WO2018119950A1 - Access control method and apparatus - Google Patents

Access control method and apparatus Download PDF

Info

Publication number
WO2018119950A1
WO2018119950A1 PCT/CN2016/113259 CN2016113259W WO2018119950A1 WO 2018119950 A1 WO2018119950 A1 WO 2018119950A1 CN 2016113259 W CN2016113259 W CN 2016113259W WO 2018119950 A1 WO2018119950 A1 WO 2018119950A1
Authority
WO
WIPO (PCT)
Prior art keywords
vector
radio frequency
access
frequency fingerprint
classification
Prior art date
Application number
PCT/CN2016/113259
Other languages
French (fr)
Chinese (zh)
Inventor
王洁
Original Assignee
深圳天珑无线科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳天珑无线科技有限公司 filed Critical 深圳天珑无线科技有限公司
Priority to PCT/CN2016/113259 priority Critical patent/WO2018119950A1/en
Publication of WO2018119950A1 publication Critical patent/WO2018119950A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present application relates to the field of wireless communications technologies, and in particular, to an access control method and apparatus.
  • WIFI as a technology that allows access devices to connect to a wireless local area network
  • the wireless routing device determines the performance of the WiFi network. Due to the openness of the wireless environment, any wireless terminal device in the vicinity of the wireless router can receive the wireless signal and access the WiFi network through the wireless router device, thereby affecting the security of the WiFi network.
  • the most common solution is to use the WPA-PSK/WPA2-PSK method to set the 8-64-bit key to achieve access authentication for the device to connect to the wireless router. This method is less secure and easy. A situation where a key is leaked.
  • a person skilled in the art proposes a method for completing authentication by using a third-party authentication server.
  • the user equipment first logs in to the third-party authentication server, and simultaneously sends the wireless routing device identification information to be connected to the third-party authentication server.
  • the third-party authentication server then generates an identification information to be sent to the wireless routing device and the user equipment, and the user equipment connects and logs in to the wireless routing device based on the flag information.
  • the method for dynamically generating an authentication code reduces the security risk caused by the password leakage to a certain extent, but is still essentially a key-based authentication mechanism, and does not fundamentally solve the network security risk caused by the key leakage. .
  • the embodiment of the present application provides an access control method and apparatus, which are used to solve the network security problem caused by the secret routing key leakage of the wireless routing device based on the key access authentication mechanism in the prior art.
  • the embodiment of the present application provides an access control method, which is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database, and the method includes:
  • the access device is allowed to access.
  • the method before the acquiring the radio frequency fingerprint feature vector of the access device, the method further includes:
  • M and N are integers greater than one.
  • the radio frequency fingerprint feature vector of the corresponding access device is configured according to the access request, including:
  • obtaining a classification vector of the access device by using a sparse classification model includes:
  • the model derives the classification vector of the access device, where For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
  • the reconstruction vector corresponding to the classification vector is:
  • the original reconstructed vector is obtained, where ⁇ is the reconstructed noise, Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
  • Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
  • An access control method provided by an embodiment of the present application is applied to a wireless routing device pre-configured with a radio frequency fingerprint database, first constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and then based on the radio frequency fingerprint feature Vector and RF fingerprint database, the classification vector of the access device is obtained by sparse classification algorithm, and finally the classification vector is reconstructed by the sparse reconstruction algorithm. If the maximum element value in the reconstruction vector is greater than a preset threshold, the connection is allowed. Access to the device. Compared with the current access authentication method, the present application is based on the characteristics of the access terminal device's own radio frequency circuit.
  • the wireless routing device generates a unique radio frequency fingerprint feature, which is used to determine whether the access device is allowed to access according to the uniqueness of the radio frequency fingerprint feature, thereby fundamentally solving the security risk caused by the secret key leakage, and also does not need to provide other Third-party access authentication device.
  • the embodiment of the present application provides an access control device, which is applied to a wireless routing device that is pre-equipped with a radio frequency fingerprint database, and the device includes:
  • a constructing module configured to construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request
  • a first calculating module configured to obtain, according to the radio frequency fingerprint feature vector and the radio frequency fingerprint library, a classification vector of the access device by using a sparse classification model
  • a second calculating module configured to obtain, according to the classification vector and the sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector
  • the processing module is configured to allow the access device to access if the maximum element value in the reconstructed vector is greater than a preset threshold.
  • processing module is further configured to:
  • the device further includes:
  • An acquisition module configured to collect an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals, as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
  • M and N are integers greater than one.
  • constructing module is specifically configured to:
  • the model derives the classification vector of the access device, where For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
  • the original reconstructed vector is obtained, where ⁇ is the reconstructed noise, Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
  • Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
  • the access control device provided in the embodiment of the present application is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database.
  • the constructing module constructs a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and the first computing module Based on the radio frequency fingerprint feature vector and the radio frequency fingerprint database, the classification vector of the access device is obtained by a sparse classification algorithm, and then the first calculation module reconstructs the classification vector by a sparse reconstruction algorithm.
  • the processing module is When the maximum element value in the reconstructed vector is greater than the preset threshold, the access device is allowed to access.
  • the present application is based on the characteristics of the radio circuit of the access terminal device and is generated by the wireless routing device.
  • the unique radio frequency fingerprint feature is used to determine whether the access device is allowed to access according to the uniqueness of the radio frequency fingerprint feature, thereby fundamentally solving the security risk caused by the key leakage, and does not need to provide other third-party access. Enter the certified device.
  • Embodiment 1 is a schematic flow chart of Embodiment 1 of the present application.
  • FIG. 2 is a schematic flowchart of an authorization phase of the second embodiment of the present application.
  • FIG. 3 is a schematic flowchart of an access phase in Embodiment 2 of the present application.
  • Embodiment 4 is a schematic structural view of Embodiment 4 of the present application.
  • first, second, third, etc. may be used to describe the computing modules in the embodiments of the present application, these computing modules should not be limited to these terms. These terms are only used to distinguish computing modules from one another.
  • the first computing module may also be referred to as a second computing module without departing from the scope of the embodiments of the present application.
  • the second computing module may also be referred to as a first computing module.
  • the word “if” as used herein may be interpreted as “when” or “when” or “in response to determining” or “in response to detecting.”
  • the phrase “if determined” or “if detected (conditions or events stated)” may be interpreted as “when determined” or “in response to determination” or “when detected (stated condition or event) “Time” or “in response to a test (condition or event stated)”.
  • FIG. 1 it is a schematic flowchart of a method provided by an embodiment of the present application. As shown in FIG. 1 , the method includes the following steps:
  • RF fingerprint feature vector of the access device able to pass Performing a representation, wherein ⁇ IQ M is an I/Q amplitude offset of the access device under the M carrier modulated signals in the current time period, and ⁇ f M is a carrier of the access device under the M carrier modulated signals in the previous time period Frequency offset.
