WO2016029668A1 - Procédé, dispositif, et système de connexion sécurisée, et support de stockage informatique - Google Patents

Procédé, dispositif, et système de connexion sécurisée, et support de stockage informatique Download PDF

Info

Publication number
WO2016029668A1
WO2016029668A1 PCT/CN2015/073292 CN2015073292W WO2016029668A1 WO 2016029668 A1 WO2016029668 A1 WO 2016029668A1 CN 2015073292 W CN2015073292 W CN 2015073292W WO 2016029668 A1 WO2016029668 A1 WO 2016029668A1
Authority
WO
WIPO (PCT)
Prior art keywords
wifi hotspot
authentication content
terminal
response message
authentication
Prior art date
Application number
PCT/CN2015/073292
Other languages
English (en)
Chinese (zh)
Inventor
余庆平
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016029668A1 publication Critical patent/WO2016029668A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity

Definitions

  • the present invention relates to wireless local area network technology, and in particular, to a method, device and system for secure connection, and a computer storage medium.
  • Wireless Fidelity (WiFi) connection is the most commonly used wireless network connection for terminals.
  • the specific connection process is: after the terminal searches for the WiFi hotspot, the terminal initiates a connection request to the WiFi hotspot, and the WiFi hotspot performs password verification on the terminal; after the terminal passes the password verification of the WiFi hotspot, the WiFi hotspot completes the connection with the terminal.
  • FIG. 1 an application scenario in which a terminal is connected to a WiFi hotspot in the prior art is shown.
  • both the hotspot A and the hotspot B are WiFi hotspots, and the terminal and the terminal are connected through a wireless channel. Connection and interaction, as shown by the lightning-like connecting line in FIG. 1; the coverage of the hot spot A and the hot spot B is as shown by the elliptical solid line in FIG.
  • the terminal When the terminal is connected to a WiFi hotspot A for the first time, the terminal automatically records the Service Set Identifier (SSID), the encryption method, and the password of the hotspot A, so that the terminal searches for the hotspot A again according to the SSID of the hotspot A.
  • the connection request is initiated to the hotspot A by the SSID, encryption method, and password of the hotspot that has been automatically recorded, and the connection with the hotspot A is automatically completed.
  • the terminal searches for the simulated hotspot having the same SSID as the hotspot A. B. At this time, the terminal will automatically complete the connection according to the SSID, encryption mode and password of the hotspot A and the simulated hotspot B. Therefore, the terminal cannot connect with the desired WiFi hotspot, thereby reducing the connection between the terminal and the WiFi hotspot. Security.
  • the embodiment of the present invention is to provide a method, device, and system for secure connection, which can improve the security of establishing a connection between a terminal and a WiFi hotspot.
  • an embodiment of the present invention provides a method for securely connecting, and the method may include:
  • the terminal determines, according to the response message, that the WiFi hotspot is a trusted WiFi hotspot, the terminal completes connection with the WiFi hotspot.
  • the method further includes: when the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, the terminal terminates the connection with the WiFi hotspot.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
  • the terminal determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message, the terminal completes the connection with the WiFi hotspot, including:
  • the terminal compares the authentication content in the first response message with the authentication content saved by itself;
  • the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
  • the terminal determines, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, including:
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the method before the terminal sends a request message to the WiFi hotspot, the method further includes:
  • the terminal generates a pair of public and private keys, and saves the private key
  • the original authentication content is encrypted by the public key, and the encrypted authentication content and the authentication content identifier are obtained;
  • the terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the terminal compares the authentication content in the first response message with the authentication content saved by itself, including:
  • the terminal decrypts the authentication content in the first response message by using the private key, and compares the decrypted authentication content with the authentication content saved by the terminal itself.
  • an embodiment of the present invention provides another method for secure connection, where the method includes:
  • the WiFi hotspot receives a request message sent by the terminal, where the request message includes an authentication content identifier
  • the WiFi hotspot searches for the saved content according to the authentication content identifier in the request message.
  • Authentication content
  • the WiFi hotspot finds the authentication content corresponding to the authentication content identifier
