WO2018205997A1 - 一种用于连接无线接入点的方法与设备 - Google Patents
一种用于连接无线接入点的方法与设备 Download PDFInfo
- Publication number
- WO2018205997A1 WO2018205997A1 PCT/CN2018/086509 CN2018086509W WO2018205997A1 WO 2018205997 A1 WO2018205997 A1 WO 2018205997A1 CN 2018086509 W CN2018086509 W CN 2018086509W WO 2018205997 A1 WO2018205997 A1 WO 2018205997A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- connection
- user equipment
- information
- access point
- wireless access
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
Definitions
- the present application relates to the field of communications, and in particular, to a technology for connecting wireless access points.
- the wireless router has a fixed network password in the background, and the device to be authenticated is connected by the same network password, and the connection network usually needs to manually input a preset network password, which is not only complicated and error-prone.
- the connection network usually needs to manually input a preset network password, which is not only complicated and error-prone.
- the password Once the password is leaked, other users can also connect to the wireless router according to the password, and cannot effectively control the accessed device; often changing the password can effectively reduce the risk of password leakage, but once the router modifies the network password, the previously connected device is correspondingly Resetting the password to continue accessing the wireless network is also cumbersome, and the user's enthusiasm for periodically changing the password is not high.
- the wireless device scans the SSID of the wireless router and can connect, the subsequent authentication still needs to be performed based on the requirements of the webpage input information, and the threshold is high.
- the connection conversion rate is low.
- a method for connecting a wireless access point at a user equipment end comprising:
- connection request includes connection authentication information generated by the user equipment, based on an operation of the user connecting the target wireless access point in the application of the user equipment ;
- a method for connecting a wireless access point at a wireless routing device end comprising:
- connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment
- connection request When the connection request is authenticated by the connection, the connection request is accepted and the connection success information is returned to the user equipment.
- a method for connecting a wireless access point on a network device side comprising:
- connection authentication information about the user equipment requesting the connection target wireless access point, where the connection authentication information is generated by the user equipment
- a method for connecting a wireless access point comprising:
- the user equipment sends a connection request to the wireless routing device corresponding to the target wireless access point, where the connection request includes the user equipment generation, based on an operation of the user connecting the target wireless access point in the application of the user equipment Connection authentication information;
- the user equipment receives the connection success information.
- an apparatus for connecting a wireless access point comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection request includes connection authentication information generated by the user equipment, based on an operation of the user connecting the target wireless access point in the application of the user equipment ;
- a wireless routing device for connecting to a wireless access point, the wireless routing device comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment
- connection request When the connection request is authenticated by the connection, the connection request is accepted and the connection success information is returned to the user equipment.
- a network device for connecting a wireless access point comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection authentication information about the user equipment requesting the connection target wireless access point, where the connection authentication information is generated by the user equipment
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection request includes connection authentication information generated by the user equipment, based on an operation of the user connecting the target wireless access point in the application of the user equipment ;
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment
- connection request When the connection request is authenticated by the connection, the connection request is accepted and the connection success information is returned to the user equipment.
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection authentication information about the user equipment requesting the connection target wireless access point, where the connection authentication information is generated by the user equipment
- Connection authentication based on network devices facilitates customization of control policies (such as connection duration, traffic, etc.) for different user devices, enables accurate identification and control of user devices, and can conveniently count the services of each user device. data.
- FIG. 1 shows a system topology diagram for connecting a wireless access point according to an embodiment of the present application
- FIG. 2 is a flowchart of a method for connecting a wireless access point at a user equipment end according to an embodiment of the present application
- Figure 3 is a flow chart showing the sub-steps of one of the steps in Figure 2;
- FIG. 4 is a flow chart showing a method for connecting a wireless access point at a wireless routing device according to another embodiment of the present application
- FIG. 5 is a flowchart of a method for connecting a wireless access point at a network device end according to still another embodiment of the present application
- FIG. 6 shows a flow chart of a method for connecting a wireless access point, in accordance with an embodiment of the present application
- FIG. 7 illustrates a system topology diagram for connecting a wireless access point according to another embodiment of the present application.