  • the wireless fingerprint device controls the wireless routing device to enter the authorization mode by the web control interface of the wireless routing device, and the wireless routing device searches for the pre-authorization device connected to itself, and then authorizes by the following steps:
  • M and N are integers greater than one.
  • the RF fingerprint database M can be expressed as among them, Indicates the Nth group radio frequency fingerprint feature vector of the kth authorized device.
  • the classification vector is reconstructed by a sparse reconstruction algorithm to obtain a reconstruction vector.
  • the specific steps include:
  • the setting range of the preset threshold ⁇ is (0.8, 1), if the reconstruction vector The maximum element value in the medium is greater than the preset threshold ⁇ , allowing the access device to be accessed; if the vector is reconstructed The maximum element value in the medium is less than or equal to the preset threshold ⁇ , and the access device is prohibited from being accessed.
  • the access device is prohibited from accessing.
  • An access control method provided by an embodiment of the present application is applied to a wireless routing device pre-configured with a radio frequency fingerprint database, first constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and then based on the radio frequency fingerprint feature Vector and RF fingerprint database, the classification vector of the access device is obtained by the sparse classification model, and finally the classification vector is reconstructed by the sparse reconstruction algorithm. If the maximum element value in the reconstruction vector is greater than the preset threshold, the connection is allowed. Access to the device.
  • the present application generates a unique radio frequency fingerprint feature according to the characteristics of the radio circuit of the access terminal device, and determines whether the access device is allowed to be connected according to the uniqueness of the radio frequency fingerprint feature. Into, and thus fundamentally solve the security risks caused by the secret key leakage, and there is no need to provide other third-party access authentication devices.
  • terminals involved in the embodiments of the present application may include, but are not limited to, a personal computer (PC), a personal digital assistant (PDA), a wireless handheld device, a tablet computer, and a tablet computer.
  • PC personal computer
  • PDA personal digital assistant
  • Mobile phones MP3 players, MP4 players, etc.
  • execution body of S101 to S104 may be an access control device, and the device
  • the application unit may be located in the application of the local terminal, or may be a plug-in or a software development kit (SDK) in the application of the local terminal, which is not specifically limited in this embodiment of the present application.
  • SDK software development kit
  • the application may be an application (nativeApp) installed on the terminal, or may be a web application (webApp) of the browser on the terminal, which is not limited by the embodiment of the present application.
  • the embodiment of the present application further illustrates the method of the present application by using a specific terminal device.
  • a specific terminal device select 3 Huawei Mate7 mobile phones, 3 Apple iphone6 mobile phones, 3 Nexus mobile phones, 2 Thinkpad X240 computers, 2 Ipad3s as mobile terminal devices, and then use USRP supporting 802.11n as a wireless routing device.
  • each test carrier uses 16QAM modulation.
  • the web control interface of the wireless routing device controls the wireless routing device to enter the authorization mode, and the wireless routing device searches for the pre-authorization device connected to itself, and then performs authorization by the following steps:
  • a total of 13 authorized devices constitute a radio frequency fingerprint database M, and the radio frequency fingerprint database M can be expressed as There are 130 sets of radio frequency fingerprint feature data in the RF fingerprint database M.
  • the wireless routing device enters the access mode.
  • determine whether to allow access by the following steps:
  • the wireless router responds and measures the radio frequency fingerprint feature vector of the access device according to the access request of the access device It can be expressed as
  • test results were tested using the above 13 devices. Each device was randomly connected 100 times, and the total correct access rate reached 99%. At the same time, 4 Huawei mobile phones and 3 X230 laptops were used without authorization. Attempts to access the wireless router, all identified as illegal devices and prohibited access.
  • the embodiment of the present application further provides an apparatus embodiment for implementing the steps and methods in the foregoing method embodiments.
  • FIG. 4 is a functional block diagram of a multi-antenna system correlation coefficient calculation apparatus according to an embodiment of the present application. As shown in Figure 4, the device comprises:
  • the constructing module 410 is configured to construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
  • the first calculating module 420 is configured to pass the radio frequency fingerprint feature vector and the radio frequency fingerprint database.
  • the classification vector of the access device is obtained by the sparse classification model;
  • a second calculating module 430 configured to obtain, according to the classification vector and the sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector;
  • the processing module 440 is configured to allow the access device to access if the maximum element value in the reconstructed vector is greater than a preset threshold.
  • the processing module is further configured to:
  • the device further includes:
  • An acquisition module configured to collect an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals, as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
  • M and N are integers greater than one.
  • the constructing module is specifically configured to:
  • the first computing module is specifically configured to:
  • the model derives the classification vector of the access device, where For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
  • the second computing module is specifically configured to:
  • the original reconstructed vector is obtained, where ⁇ is the reconstructed noise, Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
  • Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
  • the access control device provided in the embodiment of the present application is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database.
  • the constructing module constructs a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and the first computing module Based on the radio frequency fingerprint feature vector and the radio frequency fingerprint database, the classification vector of the access device is obtained by a sparse classification algorithm, and then the first calculation module reconstructs the classification vector by a sparse reconstruction algorithm.
  • the processing module is When the maximum element value in the reconstructed vector is greater than the preset threshold, the access device is allowed to access.
  • the present application Compared with the current access authentication device, the present application generates a unique radio frequency fingerprint feature through the wireless routing device according to the characteristics of the radio circuit of the access terminal device, and determines whether the access device is allowed to be connected according to the uniqueness of the radio frequency fingerprint feature. Into, and thus fundamentally solve the security risks caused by the secret key leakage, and there is no need to provide other third-party access authentication devices.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • multiple units or components may be combined.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present application. Part of the steps.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are an access control method and apparatus, relating to the technical field of wireless communications. On the one hand, in the embodiments of the present application, the method comprises: constructing, according to an access request, a radio frequency fingerprint characteristic vector corresponding to an access device; then according to the radio frequency fingerprint characteristic vector and a radio frequency fingerprint library, obtaining a classification vector of the access device by means of a sparse classification model; then obtaining, according to the classification vector and a sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector; and finally, if the maximum element value in the reconstruction vector is greater than a pre-set threshold value, allowing the access of the access device. In this way, the radio frequency fingerprint information generated by a wireless routing device serves as the only characteristic, and then whether to allow the access of the access device is determined according to the uniqueness of the radio frequency fingerprint characteristic. Therefore, the technical solution provided by the embodiments of the present application can fundamentally solve the security risks caused by key leakage, and furthermore, there is no need to provide other third-party access authentication devices.