  • the first response message is sent to the terminal, where the first response message includes the authentication content corresponding to the authentication content identifier.
  • the method further includes:
  • the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal, where the second response message is used to represent that the WiFi hotspot does not exist.
  • the authentication content corresponding to the authentication content identifier is described.
  • the method before the WiFi hotspot receives the request message sent by the terminal, the method further includes:
  • the authentication content in the first response message is the encrypted authentication content.
  • an embodiment of the present invention provides a terminal, where the terminal includes: a sending unit, a receiving unit, a determining unit, and a connection control unit, where
  • the sending unit is configured to send a request message to the WiFi hotspot in the process of connecting to the WiFi hotspot; wherein the request message includes an authentication content identifier;
  • the receiving unit is configured to receive a response message sent by the WiFi hotspot
  • the determining unit is configured to determine, according to the response message received by the receiving unit, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit;
  • the connection control unit is configured to complete a connection with the WiFi hotspot when the determining unit determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
  • the determining unit is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit;
  • connection control unit is further configured to determine, when the determining unit is determined according to the response message When the WiFi hotspot is a non-trusted WiFi hotspot, the connection with the WiFi hotspot is terminated.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier; and the second response message represents a The authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot;
  • the determining unit is configured to:
  • the receiving unit When the receiving unit receives the first response message, compare the authentication content in the first response message with the authentication content saved by the terminal itself;
  • the WiFi hotspot is a trusted WiFi hotspot.
  • the determining unit is configured to:
  • the receiving unit receives the second response message, determining that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the terminal further includes a generating unit and an encrypting unit;
  • the generating unit is configured to generate a pair of public and private keys, and save the private key
  • the receiving unit is further configured to receive the original authentication content
  • the encryption unit is configured to encrypt the original authentication content by using the public key after the terminal is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier;
  • the sending unit is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the determining unit is configured to decrypt the authentication content in the first response message by using a private key, and compare the decrypted authentication content with the authentication content saved by the terminal itself.
  • the embodiment of the present invention provides a WiFi hotspot, where the WiFi hotspot includes: a receiving unit, a searching unit, and a sending unit, where
  • the receiving unit is configured to receive a request message sent by the terminal, where the request message includes an authentication content identifier
  • the searching unit is configured to search, according to the authentication content identifier in the request message, the authentication content that has been saved by the WiFi hotspot itself;
  • the sending unit is configured to: when the searching unit searches for the authentication content corresponding to the authentication content identifier, send a first response message to the terminal; where the first response message includes the authentication The content of the authentication corresponding to the content identifier.
  • the sending unit is further configured to: when the searching unit cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  • the receiving unit is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
  • the authentication content in the first response message is the encrypted authentication content.
  • an embodiment of the present invention provides a secure connection system, where the system includes a terminal and a WiFi hotspot, where
  • the terminal is configured to:
  • the WiFi hotspot is configured as:
  • an embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, and the computer executable instructions are used to execute the foregoing method.
  • the embodiment of the invention provides a method, a device and a system for securely connecting, and a computer storage medium.
  • the terminal can improve the terminal by performing a security verification on the WiFi hotspot during the connection process with the target WiFi hotspot to be connected.
  • the security of establishing a connection with a WiFi hotspot is a method, a device and a system for securely connecting, and a computer storage medium.
  • FIG. 1 is a schematic diagram of an application scenario in which a terminal is connected to a WiFi hotspot in the prior art