- the terminal, the device of the service network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
- processors CPUs
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
- RAM random access memory
- ROM read only memory
- Memory is an example of a computer readable medium.
- Computer readable media includes both permanent and non-persistent, removable and non-removable media.
- Information storage can be implemented by any method or technology.
- the information can be computer readable instructions, data structures, modules of programs, or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage,
- the device referred to in the present application includes but is not limited to a user equipment, a network device, or a device formed by integrating a user equipment and a network device through a network.
- the user equipment includes, but is not limited to, any mobile electronic product that can perform human-computer interaction with the user (for example, human-computer interaction through a touchpad), such as a smart phone, a tablet computer, etc., and the mobile electronic product can be operated by any operation.
- System such as android operating system, iOS operating system, etc.
- the network device includes an electronic device capable of automatically performing numerical calculation and information processing according to an instruction set or stored in advance, and the hardware includes but is not limited to a microprocessor, an application specific integrated circuit (ASIC), and programmable logic.
- ASIC application specific integrated circuit
- the network device includes, but is not limited to, a computer, a network host, a single network server, a plurality of network server sets, or a plurality of servers; wherein the cloud is composed of a large number of computers or network servers based on Cloud Computing.
- cloud computing is a kind of distributed computing, a virtual supercomputer composed of a group of loosely coupled computers.
- the network includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a VPN network, a wireless ad hoc network (Ad Hoc network), and the like.
- the device may also be a program running on the user equipment, the network device, or the user equipment and the network device, the network device, the touch terminal, or the network device and the touch terminal integrated through the network.
- a user equipment generates and sends a connection request including connection authentication information to a wireless routing device. After the connection request passes the connection authentication, the user equipment connects to the wireless routing device and receives the wireless. The connection success message sent by the routing device. The connection authentication information used for connection authentication is also generated by the user equipment. The connection authentication for the connection request may be completed by the wireless routing device; or may be sent by the wireless routing device to the corresponding network device, which is completed by the network device.
- step S11 the user equipment sends a connection request to the wireless routing device corresponding to the target wireless access point based on the operation of the user connecting the target wireless access point in the application of the user equipment, where the connection request includes the The connection authentication information generated by the user equipment; in step S12, receiving the connection success information sent by the wireless routing device after the connection request passes the connection authentication.
- a connection request is sent to a wireless routing device corresponding to the target wireless access point, based on an operation of the user connecting the target wireless access point in the application of the user equipment, where the connection request includes Connection authentication information generated by the user equipment.
- the connection authentication information used for connection authentication is generated locally at the user equipment.
- the wireless connection application is installed on a user equipment operated by the user, through which the user can establish a wireless connection between the user equipment and the target wireless access point to be connected; according to the user in the wireless connection application
- the connection operation generates a wireless connection request, the wireless connection request is based on a unified authentication user name, and includes connection authentication information for authenticating the user equipment or the user identity, and the connection authentication information is locally generated by the user equipment.
- connection request to the target wireless access point and the target wireless access point is corresponding to a wireless routing device, for example, provided by the wireless routing device, according to the user identity information, the user equipment identification information, the user equipment serial number, and the like.
- the wireless signal of the target wireless access point, the user equipment can communicate with the target wireless access point after detecting the wireless signal.
- the connection authentication information is generated locally on the user equipment, and the user equipment is not required to request the connection authentication information from the network device in advance, which improves the connection operation efficiency, and greatly reduces the possibility that the connection authentication information is intercepted by the illegal user due to the reduction of the intermediate link, and It is convenient to identify the legality of the connection authentication information, thereby improving system security.
- step S12 the user equipment receives the connection success information sent by the wireless routing device; wherein the connection success information is sent after the wireless routing device passes the connection authentication according to the connection request sent by the user equipment, for example, according to the wireless connection request.
- the included connection authentication information is authenticated.