Description

接入控制方法及装置Access control method and device 技术领域Technical field
本申请涉及无线通信技术领域,尤其涉及一种接入控制方法及装置。The present application relates to the field of wireless communications technologies, and in particular, to an access control method and apparatus.
背景技术Background technique
随着无线通信技术的日益发展,短距离无线通信的使用率也越来越高。其中,WIFI作为一种允许接入设备连接到一个无线局域网的技术,已经成为最常用的短距离无线通信方式之一。作为WiFi网络的基础设备,无线路由设备决定了WiFi网络的性能。由于无线环境的开放性,任何处于无线路由器周边的无线终端设备均可接收到无线信号并通过无线路由器设备接入到WiFi网络,从而影响WiFi网络的安全性。目前,最常用的解决方式是采用WPA-PSK/WPA2-PSK方法,通过设置8-64位长度的密钥以实现对设备连接无线路由器的接入认证,此种方式安全性较低,很容易出现秘钥泄露的情况。With the development of wireless communication technology, the use rate of short-range wireless communication is also getting higher and higher. Among them, WIFI, as a technology that allows access devices to connect to a wireless local area network, has become one of the most commonly used short-range wireless communication methods. As the basic device of the WiFi network, the wireless routing device determines the performance of the WiFi network. Due to the openness of the wireless environment, any wireless terminal device in the vicinity of the wireless router can receive the wireless signal and access the WiFi network through the wireless router device, thereby affecting the security of the WiFi network. At present, the most common solution is to use the WPA-PSK/WPA2-PSK method to set the 8-64-bit key to achieve access authentication for the device to connect to the wireless router. This method is less secure and easy. A situation where a key is leaked.
本领域技术人员在此基础上提出了通过借助第三方认证服务器来完成认证的方法,具体的,用户设备首先登陆第三方认证服务器,同时将要连接的无线路由设备标识信息发送给第三方认证服务器,然后第三方认证服务器生成一个标识信息发送给无线路由设备以及用户设备,用户设备基于此标志信息连接并登陆无线路由设备。On the basis of this, a person skilled in the art proposes a method for completing authentication by using a third-party authentication server. Specifically, the user equipment first logs in to the third-party authentication server, and simultaneously sends the wireless routing device identification information to be connected to the third-party authentication server. The third-party authentication server then generates an identification information to be sent to the wireless routing device and the user equipment, and the user equipment connects and logs in to the wireless routing device based on the flag information.
在实现本申请过程中,发明人发现现有技术中至少存在如下问题:In the process of implementing the present application, the inventors found that at least the following problems exist in the prior art:
现有技术中通过动态生成认证码的方式从一定程度上降低了密码泄露带来的安全隐患,但本质上仍属于基于秘钥的认证机制,没有从根本解决秘钥泄露所造成的网络安全隐患。 In the prior art, the method for dynamically generating an authentication code reduces the security risk caused by the password leakage to a certain extent, but is still essentially a key-based authentication mechanism, and does not fundamentally solve the network security risk caused by the key leakage. .
发明内容Summary of the invention
有鉴于此,本申请实施例提供了一种接入控制方法及装置,用以解决现有技术基于秘钥接入认证机制的无线路由设备在秘钥泄露时造成的网络安全问题。In view of this, the embodiment of the present application provides an access control method and apparatus, which are used to solve the network security problem caused by the secret routing key leakage of the wireless routing device based on the key access authentication mechanism in the prior art.
一方面,本申请实施例提供了一种接入控制方法,应用于预设有射频指纹库的无线路由设备中,所述方法包括:On the one hand, the embodiment of the present application provides an access control method, which is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database, and the method includes:
根据接入请求构造对应接入设备的射频指纹特征向量;Constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量;Deriving a classification vector of the access device by using a sparse classification model according to the radio frequency fingerprint feature vector and the radio frequency fingerprint database;
根据分类向量和稀疏重构算法得出该分类向量对应的重构向量;Deriving a reconstruction vector corresponding to the classification vector according to the classification vector and the sparse reconstruction algorithm;
若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。If the maximum element value in the reconstructed vector is greater than a preset threshold, the access device is allowed to access.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述方法还包括:The aspect as described above and any possible implementation manner further provide an implementation manner, where the method further includes:
若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。If the maximum element value in the reconstructed vector is less than or equal to the preset threshold, access device access is prohibited.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,在所述获取接入设备的射频指纹特征向量之前,所述方法还包括:The foregoing aspect, and any possible implementation manner, further provide an implementation manner, before the acquiring the radio frequency fingerprint feature vector of the access device, the method further includes:
采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;Collecting an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;Adding a feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
其中,M和N均为大于1的整数。 Wherein M and N are integers greater than one.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,根据接入请求构造对应接入设备的射频指纹特征向量包括:The aspect as described above, and any possible implementation manner, further provide an implementation manner, the radio frequency fingerprint feature vector of the corresponding access device is configured according to the access request, including:
在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。When receiving the access request of the access device, collecting the I/Q amplitude offset and the carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as the radio frequency fingerprint of the access device Feature vector.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量包括:The aspect as described above, and any possible implementation manner, further providing an implementation manner, according to the radio frequency fingerprint feature vector and the radio frequency fingerprint database, obtaining a classification vector of the access device by using a sparse classification model includes:
根据
Figure PCTCN2016113259-appb-000001
模型得出接入设备的分类向量,其中,
Figure PCTCN2016113259-appb-000002
为射频指纹特征向量,M为射频指纹库,C为分类向量。according to
Figure PCTCN2016113259-appb-000001
The model derives the classification vector of the access device, where
Figure PCTCN2016113259-appb-000002
For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,根据分类向量和稀疏重构算法得出该分类向量对应的重构向量包括:The aspect as described above, and any possible implementation manner, further provide an implementation manner, according to the classification vector and the sparse reconstruction algorithm, the reconstruction vector corresponding to the classification vector is:
根据方程组
Figure PCTCN2016113259-appb-000003
得出原始重构向量,其中,∈为重构噪声,
Figure PCTCN2016113259-appb-000004
是原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量;According to the equations
Figure PCTCN2016113259-appb-000003
The original reconstructed vector is obtained, where ∈ is the reconstructed noise,
Figure PCTCN2016113259-appb-000004
Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
上述技术方案中的一个技术方案具有如下有益效果:One of the above technical solutions has the following beneficial effects:
本申请实施例提供的一种接入控制方法,应用于预设有射频指纹库的无线路由设备中,首先根据接入请求构造对应接入设备的射频指纹特征向量,然后基于所述射频指纹特征向量和射频指纹库,通过稀疏分类算法得出该接入设备的分类向量,最后通过稀疏重构算法对分类向量进行重构,若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。与目前的接入认证方法相比,本申请根据接入终端设备自身射频电路的特点,通 过无线路由设备生成唯一的射频指纹特征,根据射频指纹特征的唯一性用来判断是否允许接入设备接入,进而从根本上解决了秘钥泄露所带来的安全隐患,同时也无需提供其他的第三方接入认证设备。An access control method provided by an embodiment of the present application is applied to a wireless routing device pre-configured with a radio frequency fingerprint database, first constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and then based on the radio frequency fingerprint feature Vector and RF fingerprint database, the classification vector of the access device is obtained by sparse classification algorithm, and finally the classification vector is reconstructed by the sparse reconstruction algorithm. If the maximum element value in the reconstruction vector is greater than a preset threshold, the connection is allowed. Access to the device. Compared with the current access authentication method, the present application is based on the characteristics of the access terminal device's own radio frequency circuit. The wireless routing device generates a unique radio frequency fingerprint feature, which is used to determine whether the access device is allowed to access according to the uniqueness of the radio frequency fingerprint feature, thereby fundamentally solving the security risk caused by the secret key leakage, and also does not need to provide other Third-party access authentication device.
另一方面,本申请实施例提供了一种接入控制装置,应用于预设有射频指纹库的无线路由设备中,所述装置包括:On the other hand, the embodiment of the present application provides an access control device, which is applied to a wireless routing device that is pre-equipped with a radio frequency fingerprint database, and the device includes:
构造模块,用于根据接入请求构造对应接入设备的射频指纹特征向量;a constructing module, configured to construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
第一计算模块,用于根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量;a first calculating module, configured to obtain, according to the radio frequency fingerprint feature vector and the radio frequency fingerprint library, a classification vector of the access device by using a sparse classification model;
第二计算模块,用于根据分类向量和稀疏重构算法得出该分类向量对应的重构向量;a second calculating module, configured to obtain, according to the classification vector and the sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector;
处理模块,用于若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。The processing module is configured to allow the access device to access if the maximum element value in the reconstructed vector is greater than a preset threshold.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述处理模块还用于:The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where the processing module is further configured to:
若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。If the maximum element value in the reconstructed vector is less than or equal to the preset threshold, access device access is prohibited.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述装置还包括:The above-mentioned aspect and any possible implementation manner further provide an implementation manner, the device further includes:
采集模块,用于采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;An acquisition module, configured to collect an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals, as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;Adding a feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
其中,M和N均为大于1的整数。 Wherein M and N are integers greater than one.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述构造模块具体用于:An aspect of the foregoing, and any possible implementation, further provide an implementation, where the constructing module is specifically configured to:
在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。When receiving the access request of the access device, collecting the I/Q amplitude offset and the carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as the radio frequency fingerprint of the access device Feature vector.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述第一计算模块具体用于:An aspect of the foregoing, and any possible implementation manner, further provide an implementation manner, where the first computing module is specifically configured to:
根据
Figure PCTCN2016113259-appb-000005
模型得出接入设备的分类向量,其中,
Figure PCTCN2016113259-appb-000006
为射频指纹特征向量,M为射频指纹库,C为分类向量。according to
Figure PCTCN2016113259-appb-000005
The model derives the classification vector of the access device, where
Figure PCTCN2016113259-appb-000006
For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述二计算模块具体用于:The foregoing aspect and any possible implementation manner further provide an implementation manner, where the two computing modules are specifically configured to:
根据方程组
Figure PCTCN2016113259-appb-000007
得出原始重构向量,其中,∈为重构噪声,
Figure PCTCN2016113259-appb-000008
是原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量;According to the equations
Figure PCTCN2016113259-appb-000007
The original reconstructed vector is obtained, where ∈ is the reconstructed noise,
Figure PCTCN2016113259-appb-000008
Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
上述技术方案中的一个技术方案具有如下有益效果:One of the above technical solutions has the following beneficial effects:
本申请实施例提供的一种接入控制装置,应用于预设有射频指纹库的无线路由设备中,首先,构造模块根据接入请求构造对应接入设备的射频指纹特征向量,第一计算模块基于所述射频指纹特征向量和射频指纹库,通过稀疏分类算法得出该接入设备的分类向量,然后,第一计算模块通过稀疏重构算法对分类向量进行重构,最后,处理模块在当重构向量中的最大元素值大于预设阈值时,允许接入设备接入。与目前的接入认证装置相比,本申请根据接入终端设备自身射频电路的特点,通过无线路由设备生 成唯一的射频指纹特征,根据射频指纹特征的唯一性用来判断是否允许接入设备接入,进而从根本上解决了秘钥泄露所带来的安全隐患,同时也无需提供其他的第三方接入认证设备。The access control device provided in the embodiment of the present application is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database. First, the constructing module constructs a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and the first computing module Based on the radio frequency fingerprint feature vector and the radio frequency fingerprint database, the classification vector of the access device is obtained by a sparse classification algorithm, and then the first calculation module reconstructs the classification vector by a sparse reconstruction algorithm. Finally, the processing module is When the maximum element value in the reconstructed vector is greater than the preset threshold, the access device is allowed to access. Compared with the current access authentication device, the present application is based on the characteristics of the radio circuit of the access terminal device and is generated by the wireless routing device. The unique radio frequency fingerprint feature is used to determine whether the access device is allowed to access according to the uniqueness of the radio frequency fingerprint feature, thereby fundamentally solving the security risk caused by the key leakage, and does not need to provide other third-party access. Enter the certified device.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. One of ordinary skill in the art can also obtain other drawings based on these drawings without paying for inventive labor.
图1是是本申请实施例一的流程示意图;1 is a schematic flow chart of Embodiment 1 of the present application;
图2是本申请实施例二授权阶段的流程示意图;2 is a schematic flowchart of an authorization phase of the second embodiment of the present application;
图3是本申请实施例二接入阶段的流程示意图;3 is a schematic flowchart of an access phase in Embodiment 2 of the present application;
图4是本申请实施例四的结构示意图。4 is a schematic structural view of Embodiment 4 of the present application.
具体实施方式detailed description
为了更好的理解本申请的技术方案,下面结合附图对本申请实施例进行详细描述。For a better understanding of the technical solutions of the present application, the embodiments of the present application are described in detail below with reference to the accompanying drawings.
应当明确,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本申请保护的范围。It should be understood that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
在本申请实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚 地表示其他含义。The terms used in the embodiments of the present application are for the purpose of describing particular embodiments only, and are not intended to limit the application. The singular forms "a", "the", and "the" The ground indicates other meanings.
应当理解,本文中使用的术语“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be understood that the term "and/or" as used herein is merely an association describing the associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, while A and B, there are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
应当理解,尽管在本申请实施例中可能采用术语第一、第二、第三等来描述计算模块,但这些计算模块不应限于这些术语。这些术语仅用来将计算模块彼此区分开。例如,在不脱离本申请实施例范围的情况下,第一计算模块也可以被称为第二计算模块,类似地,第二计算模块也可以被称为第一计算模块。It should be understood that although the terms first, second, third, etc. may be used to describe the computing modules in the embodiments of the present application, these computing modules should not be limited to these terms. These terms are only used to distinguish computing modules from one another. For example, the first computing module may also be referred to as a second computing module without departing from the scope of the embodiments of the present application. Similarly, the second computing module may also be referred to as a first computing module.
取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to determining" or "in response to detecting." Similarly, depending on the context, the phrase "if determined" or "if detected (conditions or events stated)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event) "Time" or "in response to a test (condition or event stated)".
实施例一Embodiment 1
本申请实施例给出一种接入控制方法,请参考图1,其为本申请实施例所提供的方法的流程示意图,如图1所示,该方法包括以下步骤:An embodiment of the present application provides an access control method. Referring to FIG. 1 , it is a schematic flowchart of a method provided by an embodiment of the present application. As shown in FIG. 1 , the method includes the following steps:
S101,根据接入请求构造对应接入设备的射频指纹特征向量。S101. Construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request.
具体地,在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。接入设备的射频指纹特征向量
Figure PCTCN2016113259-appb-000009
可以通过
Figure PCTCN2016113259-appb-000010
进行表示,其中,ΔIQM为当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量,ΔfM为前时间段内 接入设备在M个载波调制信号下的载波频率偏移量。Specifically, when receiving the access request of the access device, collecting an I/Q amplitude offset and a carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as an access device RF fingerprint feature vector. RF fingerprint feature vector of the access device