  • FIG. 2 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process of setting and establishing authentication content between a terminal and a WiFi hotspot according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of another method for secure connection according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a process of setting and establishing authentication content between another terminal and a WiFi hotspot according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of a method for secure connection according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of determining a security of a WiFi hotspot by a terminal according to an embodiment of the present disclosure
  • FIG. 8 is a diagram of another terminal for determining the security of a WiFi hotspot according to an embodiment of the present invention. Schematic diagram of the process
  • FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of another terminal according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of a WiFi hotspot according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic structural diagram of a system for secure connection according to an embodiment of the present invention.
  • the basic idea of the embodiment of the present invention is to verify the target WiFi hotspot when the terminal is connected to the WiFi hotspot, so that the terminal can be connected with the WiFi hotspot that is desired to be connected, thereby improving the connection between the terminal and the WiFi hotspot. Security.
  • the embodiment of the present invention is still described by using the application scenario shown in FIG. 1 as an example. It is noted that the scenario is only used to detail the technical solution of the embodiment of the present invention. It is to be understood that the technical solution of the embodiments of the present invention can be applied to other scenarios without any labor in a person skilled in the art.
  • the method can be applied to a terminal having a WiFi connection function.
  • the enumeration may be an intelligent connection with a WiFi connection function.
  • the method can include:
  • S201 The terminal sends a request message to the WiFi hotspot during the process of connecting with the WiFi hotspot;
  • the request message includes an authentication content identifier, so that the WiFi hotspot sends the authentication content that has been saved by the WiFi hotspot to the terminal according to the authentication content identifier;
  • the authentication content may be any one of information for characterizing that the terminal has established a WiFi connection with the WiFi hotspot.
  • the authentication content may preferably be a security password saved by the terminal and the WiFi hotspot in the previous connection process.
  • the WiFi hotspot After the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two different situations, the WiFi hotspot will feedback the response message to the terminal:
  • S202 The terminal receives a response message sent by the WiFi hotspot.
  • the response message includes a first response message or a second response message, according to the two different situations in which the WiFi hotspot searches for the authentication content that has been saved by the user according to the authentication content identifier.
  • the first response message includes the authentication content corresponding to the authentication content identifier, and indicates that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier.
  • the second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot, and the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier.
  • the first response message includes a pair of authentication content identifiers saved by the WiFi hotspot.
  • the authentication content therefore, when the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by itself, when the authentication in the first response message When the content is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot is a trusted WiFi hotspot.
  • the terminal determines that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the second response message indicates that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot. Therefore, when the terminal receives the second response message, the terminal determines that the WiFi hotspot is not available. Trusted WiFi hotspots.
  • the terminal confirms that the WiFi hotspot is a trusted WiFi hotspot, completing the connection with the WiFi hotspot; correspondingly, after the terminal confirms that the WiFi hotspot is a non-trusted WiFi hotspot, terminating the connection with the WiFi hotspot .
  • the process of setting and establishing the authentication content of the terminal and the WiFi hotspot is also required.
  • the process may specifically include:
  • S200a The terminal generates a pair of public and private keys, and saves the private key.
  • the terminal sends the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot;
  • the terminal may encapsulate the encrypted authentication content and the authentication content identifier after the authentication grant message, and send the authentication grant message to the trusted WiFi hotspot.
  • the authentication content in the first response message may be the encrypted authentication content, and correspondingly, the terminal according to the authentication in the first response message
