WO2017128546A1 - Method and apparatus for securely accessing wifi network - Google Patents

Method and apparatus for securely accessing wifi network Download PDF

Info

Publication number
WO2017128546A1
WO2017128546A1 PCT/CN2016/080837 CN2016080837W WO2017128546A1 WO 2017128546 A1 WO2017128546 A1 WO 2017128546A1 CN 2016080837 W CN2016080837 W CN 2016080837W WO 2017128546 A1 WO2017128546 A1 WO 2017128546A1
Authority
WO
WIPO (PCT)
Prior art keywords
list
trusted
network
aps
ess
Prior art date
Application number
PCT/CN2016/080837
Other languages
French (fr)
Chinese (zh)
Inventor
张子敬
路雄博
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017128546A1 publication Critical patent/WO2017128546A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of network security, and in particular, to a WiFi network security access method and apparatus.
  • the WiFi coverage is usually extended by an ESS (Extended Service Set) network.
  • the ESS network works in conjunction with several BSS (Basic Service Sets) to build a network with a larger coverage.
  • BSS Basic Service Sets
  • each BSS uses the same SSID (Service Set Identifier), and has a different BSSID (Basic Service Set Identifier).
  • the SSID is displayed on each STA (Station) terminal. In the scan list.
  • the entire ESS network is like a BSS. Only one AP (Acess Point) hotspot in the ESS network can be seen in the scan list. This hotspot is generally the hotspot of the current location signal in the ESS network.
  • AP Aucess Point
  • This hotspot is generally the hotspot of the current location signal in the ESS network.
  • an ESS network is deployed in a building, and its network name SSID is xinxigang. Since the building area is relatively large, it is difficult for an AP to cover a comprehensive area, so it sets up multiple AP hotspots.
  • the SSIDs of these AP hotspots are all set to xinxigang, but the BSSIDs (usually Mac addresses) of each AP are different, and each AP can also work on different channels.
  • the STA terminal can only see one AP hotspot of xinxigang in its scan list.
  • the attacker may set a rogue access point AP with an SSID of xinxigang.
  • the STA terminal is tricked into associating the rogue access point AP by increasing the transmit power.
  • the attacker can conduct a man-in-the-middle attack (MITM) on the STA terminal to steal the user's data and pose a threat to the user's personal and property. Therefore, the existence of WiFi rogue access points brings great security risks to WiFi security.
  • MITM man-in-the-middle attack
  • the invention provides a WiFi network security access method and device, which is used to solve the problem that the STA terminal is vulnerable to rogue access point attacks when the STA terminal is connected to the WiFi network in the prior art.
  • a WiFi network security access method including:
  • the manner of obtaining the list of trusted APs includes a data network, an identifiable tag, or manually adding any one or more.
  • the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
  • RFID radio frequency identification
  • obtaining the list of trusted APs by using the data network includes:
  • the list of trusted APs includes a service set identifier SSID in the ESS network and a unique identifier of the trusted AP.
  • the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
  • a WiFi network security access device including:
  • a first obtaining module configured to obtain a list of trusted wireless access point APs of the extended service set ESS network
  • a second acquiring module configured to acquire information about an AP to be connected
  • a determining module configured to determine whether the AP to be connected is in the list of trusted APs
  • a sending module configured to: when determining that the AP to be connected is in the list of trusted APs, send a connection request to the AP to be connected.
  • the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
  • RFID radio frequency identification
  • the first obtaining module acquires the list of trusted APs by using the data network, including:
  • An obtaining unit configured to acquire current location information
  • a sending unit configured to send, by using the data network, location information acquired by the acquiring unit to a server that manages the ESS network;
  • a first receiving unit configured to receive a trusted AP list that is sent by the server according to the location information sent by the sending unit
  • Or comprising a second receiving unit, configured to receive, by the server managing the ESS network, the list of trusted APs pushed by the data network.
  • the trusted AP list obtained by the first obtaining module includes a service set identifier SSID of the ESS network and a unique identifier of the trusted AP.
  • the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
  • the ESS network manager issues the ESS network trusted AP list; when the STA terminal wants to associate with an AP of the ESS network, the AP in the trusted AP list is adopted. Information, check whether the AP to be associated is a trusted AP; when the verification is passed, the association is allowed, otherwise it will not be associated.
  • the invention improves the security of the WiFi network access and increases the user experience by checking whether the AP to be associated with the terminal is a trusted AP in the ESS network, which can effectively prevent the attack of the WiFi rogue access point.
  • FIG. 1 is a flowchart of a method for securely accessing a WiFi network according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a list of trusted APs used in an embodiment of the present invention.
  • Step 101 Obtain a list of trusted wireless access point APs of the ESS network.
  • Step 102 Obtain information about an AP to be connected.
  • Step 103 Determine whether an AP to be connected is in the list of trusted APs.
  • Step 104 If yes, send a connection request to the AP to be connected.
  • the list of trusted APs of the ESS network mentioned in this embodiment and in the following embodiments specifically includes the SSID of the ESS network and the unique identification code of the AP.
  • the unique identification code the MAC (Medium/Media Access Control) address of the AP is preferably used in the embodiment of the present invention, as shown in FIG. 2 .
  • the unique identification code can also be configured by the server managing the ESS network, and each AP is uniquely specified.
  • step 101 there are many methods for obtaining an ESS network trusted AP list, which are issued by the ESS network through a trusted path, and the STA terminal obtains through a communication method with a certain security level.
  • the method for obtaining the list of trusted APs in the embodiment of the present invention includes: a data network, an identifiable tag, and a manual addition of any one or more.
  • the process of obtaining a list of trusted APs will be described later in conjunction with a specific embodiment. I won’t introduce too much here.
  • the AP may actively send information to the STA terminal, where the information carries information about the AP, such as a MAC address and a letter.
  • the strength of the number, etc.; can also be requested by the STA terminal to the AP.
  • the specific implementation process it has been well known to those skilled in the art, and specifically, it is introduced in the IEEE 802.11 protocol cluster of the wireless local area network standard. Repeat them.