- the authentication process may be that the connection request or the connection authentication information sent by the user equipment is sent to the corresponding network device, for example, the authentication server, and the authentication succeeds or fails according to the information returned by the network device; or may be completed locally by the wireless routing device.
- the wireless routing device authenticates the user equipment according to the connection authentication information included in the wireless connection request. When the user equipment is successfully authenticated, a wireless connection between the user equipment and the wireless access point is established, and the connection success information is sent to the user equipment.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- the user equipment UE 1 is mounted in connection with a wireless connection to a wireless application access point.
- the user U 1 selects the wireless access point icon provided by the wireless routing device WR on the touch screen of the user equipment UE 1 and clicks the “Connect” button to trigger the connection instruction.
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, and the user equipment UE 1 detects the connection instruction. After generated locally, a connection request for connection authentication, the authentication request is sent to the user equipment UE 1 is connected with appropriate permissions, or corresponding user U 1 have the appropriate permissions.
- the wireless routing device WR or the authentication server After receiving the connection request or the connection authentication information, the wireless routing device WR or the authentication server authenticates the connection authentication information, and checks whether the user equipment UE 1 or the user U 1 has the corresponding authority; when the connection request passes the connection authentication, the user is established.
- the authentication operation may be: sending the connection authentication information to the authentication server, determining whether the authentication succeeds or fails according to the information returned by the authentication server; or performing the localization in the wireless routing device WR.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user U1 or the user equipment UE1, but also to collect user connection data, such as the number of connections and connection duration of a specific user or user equipment.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- step S11 further includes sub-step S11a and sub-step S11b.
- sub-step S11a when the operation of connecting the target wireless access point by the user in the application of the user equipment is acquired, the user equipment generates connection authentication information based on the service data information communicated with the target wireless access point;
- sub-step S11b the user equipment sends a connection request to the wireless routing device corresponding to the target wireless access point, where the connection request includes the connection authentication information.
- the user equipment detects an operation of the user connecting to the target wireless access point in the wireless connection application, wherein the wireless connection application is installed on the user equipment; when the connection operation of the user is obtained, according to the connection operation of the user in the wireless connection application, Generating a wireless connection request, the wireless connection request is based on a unified authentication user name, and includes connection authentication information for authenticating the user equipment or user identity, and the connection authentication information is based on the user equipment and the wireless access point
- the service data generated during the communication process such as user equipment identification information, identification information of the wireless routing device (such as MAC address), system time for the user to perform the connection operation, the current communication protocol version used by the wireless connection application, and/or the wireless connection application Current version information, etc.; sending the connection request to the target wireless access point for performing connection authentication based on the connection authentication information, and the target wireless access point corresponds to a wireless routing device, for example, the target wireless access point Provided by a wireless routing device.
- the service data information between the user equipment and the wireless access point
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, where the connection authentication information includes the current wireless connection application.
- the authentication operation may be that the user equipment number corresponding to the user equipment UE 1 is sent to the authentication server, and the authentication success or failure is determined according to the information returned by the authentication server, or may be completed locally by the wireless routing device WR.
- connection authentication information is "1.0;2.0;1234567890abcdef;20100312051730200", wherein the communication protocol version is “1.0", the application version is “2.0”, the user equipment number is “1234567890abcdef”, and the system time information is "20100312051730200”. (Accurate to the system time of milliseconds), each field is connected and separated by ";”; after the authentication server receives the connection request and obtains the connection authentication information, it determines the connection authentication information according to the communication protocol version information "1.0".
- the service data information may also be base64 encoded in advance.
- the connection authentication information includes the service data information
- the additional identification information generated based on the service data information refers to connection authentication information generated locally by the user equipment, and includes not only communication between the user equipment and the wireless routing device.
- the service data information further includes additional identification information further generated based on the service data information and a preset algorithm.
- the additional identification information is generated based on the application preset algorithm, when the wireless routing device or the verification server can generate the same additional identification information in the connection request based on the same algorithm, it can be determined that the connection request is sent by the legal device. Further connection authentication operations can be performed. Otherwise, it is likely that the connection authentication information is forged by the illegal device. For example, by hijacking the connection request issued by the legal device, the connection request can be directly rejected.