Figure PCTCN2016113259-appb-000009
able to pass
Figure PCTCN2016113259-appb-000010
Performing a representation, wherein ΔIQ M is an I/Q amplitude offset of the access device under the M carrier modulated signals in the current time period, and Δf M is a carrier of the access device under the M carrier modulated signals in the previous time period Frequency offset.
S102,根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量。S102. Obtain a classification vector of the access device by using a sparse classification model according to the radio frequency fingerprint feature vector and the radio frequency fingerprint database.
需要说明的是,射频指纹库是在S101之前,由无线路由设备的web控制界面控制无线路由设备进入授权模式,无线路由设备搜索连接自己的预授权设备,然后通过如下步骤进行授权:It should be noted that, before the S101, the wireless fingerprint device controls the wireless routing device to enter the authorization mode by the web control interface of the wireless routing device, and the wireless routing device searches for the pre-authorization device connected to itself, and then authorizes by the following steps:
1)采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;1) collecting an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
2)将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;2) adding the feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
其中,M和N均为大于1的整数。Wherein M and N are integers greater than one.
举例来说,假设目前共有K个已授权设备,则射频指纹数据库M可以表示为
Figure PCTCN2016113259-appb-000011
其中,
Figure PCTCN2016113259-appb-000012
表示第k个已授权设备的第N组射频指纹特征向量。For example, if there are currently K authorized devices, the RF fingerprint database M can be expressed as
Figure PCTCN2016113259-appb-000011
among them,
Figure PCTCN2016113259-appb-000012
Indicates the Nth group radio frequency fingerprint feature vector of the kth authorized device.
需要说明的是,稀疏分类模型用
Figure PCTCN2016113259-appb-000013
行表示,其中,
Figure PCTCN2016113259-appb-000014
为请求接入设备的射频指纹特征向量,M为射频指纹数据库,C为请求接入设备的分类向量。It should be noted that the sparse classification model is used.
Figure PCTCN2016113259-appb-000013
Line, in which,
Figure PCTCN2016113259-appb-000014
To request the radio frequency fingerprint feature vector of the access device, M is a radio frequency fingerprint database, and C is a classification vector for requesting access devices.
S103,根据分类向量和得出该分类向量对应的重构向量。S103. Obtain a reconstruction vector corresponding to the classification vector according to the classification vector.
需要说明的是,根据S102中得出分类向量后,通过稀疏重构算法对该分类向量进行重构以得出重构向量。具体步骤包括:It should be noted that, after the classification vector is obtained in S102, the classification vector is reconstructed by a sparse reconstruction algorithm to obtain a reconstruction vector. The specific steps include:
1)根据方程组
Figure PCTCN2016113259-appb-000015
得出原始重构向量,其中,∈为重构噪声,
Figure PCTCN2016113259-appb-000016
是原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量; 1) According to the equations
Figure PCTCN2016113259-appb-000015
The original reconstructed vector is obtained, where ∈ is the reconstructed noise,
Figure PCTCN2016113259-appb-000016
Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
2)将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。2) Adding successively N consecutive elements in the original reconstructed vector to obtain a reconstructed vector composed of K elements.
S104,若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。S104. If the maximum element value in the reconstructed vector is greater than a preset threshold, the access device is allowed to access.
需要说明的是,预设阈值η的设定范围为(0.8,1),若重构向量
Figure PCTCN2016113259-appb-000017
中的最大元素值大于预设阈值η,允许请求接入设备接入;若重构向量
Figure PCTCN2016113259-appb-000018
中的最大元素值小于或等于预设阈值η,禁止请求接入设备接入。It should be noted that the setting range of the preset threshold η is (0.8, 1), if the reconstruction vector
Figure PCTCN2016113259-appb-000017
The maximum element value in the medium is greater than the preset threshold η, allowing the access device to be accessed; if the vector is reconstructed
Figure PCTCN2016113259-appb-000018
The maximum element value in the medium is less than or equal to the preset threshold η, and the access device is prohibited from being accessed.
所以相应地,若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。Therefore, if the maximum element value in the reconstructed vector is less than or equal to the preset threshold, the access device is prohibited from accessing.
本申请实施例的技术方案具有以下有益效果:The technical solution of the embodiment of the present application has the following beneficial effects:
本申请实施例提供的一种接入控制方法,应用于预设有射频指纹库的无线路由设备中,首先根据接入请求构造对应接入设备的射频指纹特征向量,然后基于所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量,最后通过稀疏重构算法对分类向量进行重构,若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。与目前的接入控制方法相比,本申请根据接入终端设备自身射频电路的特点,通过无线路由设备生成唯一的射频指纹特征,根据射频指纹特征的唯一性用来判断是否允许接入设备接入,进而从根本上解决了秘钥泄露所带来的安全隐患,同时也无需提供其他的第三方接入认证设备。An access control method provided by an embodiment of the present application is applied to a wireless routing device pre-configured with a radio frequency fingerprint database, first constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and then based on the radio frequency fingerprint feature Vector and RF fingerprint database, the classification vector of the access device is obtained by the sparse classification model, and finally the classification vector is reconstructed by the sparse reconstruction algorithm. If the maximum element value in the reconstruction vector is greater than the preset threshold, the connection is allowed. Access to the device. Compared with the current access control method, the present application generates a unique radio frequency fingerprint feature according to the characteristics of the radio circuit of the access terminal device, and determines whether the access device is allowed to be connected according to the uniqueness of the radio frequency fingerprint feature. Into, and thus fundamentally solve the security risks caused by the secret key leakage, and there is no need to provide other third-party access authentication devices.
需要说明的是,本申请实施例中所涉及的终端可以包括但不限于个人计算机(Personal Computer,PC)、个人数字助理(Personal Digital Assistant,PDA)、无线手持设备、平板电脑(Tablet Computer)、手机、MP3播放器、MP4播放器等。It should be noted that the terminals involved in the embodiments of the present application may include, but are not limited to, a personal computer (PC), a personal digital assistant (PDA), a wireless handheld device, a tablet computer, and a tablet computer. Mobile phones, MP3 players, MP4 players, etc.
需要说明的是,S101~S104的执行主体可以为接入控制装置,该装置 可以位于本地终端的应用,或者还可以为位于本地终端的应用中的插件或软件开发工具包(Software Development Kit,SDK)等功能单元,本申请实施例对此不进行特别限定。It should be noted that the execution body of S101 to S104 may be an access control device, and the device The application unit may be located in the application of the local terminal, or may be a plug-in or a software development kit (SDK) in the application of the local terminal, which is not specifically limited in this embodiment of the present application.
可以理解的是,所述应用可以是安装在终端上的应用程序(nativeApp),或者还可以是终端上的浏览器的一个网页程序(webApp),本申请实施例对此不进行限定。It is to be understood that the application may be an application (nativeApp) installed on the terminal, or may be a web application (webApp) of the browser on the terminal, which is not limited by the embodiment of the present application.
实施例二Embodiment 2
基于上述实施例一所提供的接入控制方法,本申请实施例通过利用具体的终端设备对本申请方法进一步说明。首先,选取3部华为Mate7手机、3部苹果iphone6手机、3部Nexus手机、2台Thinkpad X240电脑、2台Ipad3作为移动终端设备,然后,采用支持802.11n的USRP作为无线路由设备,该设备支持OFDM通信,各测试载波采用16QAM调制。Based on the access control method provided in the foregoing Embodiment 1, the embodiment of the present application further illustrates the method of the present application by using a specific terminal device. First, select 3 Huawei Mate7 mobile phones, 3 Apple iphone6 mobile phones, 3 Nexus mobile phones, 2 Thinkpad X240 computers, 2 Ipad3s as mobile terminal devices, and then use USRP supporting 802.11n as a wireless routing device. For OFDM communication, each test carrier uses 16QAM modulation.
如图2所示,无线路由设备的web控制界面控制无线路由设备进入授权模式,无线路由设备搜索连接自己的预授权设备,然后通过如下步骤进行授权:As shown in FIG. 2, the web control interface of the wireless routing device controls the wireless routing device to enter the authorization mode, and the wireless routing device searches for the pre-authorization device connected to itself, and then performs authorization by the following steps:
1)采集预授权设备在30个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;1) collecting an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under 30 carrier modulated signals as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
2)将连续采集的10组射频指纹特征向量形成的射频指纹的特征集作为射频指纹库中;2) using the feature set of the radio frequency fingerprint formed by the 10 sets of radio frequency fingerprint feature vectors collected continuously as the radio frequency fingerprint library;
目前,共有13个已授权设备构成射频指纹数据库M,则射频指纹数据库M可以表示为
Figure PCTCN2016113259-appb-000019