  • steps 103-104 after the STA terminal acquires the AP information to be connected, it traverses each trusted AP information according to the SSID, and compares the traversed AP information with the AP information to be connected; when the comparison result is consistent When the connection request is sent to the AP, when the comparison result is inconsistent, the AP is not allowed to be associated, and the user is prompted to have a certain risk.
  • This embodiment is based on the embodiment 1, and obtains a list of trusted APs of the ESS network, which is implemented by using a data network, and specifically includes two modes: an active mode and a passive mode.
  • the list of trusted APs After receiving the list of trusted APs that the server feeds back according to the location information, the list of trusted APs is configured locally.
  • the list of trusted APs is obtained in this embodiment, it is implemented based on the location of the user. Specifically, the STA terminal user needs to first pay attention to the administrator information (such as the public account of WeChat, etc.) that deploys the ESS network.
  • the information exchange with the server side of the management ESS network is realized by the administrator of the ESS network.
  • the location area of the ESS network is pre-stored in the ESS web server.
  • the server of the ESS network can obtain a list of trusted APs of the ESS network according to the location of the STA terminal.
  • the STA terminal user just enters a local McDonald's, the STA terminal obtains the current location information through a GPS (Global Positioning System), and sends the location information to the McDonald's public account; the McDonald's public account determines whether the location is based on the location information.
  • the trusted AP list corresponding to the ESS network of the area is sent to the STA terminal through the data network.
  • the STA terminal can automatically detect and connect to a trusted AP. Specifically, the STA terminal automatically detects whether the ESS network exists in the current environment; when present, acquires current location information, and sends the location information to the administrators of all ESS networks concerned; all servers of the ESS network determine according to the location information. Whether to obtain a list of trusted APs when determining to be within the deployment area within the deployment area to which it belongs. If there are multiple available ESS networks in the current area, the user can select them at their own discretion. The network can also automatically select the network according to the ESS network trust ranking preset by the user. There may be multiple selection procedures for a plurality of available ESS networks, and the present invention is not specifically limited.
  • the STA terminal information entering the coverage area is detected by the ESS network; after detecting that the STA terminal enters the ESS network, the list of trusted APs is pushed to the STA terminal through the data network.
  • the time for the ESS network to push the list of trusted APs needs to be allowed by the user of the STA terminal to allow the push. For example, when the user opens the WIFI and needs to access the ESS network, the ESS network starts to push to the STA terminal; or, when the WIFI is in the open state, when the ESS network detects that the STA terminal performs the area covered by the network, it queries the STA terminal. Whether a connection is required, and a list of trusted APs is pushed to the STA terminal when needed. The STA terminal receives the list of trusted APs pushed by the ESS network, and configures the list of trusted APs locally.
  • the embodiment is based on the first embodiment.
  • the identifiable tags are actively acquired by the terminal.
  • the identifiable tags include NFC (Near Field Communication) tags, two-dimensional codes, and RFID (Radio Frequency Identification) tags, which can be used to identify and carry information.
  • the trusted AP list of the ESS network may be configured into an NFC tag/two-dimensional code, or a link of the trusted AP list information that can be obtained to the ESS network may be written to the NFC tag.
  • the QR code the STA terminal has only the read permission.
  • the NFC tag/QR code can be directly obtained through the NFC function of the STA terminal to obtain the above information and configured into the STA terminal.
  • the STA terminal can read the information of the RFID tag through the RFID reader.
  • the RFID reader can be integrated into the STA terminal or provided by the ESS network side.
  • the specific manner for the STA terminal to obtain the list of trusted APs is not limited to the foregoing embodiment, and the user also adds the trusted APs advertised by the ESS network by manual operations. Therefore, the method for the STA terminal to obtain the list of trusted APs by other means is within the protection scope of the present invention.
  • the embodiment of the present invention further provides a WiFi network security access device, which is used to implement Embodiments 1 to 3.
  • the WiFi network security access device includes:
  • the first obtaining module 201 is configured to obtain a list of trusted wireless access points AP of the extended service set ESS network;
  • the second obtaining module 202 is configured to obtain information about the AP to be connected;
  • the determining module 203 is configured to determine whether the AP to be connected is in the list of trusted APs;
  • the manner in which the first obtaining module 201 obtains the list of trusted APs includes any one or more of a data network, an identifiable tag, or a manual addition.
  • the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
  • RFID radio frequency identification
  • the first obtaining module 201 obtains the list of trusted APs through the data network, including:
  • An obtaining unit configured to acquire current location information
  • a sending unit configured to send, by using a data network, location information acquired by the acquiring unit to a server that manages the ESS network;
  • a first receiving unit configured to receive, by the server, a list of trusted APs that are fed back according to the location information sent by the sending unit;
  • a second receiving unit configured to receive a list of trusted APs that the server managing the ESS network pushes through the data network.
  • the list of trusted APs acquired by the first obtaining module 201 includes a service set identifier SSID of the ESS network and a unique identifier of the trusted AP.
  • the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
  • the WiFi network security access method and device provided by the embodiment of the present invention, the ESS network manager issues the list of trusted APs of the ESS network; when the STA terminal wants to associate with an AP of the ESS network, The AP information in the AP list can be trusted to check whether the AP to be associated is a trusted AP. When the verification is passed, the association is allowed, otherwise the association is not performed.
  • the invention can effectively prevent the attack of the WiFi rogue access point, improve the security of the WiFi network access, and increase the user experience.
  • the program can be implemented by a computer program to instruct the associated hardware, and the program can be stored in a computer readable storage medium, which, when executed, can include the flow of an embodiment of the methods described above.