- Connection authentication information with additional identification information can identify connection requests from illegal devices, further enhancing the security of the system.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, where the connection authentication information includes the user equipment and the wireless
- the wireless connection application obtains service data information, where the service data information may include a communication protocol used by the current wireless connection application, an application version of the current wireless connection application, a user equipment number uniquely allocated by the wireless connection application to the user equipment, and a trigger connection instruction.
- System time information of the user equipment after obtaining the service data information, processing all or part of the service data information according to an algorithm agreed in advance, for example, performing operations such as encryption, shifting, hashing, etc., to obtain additional identification information;
- Each field in the service data information and the obtained additional identification information are used as fields in the connection authentication information, and the fields are separated by special symbols.
- the wireless routing device or the authentication server After receiving the connection request, the wireless routing device or the authentication server first generates additional identification information based on the same algorithm based on the service data information, and compares it with the additional identification information in the connection request.
- the user equipment number authentication checks the user equipment UE of the user device the corresponding number 1 have the appropriate permissions; when the connection request by the connection authentication, returns the authentication success information
- the wireless connection between the wireless access points provided by the user equipment UE 1 and the wireless routing device WR is established, and the connection success information is sent to the user equipment UE 1 , and the user equipment UE 1 successfully connects to the wireless access point.
- the authentication operation may be that the user equipment number corresponding to the user equipment UE 1 is sent to the authentication server, and the authentication success or failure is determined according to the information returned by the authentication server, or may be completed locally by the wireless routing device WR.
- the communication protocol version used by the wireless connection application is "1.0"
- the application version is "2.0”
- the user equipment number is “1234567890abcdef”
- the system time information is "20100312051730200” (system time accurate to milliseconds).
- the service data information is obtained by performing a preset operation according to the service data information, and obtaining the additional identification information “qwerasdf”, which is used together with the service data information as the content of the connection authentication information, and the connection authentication information is: “ 1.0; 2.0; 1234567890abcdef; 20100312051730200; qwerasdf”.
- the authentication server After receiving the connection request and obtaining the connection authentication information, the authentication server determines the meaning of each field in the connection authentication information according to the communication protocol version information “1.0”, according to the service data information part “1.0; 2.0; 1234567890abcdef; 20100312051730200” according to the same The algorithm generates additional identification information and compares it with "qwerasdf”. If it is inconsistent, it returns the authentication failure information; if it is consistent, it determines whether the corresponding user equipment has the right to connect to the wireless routing device WR according to the user equipment number "1234567890abcdef", if any, Returns the message "Authentication Successful" to the wireless routing device.
- the service data information may also be base64 encoded in advance.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- sub-step S11a further comprises sub-step S11a1 (not shown) and sub-step s11a2 (not shown).
- sub-step S11a1 when the operation of connecting the target wireless access point by the user in the application of the user equipment is acquired, the user equipment communicates the service data information of the user equipment with the target wireless access point. Preprocessing is performed to obtain additional identification information; in sub-step S11a2 (not shown), the user equipment generates connection authentication information, wherein the connection authentication information includes the service data information and the additional identification information.
- the user equipment detects an operation of the user connecting to the target wireless access point in the wireless connection application, wherein the wireless connection application is installed on the user equipment; when the connection operation of the user is obtained, according to the connection operation of the user in the wireless connection application, A wireless connection request is generated, the wireless connection request is based on a unified authentication username, and includes connection authentication information for authenticating the user equipment or user identity, and additional identification information generated based on the connection authentication information.
- the connection authentication information is generated based on service data in a communication process between the user equipment and the wireless access point, such as user equipment identification information, identification information of the wireless routing device (such as a MAC address), and system time for the user to perform the connection operation.