  • the content is compared with the content of the authentication stored by the terminal, and specifically includes: the terminal decrypts the authentication content in the first response message by using the private key, and the decrypted authentication content and the authentication content saved by the terminal itself Control.
  • the embodiment of the present invention provides a method for securely connecting, and the terminal can secure the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
  • the method is applied to a WiFi hotspot, and the method may include:
  • the WiFi hotspot receives a request message sent by the terminal.
  • the request message includes an authentication content identification.
  • the WiFi hotspot searches for the authentication content that has been saved according to the authentication content identifier in the request message.
  • the WiFi hotspot after the WiFi hotspot receives the request message, it searches for the authentication content that has been saved according to the authentication content identifier in the request message, so that the following two situations may occur: the WiFi hotspot cannot find the authentication content. Identifying the corresponding authentication content and the WiFi hotspot to find the authentication content corresponding to the authentication content identifier. According to these two situations, the WiFi hotspot will feed back different response messages to the terminal:
  • S403 Send a first response message to the terminal when the WiFi hotspot finds the authentication content corresponding to the authentication content identifier.
  • the first response message includes the authentication content corresponding to the authentication content identifier, indicating that the WiFi hotspot stores the authentication content corresponding to the authentication content identifier;
  • the WiFi hotspot when the WiFi hotspot cannot find the authentication content corresponding to the authentication content identifier, the WiFi hotspot does not save the authentication content corresponding to the authentication content identifier, and the method may further include:
  • the terminal sends a second response message, where the second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot.
  • the WiFi hotspot identifies two results obtained by searching for the authentication content that has been saved according to the authentication content in the request message, the first response message or the second response message is sent to the terminal, so that the terminal is configured according to the A response message or a second response message is used to determine whether the WiFi hotspot is a trusted WiFi hotspot.
  • the specific determining process is described in the foregoing embodiment, and details are not described herein again.
  • the process may specifically include:
  • S400a the encrypted authentication content sent by the WiFi hotspot receiving terminal and the authentication content identifier
  • the encrypted authentication content and the authentication content identifier may be sent by the terminal after the authentication grant message to the WiFi hotspot.
  • the authentication content in the first response message may be the encrypted authentication content.
  • the embodiment of the present invention provides another method for securely connecting.
  • the terminal can improve the connection between the terminal and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. safety.
  • FIG. 6 a detailed flow of a method for secure connection according to an embodiment of the present invention is shown.
  • the SSID of the WiFi hotspot A that has been connected to the terminal is AA, and the password is 12345678.
  • the WiFi hotspot B is the AID of the WiFi hotspot A, and the SSID of the WiFi hotspot B is also AA, and the password is 12345678.
  • the detailed process of the method can include:
  • S601 The terminal generates a pair of public and private keys, and saves the private key.
  • S602 The terminal receives the original authentication content.
  • the original authentication content may be a security password input by the user.
  • the WiFi hotspot A can be considered as a trusted WiFi hotspot that the terminal can trust.
  • the terminal sends the encrypted authentication content and the authentication content identifier to the WiFi hotspot A;
  • the terminal may encapsulate the encrypted security password and its identifier after the authentication grant message, and send the authentication grant message to the WiFi hotspot A.
  • S601 to S604 complete the authentication content setting process of the terminal and the WiFi hotspot A.
  • the terminal searches for the surrounding WiFi hotspot in the ellipse area shown in FIG. 1, it will find the WiFi hotspot with the SSID AA connected to itself. Therefore, the terminal can connect to the WiFi hotspot with the SSID of AA according to the password 12345678 used when connecting with the WiFi hotspot A. At this time, the terminal considers that the target WiFi hotspot connected to itself is the WiFi hotspot A.
  • the terminal may be connected to the WiFi hotspot A, or may be connected to the WiFi hotspot B.
  • the specific connection object is mainly related to the ordering of the WiFi hotspot A and the WiFi hotspot B in the connection list of the terminal.
  • the target WiFi hotspot connected to the terminal is the WiFi hotspot A. Therefore, the terminal needs to initiate authentication authentication to the WiFi hotspot whose SSID is AA.
  • the specific authentication content may be as described in step S604.