Abstract

Disclosed are a method and apparatus for securely accessing a WiFi network. The method comprises: acquiring a trusted wireless access point (AP) list of an extended service set (ESS) network; acquiring information about an AP to be connected; determining whether the AP to be connected is in the trusted AP list; and if so, sending a connection request to the AP to be connected. According to the present invention, by checking whether an AP to be associated with a terminal is a trusted AP in an ESS network, an attack from a WiFi rogue access point can be effectively prevented, thereby improving the security of WiFi network access, and adding to the user experience.

Description

一种WiFi网络安全接入方法及装置WiFi network security access method and device
本申请要求于2016年1月29日提交中国专利局,申请号为201610066994.6、发明名称为“一种WiFi网络安全接入方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201610066994.6, entitled "A WiFi Network Security Access Method and Apparatus", filed on January 29, 2016, the entire contents of In this application.
技术领域Technical field
本发明涉及网络安全领域,尤其涉及一种WiFi网络安全接入方法及装置。The present invention relates to the field of network security, and in particular, to a WiFi network security access method and apparatus.
背景技术Background technique
现有无线网络组网中,通常通过ESS(Extended Service Set,扩展服务集)网络来扩展WiFi的覆盖范围。ESS网络是将几个BSS(Basic Service Set,基本服务集)联合工作以构建一个覆盖更大的网络。在ESS网络中,各BSS使用相同的SSID(Service Set Identifier,服务集标识),而有不同的BSSID(Basic Service Set Identifier,基本服务集标识),SSID会显示在各STA(Station,站点)终端的扫描列表中。In the existing wireless network networking, the WiFi coverage is usually extended by an ESS (Extended Service Set) network. The ESS network works in conjunction with several BSS (Basic Service Sets) to build a network with a larger coverage. In the ESS network, each BSS uses the same SSID (Service Set Identifier), and has a different BSSID (Basic Service Set Identifier). The SSID is displayed on each STA (Station) terminal. In the scan list.
对于STA终端来说,整个ESS网络就像是一个BSS。在其扫描列表仅能看到ESS网络中的一个AP(Acess Point,无线接入点)热点,这个热点一般是ESS网络中当前位置信号最好的热点。例如,在某大厦中部署了一个ESS网络,其网络名称SSID为xinxigang,由于该大厦面积比较大,一个AP难以覆盖全面,因此其设立了多个AP热点。而这些AP热点的SSID都设置为xinxigang,但各AP的BSSID(通常为Mac地址)却是不同的,各AP也可工作在不同的信道上。STA终端在其扫描列表中仅能看到一个xinxigang的AP热点。For STA terminals, the entire ESS network is like a BSS. Only one AP (Acess Point) hotspot in the ESS network can be seen in the scan list. This hotspot is generally the hotspot of the current location signal in the ESS network. For example, an ESS network is deployed in a building, and its network name SSID is xinxigang. Since the building area is relatively large, it is difficult for an AP to cover a comprehensive area, so it sets up multiple AP hotspots. The SSIDs of these AP hotspots are all set to xinxigang, but the BSSIDs (usually Mac addresses) of each AP are different, and each AP can also work on different channels. The STA terminal can only see one AP hotspot of xinxigang in its scan list.
然而在上述场景中,攻击者可能会设置一个SSID为xinxigang的流氓接入点AP。通过增大发射功率,来诱骗STA终端关联该流氓接入点AP。攻击者可以对STA终端进行中间人攻击(MITM)进而盗取用户的资料,对用户的人身及财产造成威胁。因此,WiFi流氓接入点的存在给WiFi安全带来了极大的安全隐患。However, in the above scenario, the attacker may set a rogue access point AP with an SSID of xinxigang. The STA terminal is tricked into associating the rogue access point AP by increasing the transmit power. The attacker can conduct a man-in-the-middle attack (MITM) on the STA terminal to steal the user's data and pose a threat to the user's personal and property. Therefore, the existence of WiFi rogue access points brings great security risks to WiFi security.
发明内容Summary of the invention
本发明提供了一种WiFi网络安全接入方法及装置,用于解决现有技术中STA终端连接WiFi网络时,容易遭受流氓接入点攻击的问题。The invention provides a WiFi network security access method and device, which is used to solve the problem that the STA terminal is vulnerable to rogue access point attacks when the STA terminal is connected to the WiFi network in the prior art.
为实现上述发明目的,本发明采用下述的技术方案:In order to achieve the above object, the present invention adopts the following technical solutions:
依据本发明的一方面,提供一种WiFi网络安全接入方法,包括:According to an aspect of the present invention, a WiFi network security access method is provided, including:
获取扩展服务集ESS网络的可信任无线接入点AP列表;Obtaining a list of trusted wireless access point APs of the extended service set ESS network;
获取欲连接的AP的信息;Obtain information about the AP to be connected;
判断所述欲连接的AP是否在所述可信任AP列表中,若是,则向所述欲连接的AP发送连接请求。Determining whether the AP to be connected is in the list of trusted APs, and if yes, sending a connection request to the AP to be connected.
进一步地,获取所述可信任AP列表的方式包括数据网络、可识别标签或者手动添加任一种或多种。Further, the manner of obtaining the list of trusted APs includes a data network, an identifiable tag, or manually adding any one or more.
进一步地,所述可识别标签包括近场通信NFC标签、二维码以及无线射频识别RFID标签中任一种或多种。Further, the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
进一步地,通过所述数据网络获取所述可信任AP列表,包括:Further, obtaining the list of trusted APs by using the data network includes:
获取当前的位置信息,将所述位置信息通过所述数据网络发送至管理所述ESS网络的服务器,接收所述服务器根据所述位置信息反馈的可信任AP列表;Acquiring the current location information, sending the location information to the server managing the ESS network, and receiving the list of trusted APs that the server feeds back according to the location information;
或者,接收管理所述ESS网络的服务器通过所述数据网络推送的所述可信任AP列表。Alternatively, receiving, by the server managing the ESS network, the list of trusted APs pushed by the data network.
进一步地,所述可信任AP列表包括所述ESS网络中的服务集标识SSID以及可信任AP的唯一标识码。Further, the list of trusted APs includes a service set identifier SSID in the ESS network and a unique identifier of the trusted AP.
进一步地,所述唯一标识码为媒介访问控制MAC地址或者由管理所述ESS网络的服务器配置。Further, the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
依据本发明的另一方面,提供一种WiFi网络安全接入装置,其特征在于,包括:According to another aspect of the present invention, a WiFi network security access device is provided, including:
第一获取模块,用于获取扩展服务集ESS网络的可信任无线接入点AP列表;a first obtaining module, configured to obtain a list of trusted wireless access point APs of the extended service set ESS network;
第二获取模块,用于获取欲连接的AP的信息;a second acquiring module, configured to acquire information about an AP to be connected;