- the wireless communication application currently uses the communication protocol version and/or the current version information of the wireless connection application, etc.; the connection request is sent to the target wireless access point for connection authentication based on the connection authentication information, and the target wireless access
- the point corresponds to a wireless routing device, for example the target wireless access point is provided by the wireless routing device.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user or the user equipment, but also to collect user connection data, such as the number of connections and connection duration of a specific user or user equipment.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, where the connection authentication information includes the user equipment and the wireless
- the wireless connection application obtains service data information, where the service data information may include a communication protocol used by the current wireless connection application, an application version of the current wireless connection application, a user equipment number uniquely allocated by the wireless connection application to the user equipment, and a trigger connection instruction.
- System time information of the user equipment after obtaining the service data information, processing all or part of the service data information according to a previously agreed algorithm, for example, performing operations such as encryption, shifting, hashing, etc., to obtain additional identification information;
- a previously agreed algorithm for example, performing operations such as encryption, shifting, hashing, etc.
- Each field in the data information and the obtained additional identification information are used as fields in the connection authentication information, and the fields are separated by special symbols.
- the wireless routing device or the authentication server After receiving the connection request, the wireless routing device or the authentication server first generates additional identification information based on the same algorithm based on the service data information, and compares it with the additional identification information in the connection request.
- the wireless connection between the wireless access points provided by the user equipment UE 1 and the wireless routing device WR is established, and the connection success information is sent to the user equipment UE 1 , and the user equipment UE 1 successfully connects to the wireless access point.
- the authentication operation may be that the connection request or the connection authentication information is sent to the authentication server, and the authentication success or failure is determined according to the information returned by the authentication server, or may be locally performed by the wireless routing device WR.
- the communication protocol version used by the wireless connection application is "1.0"
- the application version is "2.0”
- the user equipment number is “1234567890abcdef”
- the system time information is "20100312051730200” (system time accurate to milliseconds).
- the service data information is obtained by performing a preset operation according to the service data information, and obtaining the additional identification information “qwerasdf”, which is used together with the service data information as the content of the connection authentication information, and the connection authentication information is: “ 1.0; 2.0; 1234567890abcdef; 20100312051730200; qwerasdf”.
- the authentication server After receiving the connection request and obtaining the connection authentication information, the authentication server determines the meaning of each field in the connection authentication information according to the communication protocol version information “1.0”, according to the service data information part “1.0; 2.0; 1234567890abcdef; 20100312051730200” according to the same The algorithm generates additional identification information and compares it with "qwerasdf”. If it is inconsistent, it returns the authentication failure information; if it is consistent, it determines whether the corresponding user equipment has the right to connect to the wireless routing device WR according to the user equipment number "1234567890abcdef", if any, Returns the message "Authentication Successful" to the wireless routing device.
- the service data information may also be base64 encoded in advance.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- the preprocessing in sub-step S11a1 comprises at least any one of the following: 1) hash processing; 2) encryption processing.
- the additional identification information when it is generated according to the service data information, it may be obtained by calculation by a hash function, may be obtained by encryption by an encryption algorithm, or may be obtained by a combination of hash function calculation and encryption algorithm encryption.
- other data processing methods such as shifting, negating, XOR, etc., can also be combined on this basis.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, where the connection authentication information includes the user equipment and the wireless
- the wireless connection application obtains service data information, where the service data information may include a communication protocol used by the current wireless connection application, an application version of the current wireless connection application, a user equipment number uniquely allocated by the wireless connection application to the user equipment, and a trigger connection instruction.
- System time information of the user equipment after obtaining the service data information, processing all or part of the service data information according to a previously agreed algorithm, for example, performing operations such as encryption, shifting, hashing, etc., to obtain additional identification information;
- a previously agreed algorithm for example, performing operations such as encryption, shifting, hashing, etc.
- Each field in the data information and the obtained additional identification information are used as fields in the connection authentication information, and the fields are separated by special symbols.
- the wireless routing device or the authentication server After receiving the connection request, the wireless routing device or the authentication server first generates additional identification information based on the same algorithm based on the service data information, and compares it with the additional identification information in the connection request.
- the wireless connection between the wireless access points provided by the user equipment UE 1 and the wireless routing device WR is established, and the connection success information is sent to the user equipment UE 1 , and the user equipment UE 1 successfully connects to the wireless access point.
