless devices against false access-point attacks
CN101990279A (en) * 2009-07-31 2011-03-23 中兴通讯股份有限公司 Network selecting method and terminal
CN102869014A (en) * 2012-09-18 2013-01-09 东莞宇龙通信科技有限公司 Terminal and data communication method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021179015A1 (en) * 2020-03-05 2021-09-10 Cisco Technology, Inc. Identifying trusted service set identifiers for wireless networks t
CN115244896A (en) * 2020-03-05 2022-10-25 思科技术公司 Identifying trusted service set identifiers for wireless networks
US11877154B2 (en) 2020-03-05 2024-01-16 Cisco Technology, Inc. Identifying trusted service set identifiers for wireless networks

Also Published As

Publication number Publication date
CN105472606A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
US9807610B2 (en) Method and apparatus for seamless out-of-band authentication
US10554420B2 (en) Wireless connections to a wireless access point
CN107592964B (en) System, apparatus and method for multi-owner transfer of ownership of a device
WO2018133686A1 (en) Method and device for password protection, and storage medium
US9386045B2 (en) Device communication based on device trustworthiness
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
US9509502B2 (en) Symmetric keying and chain of trust
US9137662B2 (en) Method and apparatus for access credential provisioning
JP5474969B2 (en) Mobile device association
WO2015180691A1 (en) Key agreement method and device for verification information
JP5431479B2 (en) Protocol for associating devices with stations
US9521125B2 (en) Pseudonymous remote attestation utilizing a chain-of-trust
JP2019508972A (en) System and method for password assisted computer login service assisted mobile pairing
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
KR20170060004A (en) Establishing trust between two devices
TW201540040A (en) Service Authorization using Auxiliary Device
WO2016026317A1 (en) Wifi password sharing method, terminal and computer storage medium
WO2021208906A1 (en) Data transmission, processing, and authorization
US10439809B2 (en) Method and apparatus for managing application identifier
WO2020186457A1 (en) Authentication method and apparatus for ip camera
WO2014177076A1 (en) Terminal, network locking and network unlocking method for same, and storage medium
CN110621016B (en) User identity protection method, user terminal and base station
CN111080857B (en) Vehicle digital key management and use method and device, mobile terminal and storage medium
WO2012075904A1 (en) Method, device and system for verifying binding data card and mobile host
US20220400015A1 (en) Method and device for performing access control by using authentication certificate based on authority information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15836198

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15836198

Country of ref document: EP

Kind code of ref document: A1