射频指纹数据库M中共有130组射频指纹特征数据。At present, a total of 13 authorized devices constitute a radio frequency fingerprint database M, and the radio frequency fingerprint database M can be expressed as
Figure PCTCN2016113259-appb-000019
There are 130 sets of radio frequency fingerprint feature data in the RF fingerprint database M.
如图3所示,无线路由设备进入接入模式,当请求接入设备请求接入时,通过如下步骤判断是否允许接入: As shown in Figure 3, the wireless routing device enters the access mode. When requesting the access device to request access, determine whether to allow access by the following steps:
1)根据接入设备的接入请求,无线路由器响应并测量该接入设备的射频指纹特征向量
Figure PCTCN2016113259-appb-000020
可以表示为
Figure PCTCN2016113259-appb-000021
1) The wireless router responds and measures the radio frequency fingerprint feature vector of the access device according to the access request of the access device
Figure PCTCN2016113259-appb-000020
It can be expressed as
Figure PCTCN2016113259-appb-000021
2)稀疏分类模型用
Figure PCTCN2016113259-appb-000022
计算出射频指纹特征向量
Figure PCTCN2016113259-appb-000023
对应的分类向量C;2) Sparse classification model
Figure PCTCN2016113259-appb-000022
Calculate the RF fingerprint feature vector
Figure PCTCN2016113259-appb-000023
Corresponding classification vector C;
3)根据方程组
Figure PCTCN2016113259-appb-000024
得出原始重构向量,其中,∈为重构噪声,
Figure PCTCN2016113259-appb-000025
是原始重构向量,为由130个元素构成的列向量;3) According to the equations
Figure PCTCN2016113259-appb-000024
The original reconstructed vector is obtained, where ∈ is the reconstructed noise,
Figure PCTCN2016113259-appb-000025
Is the original reconstructed vector, which is a column vector consisting of 130 elements;
4)将原始重构向量中每连续10个元素依次相加得到由13个元素构成的重构向量
Figure PCTCN2016113259-appb-000026
4) Adding successively 10 elements in the original reconstructed vector to obtain a reconstructed vector composed of 13 elements
Figure PCTCN2016113259-appb-000026
5)若重构向量
Figure PCTCN2016113259-appb-000027
中的最大元素值大于预设阈值η,允许请求接入设备接入;若重构向量
Figure PCTCN2016113259-appb-000028
中的最大元素值小于或等于预设阈值η,禁止请求接入设备接入。5) If the reconstruction vector
Figure PCTCN2016113259-appb-000027
The maximum element value in the medium is greater than the preset threshold η, allowing the access device to be accessed; if the vector is reconstructed
Figure PCTCN2016113259-appb-000028
The maximum element value in the medium is less than or equal to the preset threshold η, and the access device is prohibited from being accessed.
测试结果,采用上述13个设备进行试验,每个设备随机接入100次,总的正确接入率达到99%;同时,还采用4台小米手机及3台X230笔记本电脑在没有进行授权的条件下尝试接入该无线路由器,全部被识别为非法设备而禁止接入。The test results were tested using the above 13 devices. Each device was randomly connected 100 times, and the total correct access rate reached 99%. At the same time, 4 Xiaomi mobile phones and 3 X230 laptops were used without authorization. Attempts to access the wireless router, all identified as illegal devices and prohibited access.
实施例三Embodiment 3
基于上述实施例一所提供的接入控制方法,本申请实施例进一步给出实现上述方法实施例中各步骤及方法的装置实施例。Based on the access control method provided in the foregoing embodiment, the embodiment of the present application further provides an apparatus embodiment for implementing the steps and methods in the foregoing method embodiments.
请参考图4,其为本申请实施例所提供的多天线系统相关性系数的计算装置的功能方块图。如图4所示,该装置包括:Please refer to FIG. 4 , which is a functional block diagram of a multi-antenna system correlation coefficient calculation apparatus according to an embodiment of the present application. As shown in Figure 4, the device comprises:
构造模块410,用于根据接入请求构造对应接入设备的射频指纹特征向量;The constructing module 410 is configured to construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
第一计算模块420,用于根据所述射频指纹特征向量和射频指纹库,通 过稀疏分类模型得出该接入设备的分类向量;The first calculating module 420 is configured to pass the radio frequency fingerprint feature vector and the radio frequency fingerprint database. The classification vector of the access device is obtained by the sparse classification model;
第二计算模块430,用于根据分类向量和稀疏重构算法得出该分类向量对应的重构向量;a second calculating module 430, configured to obtain, according to the classification vector and the sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector;
处理模块440,用于若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。The processing module 440 is configured to allow the access device to access if the maximum element value in the reconstructed vector is greater than a preset threshold.
在一个具体的实现过程中,所述处理模块还用于:In a specific implementation process, the processing module is further configured to:
若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。If the maximum element value in the reconstructed vector is less than or equal to the preset threshold, access device access is prohibited.
在一个具体的实现过程中,所述装置还包括:In a specific implementation process, the device further includes:
采集模块,用于采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;An acquisition module, configured to collect an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals, as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;Adding a feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
其中,M和N均为大于1的整数。Wherein M and N are integers greater than one.
在一个具体的实现过程中,所述构造模块具体用于:In a specific implementation process, the constructing module is specifically configured to:
在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。When receiving the access request of the access device, collecting the I/Q amplitude offset and the carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as the radio frequency fingerprint of the access device Feature vector.
在一个具体的实现过程中,所述第一计算模块具体用于:In a specific implementation process, the first computing module is specifically configured to:
根据
Figure PCTCN2016113259-appb-000029
模型得出接入设备的分类向量,其中,
Figure PCTCN2016113259-appb-000030
为射频指纹特征向量,M为射频指纹库,C为分类向量。according to
Figure PCTCN2016113259-appb-000029
The model derives the classification vector of the access device, where
Figure PCTCN2016113259-appb-000030
For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
在一个具体的实现过程中,所述二计算模块具体用于:In a specific implementation process, the second computing module is specifically configured to:
根据方程组
Figure PCTCN2016113259-appb-000031
得出原始重构向量,其中,∈为重构噪声,
Figure PCTCN2016113259-appb-000032
是 原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量;According to the equations
Figure PCTCN2016113259-appb-000031
The original reconstructed vector is obtained, where ∈ is the reconstructed noise,
Figure PCTCN2016113259-appb-000032
Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
上述技术方案中的一个技术方案具有如下有益效果:One of the above technical solutions has the following beneficial effects:
本申请实施例提供的一种接入控制装置,应用于预设有射频指纹库的无线路由设备中,首先,构造模块根据接入请求构造对应接入设备的射频指纹特征向量,第一计算模块基于所述射频指纹特征向量和射频指纹库,通过稀疏分类算法得出该接入设备的分类向量,然后,第一计算模块通过稀疏重构算法对分类向量进行重构,最后,处理模块在当重构向量中的最大元素值大于预设阈值时,允许接入设备接入。与目前的接入认证装置相比,本申请根据接入终端设备自身射频电路的特点,通过无线路由设备生成唯一的射频指纹特征,根据射频指纹特征的唯一性用来判断是否允许接入设备接入,进而从根本上解决了秘钥泄露所带来的安全隐患,同时也无需提供其他的第三方接入认证设备。The access control device provided in the embodiment of the present application is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database. First, the constructing module constructs a radio frequency fingerprint feature vector of the corresponding access device according to the access request, and the first computing module Based on the radio frequency fingerprint feature vector and the radio frequency fingerprint database, the classification vector of the access device is obtained by a sparse classification algorithm, and then the first calculation module reconstructs the classification vector by a sparse reconstruction algorithm. Finally, the processing module is When the maximum element value in the reconstructed vector is greater than the preset threshold, the access device is allowed to access. Compared with the current access authentication device, the present application generates a unique radio frequency fingerprint feature through the wireless routing device according to the characteristics of the radio circuit of the access terminal device, and determines whether the access device is allowed to be connected according to the uniqueness of the radio frequency fingerprint feature. Into, and thus fundamentally solve the security risks caused by the secret key leakage, and there is no need to provide other third-party access authentication devices.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如,多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。 In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined. Or it can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机装置(可以是个人计算机,服务器,或者网络装置等)或处理器(Processor)执行本申请各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present application. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。 The above is only the preferred embodiment of the present application, and is not intended to limit the present application. Any modifications, equivalent substitutions, improvements, etc., which are made within the spirit and principles of the present application, should be included in the present application. Within the scope of protection.