判断模块,用于判断所述欲连接的AP是否在所述可信任AP列表中;a determining module, configured to determine whether the AP to be connected is in the list of trusted APs;
发送模块,用于当判断所述欲连接的AP在所述可信任AP列表中,向所述欲连接的AP发送连接请求。And a sending module, configured to: when determining that the AP to be connected is in the list of trusted APs, send a connection request to the AP to be connected.
进一步地,所述第一获取模块获取所述可信任AP列表的方式包括数据网 络、可识别标签或者手动添加中的任一种或多种。Further, the manner in which the first obtaining module acquires the list of trusted APs includes a data network Any one or more of a network, an identifiable tag, or a manual addition.
进一步地,所述可识别标签包括近场通信NFC标签、二维码以及无线射频识别RFID标签中的任一种或多种。Further, the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
进一步地,所述第一获取模块通过所述数据网络获取所述可信任AP列表,包括:Further, the first obtaining module acquires the list of trusted APs by using the data network, including:
获取单元,用于获取当前的位置信息;An obtaining unit, configured to acquire current location information;
发送单元,用于将所述获取单元获取的位置信息通过所述数据网络发送至管理所述ESS网络的服务器;a sending unit, configured to send, by using the data network, location information acquired by the acquiring unit to a server that manages the ESS network;
第一接收单元,用于接收所述服务器根据所述发送单元发送的位置信息反馈的可信任AP列表;a first receiving unit, configured to receive a trusted AP list that is sent by the server according to the location information sent by the sending unit;
或者包括第二接收单元,用于接收管理所述ESS网络的服务器通过所述数据网络推送的所述可信任AP列表。Or comprising a second receiving unit, configured to receive, by the server managing the ESS network, the list of trusted APs pushed by the data network.
进一步地,所述第一获取模块获取的所述可信任AP列表包括所述ESS网络的服务集标识SSID以及可信任AP的唯一标识码。Further, the trusted AP list obtained by the first obtaining module includes a service set identifier SSID of the ESS network and a unique identifier of the trusted AP.
进一步地,所述唯一标识码为媒介访问控制MAC地址或者由管理所述ESS网络的服务器配置。Further, the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
本发明有益效果如下:The beneficial effects of the present invention are as follows:
本发明所提供的WiFi网络安全接入方法及装置,由ESS网络管理者发布该ESS网络可信任AP列表;当STA终端欲和该ESS网络的某AP关联时,通过可信任AP列表中的AP信息,核查欲关联的AP是否为可信任AP;当核查通过后,才允许关联,否则不予关联。本发明通过核查终端欲关联的AP是否为ESS网络中可信任AP可有效阻止WiFi流氓接入点的攻击,提高WiFi网络接入的安全性,增加用户体验。The WiFi network security access method and device provided by the present invention, the ESS network manager issues the ESS network trusted AP list; when the STA terminal wants to associate with an AP of the ESS network, the AP in the trusted AP list is adopted. Information, check whether the AP to be associated is a trusted AP; when the verification is passed, the association is allowed, otherwise it will not be associated. The invention improves the security of the WiFi network access and increases the user experience by checking whether the AP to be associated with the terminal is a trusted AP in the ESS network, which can effectively prevent the attack of the WiFi rogue access point.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描 述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. The drawings are only some of the embodiments of the present invention, and those skilled in the art can obtain other drawings based on these drawings without any inventive labor.
图1为本发明实施例中WiFi网络安全接入方法的流程图;FIG. 1 is a flowchart of a method for securely accessing a WiFi network according to an embodiment of the present invention;
图2为本发明实施例中采用的可信任AP列表的示意图;2 is a schematic diagram of a list of trusted APs used in an embodiment of the present invention;
图3为本发明实施例中WiFi网络安全接入装置的结构示意图。FIG. 3 is a schematic structural diagram of a WiFi network security access device according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
实施例1Example 1
本发明实施例提供了一种WiFi网络安全接入方法,适用于STA终端,如图1所示,该方法具体包括:An embodiment of the present invention provides a WiFi network security access method, which is applicable to an STA terminal. As shown in FIG. 1 , the method specifically includes:
步骤101,获取ESS网络的可信任无线接入点AP列表;Step 101: Obtain a list of trusted wireless access point APs of the ESS network.
步骤102,获取欲连接的AP的信息;Step 102: Obtain information about an AP to be connected.
步骤103,判断欲连接的AP是否在所述可信任AP列表中;Step 103: Determine whether an AP to be connected is in the list of trusted APs.
步骤104,若是,则向所述欲连接的AP发送连接请求。Step 104: If yes, send a connection request to the AP to be connected.
本实施例中以及下文的几个实施例中提到的ESS网络的可信任AP列表,具体包括ESS网络的SSID以及AP的唯一标识码。其中,对于唯一标识码,本发明实施例中优选采用AP的MAC(Medium/Media Access Control,,媒介访问控制)地址,具体形式,如图2所示。当然,该唯一标识码也可以由管理ESS网络的服务器配置,对每个AP进行唯一指定。The list of trusted APs of the ESS network mentioned in this embodiment and in the following embodiments specifically includes the SSID of the ESS network and the unique identification code of the AP. For the unique identification code, the MAC (Medium/Media Access Control) address of the AP is preferably used in the embodiment of the present invention, as shown in FIG. 2 . Of course, the unique identification code can also be configured by the server managing the ESS network, and each AP is uniquely specified.
在步骤101中,对于获取ESS网络可信任AP列表的方法很多,由ESS网络通过可信任途径发布,STA终端通过具有一定安全级别的通信方式获取。具体地,本发明实施例中获取可信任AP列表的方式包括:数据网络、可识别标签以及手动添加任一种或多种,后面将结合具体的实施例对获取可信任AP列表的过程进行说明,这里不做过多介绍。In step 101, there are many methods for obtaining an ESS network trusted AP list, which are issued by the ESS network through a trusted path, and the STA terminal obtains through a communication method with a certain security level. Specifically, the method for obtaining the list of trusted APs in the embodiment of the present invention includes: a data network, an identifiable tag, and a manual addition of any one or more. The process of obtaining a list of trusted APs will be described later in conjunction with a specific embodiment. I won’t introduce too much here.
在步骤102中,对于获取欲连接的AP的信息的具体过程,可以由AP主动向STA终端发送信息,信息中携带AP的相关信息,例如MAC地址以及信 号强度等;还可以由STA终端向AP请求获取,对于具体的实现过程,其已经为本领域人员所熟知的技术,具体地,在无线局域网标准IEEE 802.11协议簇中有相关介绍,本文不再进行赘述。In step 102, for the specific process of obtaining the information of the AP to be connected, the AP may actively send information to the STA terminal, where the information carries information about the AP, such as a MAC address and a letter. The strength of the number, etc.; can also be requested by the STA terminal to the AP. For the specific implementation process, it has been well known to those skilled in the art, and specifically, it is introduced in the IEEE 802.11 protocol cluster of the wireless local area network standard. Repeat them.