  • a security password, and in this embodiment, the authentication process may include:
  • S605 The terminal sends a request message to the WiFi hotspot in a process of connecting to a WiFi hotspot with an SSID of AA.
  • the request message includes an authentication content identifier.
  • the authentication content identifier may be an identifier corresponding to the encrypted security password.
  • S606 The WiFi hotspot with the SSID of AA is identified according to the authentication content in the request message. Find your own saved authentication content;
  • the WiFi hotspot A can find the encrypted security password saved by itself according to the identifier corresponding to the encrypted security password;
  • the WiFi hotspot B When the WiFi hotspot with the SSID of AA is the WiFi hotspot B, since the WiFi hotspot B only simulates the SSID, encryption mode and password of the WiFi hotspot A, the WiFi hotspot B cannot find the encrypted according to the identifier corresponding to the encrypted security password. Security password.
  • the WiFi hotspot with the SSID of AA will also feed back different response messages to the terminal:
  • the first response message includes the encrypted security password, indicating that the WiFi hotspot stores the encrypted security password.
  • the second response message is used to indicate that the encrypted security password does not exist in the WiFi hotspot.
  • the terminal will correspondingly determine the security of the WiFi hotspot:
  • the detailed process of the method further includes:
  • S608a When the terminal receives the first response message, the terminal compares the authentication content in the first response message with the authentication content saved by the terminal;
  • the terminal encrypts the encrypted key through the private key saved by the terminal itself.
  • the full password is decrypted, and the decrypted security password is compared with the security password saved by the terminal itself.
  • S609a When the authentication content in the first response message is consistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a trusted WiFi hotspot, and completes the WiFi hotspot with the SSID AA. connection;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is a trusted WiFi hotspot, that is, the WiFi hotspot A.
  • S610a When the authentication content in the first response message is inconsistent with the authentication content saved by the terminal itself, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the WiFi hotspot with the SSID AA. Connection;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is a non-trusted WiFi hotspot, that is, the WiFi hotspot B.
  • the detailed process of the method further includes:
  • S608b When the terminal receives the second response message, the terminal determines that the WiFi hotspot with the SSID AA is a non-trusted WiFi hotspot, and terminates the connection with the WiFi hotspot with the SSID AA;
  • the terminal may determine that the WiFi hotspot with the SSID of AA is not the WiFi hotspot A.
  • the terminal determines whether the target WiFi hotspot is trusted by verifying the target WiFi hotspot, so that the terminal can connect with the desired WiFi hotspot, thereby improving The security of establishing a connection between the terminal and the WiFi hotspot.
  • the terminal 90 may include: a sending unit 901, a receiving unit 902, a determining unit 903, and a connection control unit 904, where
  • the sending unit 901 is configured to send, by the terminal 90, a request message to the WiFi hotspot in a process of connecting with a WiFi hotspot; wherein the request message includes an authentication content identifier;
  • the receiving unit 902 is configured to receive a response message sent by the WiFi hotspot
  • the determining unit 903 is configured to determine, according to the response message received by the receiving unit 902, that the WiFi hotspot is a trusted WiFi hotspot, and trigger the connection control unit 904;
  • the connection control unit 904 is configured to complete the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a trusted WiFi hotspot according to the response message.
  • the determining unit 903 is further configured to determine, according to the response message, that the WiFi hotspot is a non-trusted WiFi hotspot, and trigger the connection control unit 904;
  • connection control unit 904 is further configured to terminate the connection with the WiFi hotspot when the determining unit 903 determines that the WiFi hotspot is a non-trusted WiFi hotspot according to the response message.
  • the response message includes a first response message or a second response message, where the first response message includes an authentication content corresponding to the authentication content identifier, and the second response message represents the WiFi hotspot There is no authentication content corresponding to the authentication content identifier;
  • the determining unit 903 is configured to:
  • the receiving unit 902 When the receiving unit 902 receives the first response message, the authentication content in the first response message is compared with the authentication content saved by the terminal 90 itself;
  • the determining unit 903 is configured to:
  • the receiving unit 902 When the receiving unit 902 receives the second response message, it is determined that the WiFi hotspot is a non-trusted WiFi hotspot.