Claims (12)

  1. 一种接入控制方法,其特征在于,应用于预设有射频指纹库的无线路由设备中,所述方法包括:An access control method, which is applied to a wireless routing device pre-equipped with a radio frequency fingerprint database, the method comprising:
    根据接入请求构造对应接入设备的射频指纹特征向量;Constructing a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
    根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量;Deriving a classification vector of the access device by using a sparse classification model according to the radio frequency fingerprint feature vector and the radio frequency fingerprint database;
    根据分类向量和稀疏重构算法得出该分类向量对应的重构向量;Deriving a reconstruction vector corresponding to the classification vector according to the classification vector and the sparse reconstruction algorithm;
    若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。If the maximum element value in the reconstructed vector is greater than a preset threshold, the access device is allowed to access.
  2. 根据权利要求1所述的接入控制方法,其特征在于,所述方法还包括:The access control method according to claim 1, wherein the method further comprises:
    若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。If the maximum element value in the reconstructed vector is less than or equal to the preset threshold, access device access is prohibited.
  3. 根据权利要求1所述的接入控制方法,其特征在于,在所述获取接入设备的射频指纹特征向量之前,所述方法还包括:The access control method according to claim 1, wherein before the obtaining the radio frequency fingerprint feature vector of the access device, the method further includes:
    采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;Collecting an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
    将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;Adding a feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
    其中,M和N均为大于1的整数。Wherein M and N are integers greater than one.
  4. 根据权利要求3所述的接入控制方法,其特征在于,根据接入请求构造对应接入设备的射频指纹特征向量包括:The access control method according to claim 3, wherein the constructing the radio frequency fingerprint feature vector of the corresponding access device according to the access request comprises:
    在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。When receiving the access request of the access device, collecting the I/Q amplitude offset and the carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as the radio frequency fingerprint of the access device Feature vector.
  5. 根据权利要求1所述的接入控制方法,其特征在于,根据所述射频指 纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量包括:The access control method according to claim 1, wherein the radio frequency finger is The eigenvector and the radio frequency fingerprint database, and the classification vector of the access device is obtained by the sparse classification model:
    根据
    Figure PCTCN2016113259-appb-100001
    模型得出接入设备的分类向量,其中,
    Figure PCTCN2016113259-appb-100002
    为射频指纹特征向量,M为射频指纹库,C为分类向量。    according to
    Figure PCTCN2016113259-appb-100001
    The model derives the classification vector of the access device, where
    Figure PCTCN2016113259-appb-100002
    For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
  6. 根据权利要求5所述的接入控制方法,其特征在于,根据分类向量和稀疏重构算法得出该分类向量对应的重构向量包括:The access control method according to claim 5, wherein the reconstruction vector corresponding to the classification vector is obtained according to the classification vector and the sparse reconstruction algorithm, including:
    根据方程组
    Figure PCTCN2016113259-appb-100003
    得出原始重构向量,其中,ε为重构噪声,
    Figure PCTCN2016113259-appb-100004
    是原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量;    According to the equations
    Figure PCTCN2016113259-appb-100003
    The original reconstructed vector is obtained, where ε is the reconstructed noise,
    Figure PCTCN2016113259-appb-100004
    Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
    将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
  7. 一种接入控制装置,其特征在于,应用于预设有射频指纹库的无线路由设备中,所述装置包括:An access control device, which is applied to a wireless routing device pre-equipped with a radio frequency fingerprint library, the device comprising:
    构造模块,用于根据接入请求构造对应接入设备的射频指纹特征向量;a constructing module, configured to construct a radio frequency fingerprint feature vector of the corresponding access device according to the access request;
    第一计算模块,用于根据所述射频指纹特征向量和射频指纹库,通过稀疏分类模型得出该接入设备的分类向量;a first calculating module, configured to obtain, according to the radio frequency fingerprint feature vector and the radio frequency fingerprint library, a classification vector of the access device by using a sparse classification model;
    第二计算模块,用于根据分类向量和稀疏重构算法得出该分类向量对应的重构向量;a second calculating module, configured to obtain, according to the classification vector and the sparse reconstruction algorithm, a reconstruction vector corresponding to the classification vector;
    处理模块,用于若重构向量中的最大元素值大于预设阈值,则允许接入设备接入。The processing module is configured to allow the access device to access if the maximum element value in the reconstructed vector is greater than a preset threshold.
  8. 根据权利要求7所述的接入控制装置,其特征在于,所述处理模块还用于:The access control device according to claim 7, wherein the processing module is further configured to:
    若重构向量中的最大元素值小于或等于预设阈值,则禁止接入设备接入。 If the maximum element value in the reconstructed vector is less than or equal to the preset threshold, access device access is prohibited.
  9. 根据权利要求7所述的接入控制装置,其特征在于,所述装置还包括:The access control device according to claim 7, wherein the device further comprises:
    采集模块,用于采集预授权设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为该预授权设备的一组射频指纹特征向量;An acquisition module, configured to collect an I/Q amplitude offset and a carrier frequency offset of the pre-authorized device under the M carrier modulated signals, as a set of radio frequency fingerprint feature vectors of the pre-authorized device;
    将连续采集的N组射频指纹特征向量形成的射频指纹的特征集加入至当前的射频指纹库中;Adding a feature set of the radio frequency fingerprint formed by the N sets of radio frequency fingerprint feature vectors collected continuously to the current radio frequency fingerprint database;
    其中,M和N均为大于1的整数。Wherein M and N are integers greater than one.
  10. 根据权利要求8所述的接入控制装置,其特征在于,所述构造模块具体用于:The access control device according to claim 8, wherein the constructing module is specifically configured to:
    在接收到接入设备的接入请求时,采集当前时间段内接入设备在M个载波调制信号下的I/Q幅度偏移量和载波频率偏移量,以作为接入设备的射频指纹特征向量。When receiving the access request of the access device, collecting the I/Q amplitude offset and the carrier frequency offset of the access device under the M carrier modulated signals in the current time period, as the radio frequency fingerprint of the access device Feature vector.
  11. 根据权利要求1所述的接入控制装置,其特征在于,所述第一计算模块具体用于:The access control device according to claim 1, wherein the first calculation module is specifically configured to:
    根据
    Figure PCTCN2016113259-appb-100005
    模型得出接入设备的分类向量,其中,
    Figure PCTCN2016113259-appb-100006
    为射频指纹特征向量,M为射频指纹库,C为分类向量。    according to
    Figure PCTCN2016113259-appb-100005
    The model derives the classification vector of the access device, where
    Figure PCTCN2016113259-appb-100006
    For the RF fingerprint feature vector, M is the RF fingerprint library, and C is the classification vector.
  12. 根据权利要求11所述的接入控制装置,其特征在于,所述二计算模块具体用于:The access control device according to claim 11, wherein the two calculation modules are specifically configured to:
    根据方程组
    Figure PCTCN2016113259-appb-100007
    得出原始重构向量,其中,ε为重构噪声,
    Figure PCTCN2016113259-appb-100008
    是原始重构向量,为由N*K个元素构成的列向量,K为射频指纹库M中的授权设备数量;    According to the equations
    Figure PCTCN2016113259-appb-100007
    The original reconstructed vector is obtained, where ε is the reconstructed noise,
    Figure PCTCN2016113259-appb-100008
    Is the original reconstructed vector, which is a column vector composed of N*K elements, and K is the number of authorized devices in the radio frequency fingerprint library M;
    将原始重构向量中每连续N个元素依次相加得到由K个元素构成的重构向量。 Each successive N elements in the original reconstructed vector are sequentially added to obtain a reconstructed vector composed of K elements.
PCT/CN2016/113259 2016-12-29 2016-12-29 Access control method and apparatus WO2018119950A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/113259 WO2018119950A1 (en) 2016-12-29 2016-12-29 Access control method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/113259 WO2018119950A1 (en) 2016-12-29 2016-12-29 Access control method and apparatus