在步骤103~104中,当STA终端获取欲连接的AP信息后,根据SSID对每个可信任的AP信息进行遍历,并将遍历的AP信息与欲连接的AP信息进行对比;当对比结果一致时,则向欲连接AP发送连接请求;当对比结果不一致时,不允许关联该AP,同时提示用户当前AP具有一定的危险性。In steps 103-104, after the STA terminal acquires the AP information to be connected, it traverses each trusted AP information according to the SSID, and compares the traversed AP information with the AP information to be connected; when the comparison result is consistent When the connection request is sent to the AP, when the comparison result is inconsistent, the AP is not allowed to be associated, and the user is prompted to have a certain risk.
实施例2Example 2
本实施例基于实施例1,在获取ESS网络的可信任AP列表,通过数据网络实现,具体包括两种方式:主动方式、被动方式。This embodiment is based on the embodiment 1, and obtains a list of trusted APs of the ESS network, which is implemented by using a data network, and specifically includes two modes: an active mode and a passive mode.
对于通过数据网络主动获取可信任AP列表,包括如下步骤:For actively obtaining a list of trusted APs through the data network, the following steps are included:
获取当前位置信息;Get current location information;
将位置信息通过数据网络发送至管理ESS网络的服务器;Sending location information to the server managing the ESS network through the data network;
当接收到服务器根据该位置信息反馈的可信任AP列表后,将可信任AP列表配置于本地。After receiving the list of trusted APs that the server feeds back according to the location information, the list of trusted APs is configured locally.
本实施例中获取可信任AP列表时,基于用户的位置实现。具体地,STA终端用户需要首先关注部署该ESS网络的管理者信息(例如微信的公共账号等)。通过该ESS网络的管理者实现与管理ESS网络的服务器侧的信息交互。其中,ESS网络服务器中预先存储了该ESS网络的位置区域。ESS网络的服务器根据STA终端位置可以获取该ESS网络的可信任AP列表。When the list of trusted APs is obtained in this embodiment, it is implemented based on the location of the user. Specifically, the STA terminal user needs to first pay attention to the administrator information (such as the public account of WeChat, etc.) that deploys the ESS network. The information exchange with the server side of the management ESS network is realized by the administrator of the ESS network. The location area of the ESS network is pre-stored in the ESS web server. The server of the ESS network can obtain a list of trusted APs of the ESS network according to the location of the STA terminal.
以麦当劳为例进行说明。STA终端用户刚进入某地麦当劳,STA终端通过GPS(Global Positioning System,全球定位系统)获取当前的位置信息,并将该位置信息发送至麦当劳公众账号;麦当劳公众账号根据该位置信息判断该位置是否在预先设置的位置区域内;当判断该位置在相应的部署区域时,将该区域的ESS网络对应的可信任AP列表通过数据网络发送至STA终端。Take McDonald's as an example for explanation. The STA terminal user just enters a local McDonald's, the STA terminal obtains the current location information through a GPS (Global Positioning System), and sends the location information to the McDonald's public account; the McDonald's public account determines whether the location is based on the location information. In the pre-set location area; when it is determined that the location is in the corresponding deployment area, the trusted AP list corresponding to the ESS network of the area is sent to the STA terminal through the data network.
当然,STA终端可以自动检测并连接可信任的AP。具体地,STA终端自动检测当前环境是否存在ESS网络;当存在时,获取当前的位置信息,并将该位置信息发送至关注的所有ESS网络的管理者;所有ESS网络的服务器根据该位置信息判断是否在所属的部署区域内,当确定在部署区域内时,获取可信任的AP列表。若当前区域存在多个可用ESS网络时,用户可以自行选取可 用网络也可以根据用户预先设置的ESS网络信任排名对网络自动选取。对于多个可用ESS网络具体的选取过程,可以有多种,本发明不做具体的限定。Of course, the STA terminal can automatically detect and connect to a trusted AP. Specifically, the STA terminal automatically detects whether the ESS network exists in the current environment; when present, acquires current location information, and sends the location information to the administrators of all ESS networks concerned; all servers of the ESS network determine according to the location information. Whether to obtain a list of trusted APs when determining to be within the deployment area within the deployment area to which it belongs. If there are multiple available ESS networks in the current area, the user can select them at their own discretion. The network can also automatically select the network according to the ESS network trust ranking preset by the user. There may be multiple selection procedures for a plurality of available ESS networks, and the present invention is not specifically limited.
对于通过数据网络被动获取可信任AP列表时,只需接收ESS网络推送的可信任AP列表即可。For passively obtaining a list of trusted APs through the data network, it is only necessary to receive a list of trusted APs pushed by the ESS network.
具体地,由ESS网络检测进入覆盖区域的STA终端信息;当检测到STA终端进入ESS网络后,通过数据网络将可信任AP列表推送至该STA终端中。Specifically, the STA terminal information entering the coverage area is detected by the ESS network; after detecting that the STA terminal enters the ESS network, the list of trusted APs is pushed to the STA terminal through the data network.
具体地,对于ESS网络推送可信任AP列表的时间,需要经过STA终端的用户允许,才允许推送。例如,当用户打开WIFI,需要接入ESS网络时,ESS网络开始向STA终端进行推送;或者,当WIFI处于打开状态时,ESS网络检测到STA终端进行网络所覆盖的区域时,向STA终端询问是否需要连接,当需要时,将可信任AP列表推送至STA终端。STA终端接收ESS网络推送的可信任AP列表,将可信任AP列表配置于本地即可。Specifically, the time for the ESS network to push the list of trusted APs needs to be allowed by the user of the STA terminal to allow the push. For example, when the user opens the WIFI and needs to access the ESS network, the ESS network starts to push to the STA terminal; or, when the WIFI is in the open state, when the ESS network detects that the STA terminal performs the area covered by the network, it queries the STA terminal. Whether a connection is required, and a list of trusted APs is pushed to the STA terminal when needed. The STA terminal receives the list of trusted APs pushed by the ESS network, and configures the list of trusted APs locally.
实施例3Example 3
本实施例基于实施例1,在获取ESS网络的可信任AP列表时,通过可识别标签由终端主动获取实现。其中,可识别标签包括NFC(Near Field Communication,近场通信)标签、二维码以及RFID(Radio Frequency Identification,无线射频识别)标签等可用于识别并且携带信息的标签。The embodiment is based on the first embodiment. When the list of trusted APs of the ESS network is obtained, the identifiable tags are actively acquired by the terminal. The identifiable tags include NFC (Near Field Communication) tags, two-dimensional codes, and RFID (Radio Frequency Identification) tags, which can be used to identify and carry information.