  • the terminal 90 further includes a generating unit 905 and an encrypting unit 906;
  • the generating unit 905 is configured to generate a pair of public keys and private keys, and save the private keys;
  • the receiving unit 902 is further configured to receive the original authentication content
  • the encryption unit 906 is configured to encrypt the original authentication content by using the public key after the terminal 90 is connected to the trusted WiFi hotspot, and obtain the encrypted authentication content and the authentication content identifier.
  • the sending unit 901 is further configured to send the encrypted authentication content and the authentication content identifier to the trusted WiFi hotspot.
  • the authentication content in the first response message is the encrypted authentication content
  • the determining unit 903 is configured to decrypt the authentication content in the first response message by using the private key, and compare the decrypted authentication content with the authentication content saved by the terminal 90 itself.
  • the embodiment of the present invention provides a terminal 90.
  • the terminal 90 can secure the connection between the terminal 90 and the WiFi hotspot by performing security verification on the WiFi hotspot during the connection with the target WiFi hotspot to be connected. Sex.
  • a WiFi hotspot 110 which may include: a receiving unit 1101, a searching unit 1102, and a sending unit 1103, where
  • the receiving unit 1101 is configured to receive a request message sent by the terminal, where the request is The request message includes an authentication content identifier;
  • the searching unit 1102 is configured to search for the authentication content that the WiFi hotspot 110 itself has saved according to the authentication content identifier in the request message received by the receiving unit 1101;
  • the sending unit 1103 is configured to send a first response message to the terminal when the searching unit 1102 finds the authentication content corresponding to the authentication content identifier, where the first response message includes the The authentication content corresponding to the authentication content is identified.
  • the sending unit 1103 is further configured to: when the searching unit 1102 cannot find the authentication content corresponding to the authentication content identifier, send a second response message to the terminal; The second response message is used to identify that the authentication content corresponding to the authentication content identifier does not exist in the WiFi hotspot 110.
  • the receiving unit 1101 is further configured to receive the encrypted authentication content and the authentication content identifier sent by the terminal;
  • the authentication content in the first response message is the encrypted authentication content.
  • the WiFi hotspot 110 provided by the embodiment of the present invention can improve the security of establishing a connection between the terminal and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. .
  • the system 120 may include a terminal 90 and a WiFi hotspot 110, where
  • the terminal 90 is configured to:
  • the terminal 90 determines that the WiFi hotspot 110 is a trusted WiFi hotspot 110 according to the response message, completing the connection with the WiFi hotspot 110.
  • the WiFi hotspot 110 is configured to:
  • the WiFi hotspot 110 finds the authentication content corresponding to the authentication content identifier, sending a first response message to the terminal 90, where the first response message includes the identifier corresponding to the authentication content identifier The content of the authentication.
  • the terminal 90 can improve the connection between the terminal 90 and the WiFi hotspot 110 by performing security verification on the WiFi hotspot 110 during the connection with the WiFi hotspot 110. safety.
  • the embodiment of the present invention further provides a computer storage medium, wherein computer executable instructions are stored, the computer executable instructions being used to execute the method described in any one of the foregoing method embodiments.
  • Each of the above units may be implemented by a central processing unit (CPU), a digital signal processor (DSP), or a field-programmable gate array (FPGA) in an electronic device.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA field-programmable gate array
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un mode de réalisation de la présente invention concerne un procédé, un dispositif et un système de connexion sécurisée, et un support de stockage informatique. Le procédé comprend les étapes suivantes : un terminal tentant de se connecter à une borne Wi-Fi transmet un message de demande à la borne Wi-Fi ; le terminal reçoit un message de réponse transmis par la borne Wi-Fi ; et lorsque le terminal détermine que la borne Wi-Fi est digne de confiance, d'après le message de réponse, le terminal établit la connexion avec la borne Wi-Fi.
PCT/CN2015/073292 2014-08-27 2015-02-26 Procédé, dispositif, et système de connexion sécurisée, et support de stockage informatique WO2016029668A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410429602.9A CN105472606A (zh) 2014-08-27 2014-08-27 一种安全连接的方法、设备和系统
CN201410429602.9 2014-08-27