Publications (1)

Publication Number Publication Date
WO2018119950A1 true WO2018119950A1 (en) 2018-07-05

Family

ID=62706575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/113259 WO2018119950A1 (en) 2016-12-29 2016-12-29 Access control method and apparatus

Country Status (1)

Country Link
WO (1) WO2018119950A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113612751A (en) * 2021-07-28 2021-11-05 深圳供电局有限公司 Power distribution network power line carrier communication system access security detection method
EP4009207A1 (en) * 2020-12-07 2022-06-08 Siemens Aktiengesellschaft Access control to a device based on an individual device feature
CN115085960A (en) * 2021-03-16 2022-09-20 中国移动通信有限公司研究院 Network security access authentication method and device, electronic equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013028198A1 (en) * 2011-08-25 2013-02-28 Empire Technology Development Llc Location determination using radio frequency information
CN104053129A (en) * 2014-06-19 2014-09-17 北京芯同汇科技有限公司 Wireless sensor network indoor positioning method and device based on sparse RF fingerprint interpolations
CN105372628A (en) * 2015-11-19 2016-03-02 上海雅丰信息科技有限公司 Wi-Fi-based indoor positioning navigation method
CN106250823A (en) * 2016-07-21 2016-12-21 同济大学 A kind of palm print and palm vein recognition methods and palm print and palm vein image capture instrument

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013028198A1 (en) * 2011-08-25 2013-02-28 Empire Technology Development Llc Location determination using radio frequency information
CN104053129A (en) * 2014-06-19 2014-09-17 北京芯同汇科技有限公司 Wireless sensor network indoor positioning method and device based on sparse RF fingerprint interpolations
CN105372628A (en) * 2015-11-19 2016-03-02 上海雅丰信息科技有限公司 Wi-Fi-based indoor positioning navigation method
CN106250823A (en) * 2016-07-21 2016-12-21 同济大学 A kind of palm print and palm vein recognition methods and palm print and palm vein image capture instrument

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
TANG, XIN ET AL.: "Reviews of Sparse Representation and Its Applications in Face Recognition", MATHEMATICAL MODELING AND ITS APPLICATIONS, 15 June 2014 (2014-06-15), ISSN: 2095-3070 *
YU , JIABAO ET AL.: "RF Fingerprinting Extraction and Identification of Wireless Communication Devices", JOURNAL OF CRYPTOLOGIC RESEARCH, vol. 3, no. 5, 15 October 2016 (2016-10-15), pages 433 - 446, XP055509585, ISSN: 2095-7025 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4009207A1 (en) * 2020-12-07 2022-06-08 Siemens Aktiengesellschaft Access control to a device based on an individual device feature
WO2022122286A1 (en) 2020-12-07 2022-06-16 Siemens Aktiengesellschaft Controlling access to a device using an individual device feature
CN115085960A (en) * 2021-03-16 2022-09-20 中国移动通信有限公司研究院 Network security access authentication method and device, electronic equipment and readable storage medium
CN113612751A (en) * 2021-07-28 2021-11-05 深圳供电局有限公司 Power distribution network power line carrier communication system access security detection method

Similar Documents

Publication Publication Date Title
EP3752935B1 (en) A system, apparatus and method for privacy preserving contextual authentication
Truong et al. Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication
KR101977845B1 (en) Mobile device to provide continuous and discrete user authentication
WO2019095911A1 (en) Method and device for withstanding denial-of-service attack
US9607140B2 (en) Authenticating a user of a system via an authentication image mechanism
Liu et al. Practical user authentication leveraging channel state information (CSI)
US7730219B2 (en) System and method for detecting free and open wireless networks
US10057289B2 (en) Adjusting multi-factor authentication using context and pre-registration of objects
US9160742B1 (en) Localized risk analytics for user authentication
US20140282868A1 (en) Method And Apparatus To Effect Re-Authentication
EP3412017A1 (en) Method and apparatus for facilitating frictionless two-factor authentication
CN105281906A (en) Safety authentication method and device
WO2015047992A2 (en) Device identification scoring
US20200007334A1 (en) User authentication using a companion device
US20120117633A1 (en) Enhanced Security For Pervasive Devices Using A Weighting System
WO2018119950A1 (en) Access control method and apparatus
US9549322B2 (en) Methods and systems for authentication of a communication device
CN105592005B (en) Security verification method, device and system
CN105306202B (en) Auth method, device and server
WO2016201770A1 (en) Access-controlled entrance management method and mobile terminal
US9785761B2 (en) Unlocking a locked user device using a computer generated unlock code provided by a user
CN106529236A (en) Unlocking method, apparatus and system
KR20170033788A (en) Method for authentication and device thereof
Karakaya et al. How Secure is Your Smart Watch?
CN109067502B (en) Multi-user detection method based on dynamic self-adaptive compressed sensing and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16925865

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16925865

Country of ref document: EP

Kind code of ref document: A1