具体地,本实施例中,可将该ESS网络的可信任AP列表配置到NFC标签/二维码中,或者将可以获取的到该ESS网络的可信任AP列表信息的链接写入到NFC标签/二维码中,STA终端只有读的权限,STA终端用户进入该地区时,直接通过STA终端的NFC功能刷NFC标签/二维码即可获取到上述信息,并配置到STA终端中。对于读取RFID标签,STA终端可以通过RFID读取器读取RFID标签的信息。对于RFID读取器可以集成于STA终端,或者由ESS网络侧提供。Specifically, in this embodiment, the trusted AP list of the ESS network may be configured into an NFC tag/two-dimensional code, or a link of the trusted AP list information that can be obtained to the ESS network may be written to the NFC tag. In the QR code, the STA terminal has only the read permission. When the STA terminal user enters the area, the NFC tag/QR code can be directly obtained through the NFC function of the STA terminal to obtain the above information and configured into the STA terminal. For reading the RFID tag, the STA terminal can read the information of the RFID tag through the RFID reader. The RFID reader can be integrated into the STA terminal or provided by the ESS network side.
需要说明的是,本发明对于STA终端获取可信任AP列表的具体方式并不局限于上述的实施例,用户还通过输入操作将ESS网络发布的可信任AP通过手动的方式进行添加。因此,对于STA终端通过其他方式获取可信任AP列表的方法都在本发明的保护范围之内。It should be noted that the specific manner for the STA terminal to obtain the list of trusted APs is not limited to the foregoing embodiment, and the user also adds the trusted APs advertised by the ESS network by manual operations. Therefore, the method for the STA terminal to obtain the list of trusted APs by other means is within the protection scope of the present invention.
实施例4Example 4
本发明实施例还提供了一种WiFi网络安全接入装置,用于实现实施例1~3 中任一实施例所提供的方法。参见图3,该WiFi网络安全接入装置包括:The embodiment of the present invention further provides a WiFi network security access device, which is used to implement Embodiments 1 to 3. The method provided by any of the embodiments. Referring to FIG. 3, the WiFi network security access device includes:
第一获取模块201,用于获取扩展服务集ESS网络的可信任无线接入点AP列表;The first obtaining module 201 is configured to obtain a list of trusted wireless access points AP of the extended service set ESS network;
第二获取模块202,用于获取欲连接的AP的信息;The second obtaining module 202 is configured to obtain information about the AP to be connected;
判断模块203,用于判断欲连接的AP是否在可信任AP列表中;The determining module 203 is configured to determine whether the AP to be connected is in the list of trusted APs;
发送模块204,用于当判断欲连接的AP在可信任AP列表中,向欲连接的AP发送连接请求。The sending module 204 is configured to: when determining that the AP to be connected is in the list of trusted APs, send a connection request to the AP to be connected.
进一步地,第一获取模块201获取可信任AP列表的方式包括数据网络、可识别标签或者手动添加中的任一种或多种。Further, the manner in which the first obtaining module 201 obtains the list of trusted APs includes any one or more of a data network, an identifiable tag, or a manual addition.
进一步地,可识别标签包括近场通信NFC标签、二维码以及无线射频识别RFID标签中的任一种或多种。Further, the identifiable tag comprises any one or more of a near field communication NFC tag, a two-dimensional code, and a radio frequency identification (RFID) tag.
进一步地,第一获取模块201通过数据网络获取可信任AP列表,包括:Further, the first obtaining module 201 obtains the list of trusted APs through the data network, including:
获取单元,用于获取当前的位置信息;An obtaining unit, configured to acquire current location information;
发送单元,用于将获取单元获取的位置信息通过数据网络发送至管理ESS网络的服务器;a sending unit, configured to send, by using a data network, location information acquired by the acquiring unit to a server that manages the ESS network;
第一接收单元,用于接收服务器根据发送单元发送的位置信息反馈的可信任AP列表;a first receiving unit, configured to receive, by the server, a list of trusted APs that are fed back according to the location information sent by the sending unit;
或者包括第二接收单元,用于接收管理ESS网络的服务器通过数据网络推送的可信任AP列表。Or including a second receiving unit, configured to receive a list of trusted APs that the server managing the ESS network pushes through the data network.
进一步地,第一获取模块201获取的可信任AP列表包括ESS网络的服务集标识SSID以及可信任AP的唯一标识码。Further, the list of trusted APs acquired by the first obtaining module 201 includes a service set identifier SSID of the ESS network and a unique identifier of the trusted AP.
进一步地,唯一标识码为媒介访问控制MAC地址或者由管理ESS网络的服务器配置。Further, the unique identification code is a medium access control MAC address or configured by a server that manages the ESS network.
综上所述,本发明实施例所提供的WiFi网络安全接入方法及装置,由ESS网络管理者发布该ESS网络可信任AP列表;当STA终端欲和该ESS网络的某AP关联时,通过可信任AP列表中的AP信息,核查欲关联的AP是否为可信任AP;当核查通过后,才允许关联,否则不予关联。本发明通过核查终端欲关联的AP是否为ESS网络中可信任AP,可有效阻止WiFi流氓接入点的攻击,提高WiFi网络接入的安全性,增加用户体验。In summary, the WiFi network security access method and device provided by the embodiment of the present invention, the ESS network manager issues the list of trusted APs of the ESS network; when the STA terminal wants to associate with an AP of the ESS network, The AP information in the AP list can be trusted to check whether the AP to be associated is a trusted AP. When the verification is passed, the association is allowed, otherwise the association is not performed. By checking whether the AP to be associated with the terminal is a trusted AP in the ESS network, the invention can effectively prevent the attack of the WiFi rogue access point, improve the security of the WiFi network access, and increase the user experience.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程, 是可以通过计算机程序来指令相关的硬件来完成,程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。One of ordinary skill in the art can understand all or part of the process in implementing the above embodiments. The program can be implemented by a computer program to instruct the associated hardware, and the program can be stored in a computer readable storage medium, which, when executed, can include the flow of an embodiment of the methods described above.
虽然通过实施例描述了本申请,本领域的技术人员知道,本申请有许多变形和变化而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 While the present invention has been described by the embodiments of the invention, it will be understood that Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (12)