Publications (1)

Publication Number Publication Date
WO2016029668A1 true WO2016029668A1 (fr) 2016-03-03

Family

ID=55398713

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073292 WO2016029668A1 (fr) 2014-08-27 2015-02-26 Procédé, dispositif, et système de connexion sécurisée, et support de stockage informatique

Country Status (2)

Country Link
CN (1) CN105472606A (fr)
WO (1) WO2016029668A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021179015A1 (fr) * 2020-03-05 2021-09-10 Cisco Technology, Inc. Identification d'identifiants d'ensemble de services de confiance pour des réseaux sans fil t

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105657702A (zh) * 2016-04-07 2016-06-08 中国联合网络通信集团有限公司 认证方法、认证系统、移动终端的认证方法和移动终端

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874271A (zh) * 2005-06-03 2006-12-06 阿尔卡特公司 保护无线设备免受虚假接入点攻击
CN101990279A (zh) * 2009-07-31 2011-03-23 中兴通讯股份有限公司 一种网络选择方法及终端
CN102869014A (zh) * 2012-09-18 2013-01-09 东莞宇龙通信科技有限公司 终端和数据通信方法

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102595409B (zh) * 2012-03-21 2015-03-25 华为技术有限公司 一种基于无线接入的加密信息获取方法、设备及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874271A (zh) * 2005-06-03 2006-12-06 阿尔卡特公司 保护无线设备免受虚假接入点攻击
CN101990279A (zh) * 2009-07-31 2011-03-23 中兴通讯股份有限公司 一种网络选择方法及终端
CN102869014A (zh) * 2012-09-18 2013-01-09 东莞宇龙通信科技有限公司 终端和数据通信方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021179015A1 (fr) * 2020-03-05 2021-09-10 Cisco Technology, Inc. Identification d'identifiants d'ensemble de services de confiance pour des réseaux sans fil t
CN115244896A (zh) * 2020-03-05 2022-10-25 思科技术公司 识别无线网络的可信服务集标识符
US11877154B2 (en) 2020-03-05 2024-01-16 Cisco Technology, Inc. Identifying trusted service set identifiers for wireless networks

Also Published As

Publication number Publication date
CN105472606A (zh) 2016-04-06

Similar Documents

Publication Publication Date Title
US9807610B2 (en) Method and apparatus for seamless out-of-band authentication
US10554420B2 (en) Wireless connections to a wireless access point
CN107592964B (zh) 用于设备的所有权的多所有者转移的系统、装置和方法
WO2018133686A1 (fr) Procédé et dispositif de protection de mot de passe, et support de stockage
US9386045B2 (en) Device communication based on device trustworthiness
WO2018050081A1 (fr) Procédé et appareil d'authentification d'identité de dispositif, et support de stockage
US9509502B2 (en) Symmetric keying and chain of trust
US9137662B2 (en) Method and apparatus for access credential provisioning
JP5474969B2 (ja) 携帯機器の関連付け
WO2015180691A1 (fr) Procédé et dispositif d'accord sur des clés pour informations de validation
JP5431479B2 (ja) 機器とステーションの関連付けのためのプロトコル
US9521125B2 (en) Pseudonymous remote attestation utilizing a chain-of-trust
JP2019508972A (ja) パスワードなしのコンピュータログインのサービス支援モバイルペアリングのためのシステム及び方法
WO2015192670A1 (fr) Procédé d'authentification d'identité d'utilisateur, terminal et terminal de service
KR20170060004A (ko) 두 장치 간의 신뢰 확립 기법
TW201540040A (zh) 授權方法、請求授權的方法及裝置
WO2016026317A1 (fr) Procédé de partage de mot de passe wifi, terminal et support d'enregistrement informatique
WO2021208906A1 (fr) Transmission, traitement et autorisation de données
WO2020186457A1 (fr) Procédé et appareil d'authentification pour caméra ip
US10439809B2 (en) Method and apparatus for managing application identifier
WO2014177076A1 (fr) Terminal, procédé de verrouillage de réseau et de déverrouillage de réseau associé, et support de stockage
CN110621016B (zh) 一种用户身份保护方法、用户终端和基站
CN111080857B (zh) 车辆数字钥匙管理使用方法、装置、移动终端及存储介质
WO2012075904A1 (fr) Procédé, dispositif et système de vérification de carte de données de liaison et hôte mobile
US20220400015A1 (en) Method and device for performing access control by using authentication certificate based on authority information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15836198

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15836198

Country of ref document: EP

Kind code of ref document: A1