  1. 一种WiFi网络安全接入方法,其特征在于,包括:A WiFi network security access method, comprising:
    获取扩展服务集ESS网络的可信任无线接入点AP列表;Obtaining a list of trusted wireless access point APs of the extended service set ESS network;
    获取欲连接的AP的信息;Obtain information about the AP to be connected;
    判断所述欲连接的AP是否在所述可信任AP列表中;Determining whether the AP to be connected is in the list of trusted APs;
    若是,则向所述欲连接的AP发送连接请求。If yes, a connection request is sent to the AP to be connected.
  2. 如权利要求1所述的方法,其特征在于,获取所述可信任AP列表的方式包括数据网络、可识别标签或者手动添加中的任一种或多种。The method of claim 1, wherein the manner of obtaining the list of trusted APs comprises any one or more of a data network, an identifiable tag, or a manual addition.
  3. 如权利要求2所述的方法,其特征在于,所述可识别标签包括近场通信NFC标签、二维码以及无线射频识别RFID标签中的任一种或多种。The method of claim 2 wherein the identifiable tag comprises any one or more of a near field communication NFC tag, a two dimensional code, and a radio frequency identification (RFID) tag.
  4. 如权利要求2所述的方法,其特征在于,通过所述数据网络获取所述可信任AP列表,包括:The method of claim 2, wherein obtaining the list of trusted APs by using the data network comprises:
    获取当前的位置信息,将所述位置信息通过所述数据网络发送至管理所述ESS网络的服务器,接收所述服务器根据所述位置信息反馈的可信任AP列表;Acquiring the current location information, sending the location information to the server managing the ESS network, and receiving the list of trusted APs that the server feeds back according to the location information;
    或者,接收管理所述ESS网络的服务器通过所述数据网络推送的所述可信任AP列表。Alternatively, receiving, by the server managing the ESS network, the list of trusted APs pushed by the data network.
  5. 如权利要求1~4任一项所述的方法,其特征在于,所述可信任AP列表包括所述ESS网络中的服务集标识SSID以及可信任AP的唯一标识码。The method according to any one of claims 1 to 4, wherein the list of trusted APs comprises a service set identifier SSID in the ESS network and a unique identification code of the trusted AP.
  6. 如权利要求5所述的方法,其特征在于,所述唯一标识码为媒介访问控制MAC地址或者由管理所述ESS网络的服务器配置。The method of claim 5 wherein the unique identification code is a medium access control MAC address or is configured by a server that manages the ESS network.
  7. 一种WiFi网络安全接入装置,其特征在于,包括:A WiFi network security access device, comprising:
    第一获取模块,用于获取扩展服务集ESS网络的可信任无线接入点AP列表;a first obtaining module, configured to obtain a list of trusted wireless access point APs of the extended service set ESS network;
    第二获取模块,用于获取欲连接的AP的信息;a second acquiring module, configured to acquire information about an AP to be connected;
    判断模块,用于判断所述欲连接的AP是否在所述可信任AP列表中;a determining module, configured to determine whether the AP to be connected is in the list of trusted APs;
    发送模块,用于当判断所述欲连接的AP在所述可信任AP列表中,向所述欲连接的AP发送连接请求。And a sending module, configured to: when determining that the AP to be connected is in the list of trusted APs, send a connection request to the AP to be connected.
  8. 如权利要求7所述的装置,其特征在于,所述第一获取模块获取所述可信任AP列表的方式包括数据网络、可识别标签或者手动添加中的任一种或 多种。The device according to claim 7, wherein the manner in which the first obtaining module acquires the list of trusted APs comprises any one of a data network, an identifiable tag, or a manual addition. A variety.
  9. 如权利要求8所述的装置,其特征在于,所述可识别标签包括近场通信NFC标签、二维码以及无线射频识别RFID标签中的任一种或多种。The device of claim 8 wherein the identifiable tag comprises any one or more of a near field communication NFC tag, a two dimensional code, and a radio frequency identification (RFID) tag.
  10. 如权利要求7所述的装置,其特征在于,所述第一获取模块通过所述数据网络获取所述可信任AP列表,包括:The device according to claim 7, wherein the first obtaining module acquires the list of trusted APs by using the data network, including:
    获取单元,用于获取当前的位置信息;An obtaining unit, configured to acquire current location information;
    发送单元,用于将所述获取单元获取的位置信息通过所述数据网络发送至管理所述ESS网络的服务器;a sending unit, configured to send, by using the data network, location information acquired by the acquiring unit to a server that manages the ESS network;
    第一接收单元,用于接收所述服务器根据所述发送单元发送的位置信息反馈的可信任AP列表;a first receiving unit, configured to receive a trusted AP list that is sent by the server according to the location information sent by the sending unit;
    或者包括第二接收单元,用于接收管理所述ESS网络的服务器通过所述数据网络推送的所述可信任AP列表。Or comprising a second receiving unit, configured to receive, by the server managing the ESS network, the list of trusted APs pushed by the data network.
  11. 如权利要求7~10任一项所述的装置,其特征在于,所述第一获取模块获取的所述可信任AP列表包括所述ESS网络的服务集标识SSID以及可信任AP的唯一标识码。The device according to any one of claims 7 to 10, wherein the list of trusted APs acquired by the first obtaining module includes a service set identifier SSID of the ESS network and a unique identifier of the trusted AP. .
  12. 如权利要求11所述的装置,其特征在于,所述唯一标识码为媒介访问控制MAC地址或者由管理所述ESS网络的服务器配置。 The apparatus of claim 11 wherein said unique identification code is a medium access control MAC address or is configured by a server managing said ESS network.
PCT/CN2016/080837 2016-01-29 2016-04-29 Method and apparatus for securely accessing wifi network WO2017128546A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610066994.6A CN107027121A (en) 2016-01-29 2016-01-29 A kind of WiFi network safety access method and device
CN201610066994.6 2016-01-29

Publications (1)

Publication Number Publication Date
WO2017128546A1 true WO2017128546A1 (en) 2017-08-03

Family

ID=59397151

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/080837 WO2017128546A1 (en) 2016-01-29 2016-04-29 Method and apparatus for securely accessing wifi network

Country Status (2)

Country Link
CN (1) CN107027121A (en)
WO (1) WO2017128546A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019228257A1 (en) * 2018-06-01 2019-12-05 上海连尚网络科技有限公司 Method for identifying type of wireless hotspot, and network device thereof
CN110557800A (en) * 2018-06-01 2019-12-10 上海连尚网络科技有限公司 Method for identifying type of wireless hotspot and network equipment thereof
US10798125B2 (en) * 2016-10-27 2020-10-06 Reliance Jio Infocomm Limited System and method for network entity assisted honeypot access point detection
CN113141599A (en) * 2021-05-31 2021-07-20 深圳市道通科技股份有限公司 Automobile diagnosis system and WiFi connection method

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107360602A (en) * 2017-08-24 2017-11-17 上海斐讯数据通信技术有限公司 A kind of reconnection to ad hoc wireless networks method and system
KR102474234B1 (en) * 2017-09-22 2022-12-07 (주)노르마 Analysis method and system of Security Vulnerability of wireless network
CN109391944B (en) * 2018-10-31 2022-05-20 北京小米移动软件有限公司 Wireless network remarking method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7693516B2 (en) * 2004-12-28 2010-04-06 Vtech Telecommunications Limited Method and system for enhanced communications between a wireless terminal and access point
CN102231887A (en) * 2011-06-21 2011-11-02 深圳市融创天下科技股份有限公司 Method, system for finding AP (access point) with hidden SSID (service set identifier) and terminal device
CN102355668A (en) * 2011-09-08 2012-02-15 深圳市融创天下科技股份有限公司 Method, system and terminal equipment for searching for access point (AP) attacker
CN103188824A (en) * 2011-12-28 2013-07-03 三星电子株式会社 Network system of home appliance and network setup method of the same
CN104270366A (en) * 2014-09-30 2015-01-07 北京金山安全软件有限公司 Method and device for detecting karma attack
CN104320408A (en) * 2014-11-06 2015-01-28 中山大学 Login method of WiFi access point (AP)
CN104580152A (en) * 2014-12-03 2015-04-29 中国科学院信息工程研究所 Protection method and system against wifi (wireless fidelity) phishing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7693516B2 (en) * 2004-12-28 2010-04-06 Vtech Telecommunications Limited Method and system for enhanced communications between a wireless terminal and access point
CN102231887A (en) * 2011-06-21 2011-11-02 深圳市融创天下科技股份有限公司 Method, system for finding AP (access point) with hidden SSID (service set identifier) and terminal device
CN102355668A (en) * 2011-09-08 2012-02-15 深圳市融创天下科技股份有限公司 Method, system and terminal equipment for searching for access point (AP) attacker
CN103188824A (en) * 2011-12-28 2013-07-03 三星电子株式会社 Network system of home appliance and network setup method of the same
CN104270366A (en) * 2014-09-30 2015-01-07 北京金山安全软件有限公司 Method and device for detecting karma attack
CN104320408A (en) * 2014-11-06 2015-01-28 中山大学 Login method of WiFi access point (AP)
CN104580152A (en) * 2014-12-03 2015-04-29 中国科学院信息工程研究所 Protection method and system against wifi (wireless fidelity) phishing

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10798125B2 (en) * 2016-10-27 2020-10-06 Reliance Jio Infocomm Limited System and method for network entity assisted honeypot access point detection
WO2019228257A1 (en) * 2018-06-01 2019-12-05 上海连尚网络科技有限公司 Method for identifying type of wireless hotspot, and network device thereof
CN110557800A (en) * 2018-06-01 2019-12-10 上海连尚网络科技有限公司 Method for identifying type of wireless hotspot and network equipment thereof
CN110557800B (en) * 2018-06-01 2020-09-01 上海连尚网络科技有限公司 Method for identifying type of wireless hotspot and network equipment thereof
US11368901B2 (en) 2018-06-01 2022-06-21 Shanghai Lianshang Network Technology Co., Ltd. Method for identifying a type of a wireless hotspot and a network device thereof
CN113141599A (en) * 2021-05-31 2021-07-20 深圳市道通科技股份有限公司 Automobile diagnosis system and WiFi connection method

Also Published As

Publication number Publication date
CN107027121A (en) 2017-08-08

Similar Documents

Publication Publication Date Title
WO2017128546A1 (en) Method and apparatus for securely accessing wifi network
KR101398149B1 (en) Methods and apparatus to discover authentication information in a wireless networking environment
RU2546610C1 (en) Method of determining unsafe wireless access point
US9264893B2 (en) Method for selecting access point with reliability
US10834596B2 (en) Method for blocking connection in wireless intrusion prevention system and device therefor
US9198034B2 (en) Validating presence of a communication device using a wireless local area network
US9253638B2 (en) Single card multi-mode multi-operator authentication method and device
US20150040194A1 (en) Monitoring of smart mobile devices in the wireless access networks
US8634393B2 (en) Channel scanning in a network having one or more access points
US20070213029A1 (en) System and Method for Provisioning of Emergency Calls in a Shared Resource Network
CN104302015A (en) Adaptive WI-FI network connection method and system with hidden SSID
US20110131651A1 (en) Method and device for detecting a spoofing attack in a wireless communication network
CN103442351B (en) A kind of method protecting wireless network
CN101785343B (en) Method, system and device for fast transitioning resource negotiation
US9544928B2 (en) Fast initial link setup communication device and method
US20140106746A1 (en) Network Attach Method for Relay Node and Related Apparatus
US20180270049A1 (en) Techniques for preventing abuse of bootstrapping information in an authentication protocol
WO2016131289A1 (en) Method, device and user equipment for testing security of wireless hotspot
KR20130079274A (en) Terminal and method for selecting access point with reliablility
CN104837136A (en) Wireless access authentication method and device
US20090037979A1 (en) Method and System for Recovering Authentication in a Network
US20120315886A1 (en) Method and communication device for assisting mobile data offloading and mobile device
US10206110B1 (en) Techniques for network security
US8239672B2 (en) Method of automatically establishing a security link for a wireless communication system and related communication device
GB2607915A (en) A method and system for authenticating a base station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16887428

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16887428

Country of ref document: EP

Kind code of ref document: A1