- the authentication operation may be that the connection request or the connection authentication information is sent to the authentication server, and the authentication success or failure is determined according to the information returned by the authentication server, or may be locally performed by the wireless routing device WR.
- the communication protocol version used by the wireless connection application is "1.0"
- the application version is "2.0”
- the user equipment number is “1234567890abcdef”
- the system time information is "20100312051730200” (system time accurate to milliseconds).
- the service data information is obtained by performing a preset operation according to the service data information, and obtaining the additional identification information “qwerasdf”, which is used together with the service data information as the content of the connection authentication information, and the connection authentication information is: “ 1.0; 2.0; 1234567890abcdef; 20100312051730200; qwerasdf”.
- the authentication server After receiving the connection request and obtaining the connection authentication information, the authentication server determines the meaning of each field in the connection authentication information according to the communication protocol version information “1.0”, according to the service data information part “1.0; 2.0; 1234567890abcdef; 20100312051730200” according to the same The algorithm generates additional identification information and compares it with "qwerasdf”. If it is inconsistent, it returns the authentication failure information; if it is consistent, it determines whether the corresponding user equipment has the right to connect to the wireless routing device WR according to the user equipment number "1234567890abcdef", if any, Returns the message "Authentication Successful" to the wireless routing device.
- the service data information may also be base64 encoded in advance.
- additional identification information can be processed multiple times, such as multiple encryptions and/or hashes.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- the service data information includes at least one of the following: 1) user equipment identification information of the user equipment; 2) routing equipment identification information of the wireless routing device; 3) the connection target wireless access point Corresponding time information of the operation; 4) protocol version information of the user equipment communicating with the wireless access point; 5) user identification information of the user in the application.
- the authentication of the user equipment or the user identity may be performed by user equipment identification information (such as a user equipment number) or user identification information (such as a user name and password of the user in the application);
- the time information can be used to prevent replay attacks of malicious users, wherein the time information can be actual time information of the system or time stamp information; the version information of the communication protocol is beneficial to implement a diversified product structure.
- the replay attack is blocked by the time information, and it may be determined whether the same message has been received, and if so, it is determined that the wireless connection request is a replay message, rejecting the wireless connection request; or may be on the server side or the client side.
- a time information is generated, and when the difference between the two times is within a time threshold, it is determined that the wireless connection request is valid, not a playback message.
- step S21 the wireless routing device receives a connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment; in step S22, the wireless routing device according to the The connection authentication information performs connection authentication on the connection request; in step S23, when the connection request passes the connection authentication, the wireless routing device accepts the connection request and returns connection success information to the user equipment.
- the wireless routing device receives a connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment.
- the wireless connection application is installed on a user equipment operated by the user, through which the user can establish a wireless connection between the user equipment and the target wireless access point to be connected; according to the user in the wireless connection application
- the connection operation generates a wireless connection request, the wireless connection request is based on a unified authentication user name, and includes connection authentication information for authenticating the user equipment or the user identity, and the connection authentication information is locally generated by the user equipment.
- connection request to the target wireless access point and the target wireless access point is corresponding to a wireless routing device, for example, provided by the wireless routing device, according to the user identity information, the user equipment identification information, the user equipment serial number, and the like.
- the wireless signal of the target wireless access point, the user equipment can communicate with the target wireless access point after detecting the wireless signal.
- the connection authentication information is generated locally on the user equipment, and the user equipment is not required to request the connection authentication information from the network device in advance, which improves the connection operation efficiency, and greatly reduces the possibility that the connection authentication information is intercepted by the illegal user due to the reduction of the intermediate link, and It is convenient to identify the legality of the connection authentication information, thereby improving system security.
- the wireless routing device performs connection authentication on the connection request according to the connection authentication information.
- the connection request sent by the user equipment is sent to the corresponding network device, for example, the authentication server, and the authentication succeeds or fails according to the information returned by the network device; or may be completed locally in the wireless routing device, for example, the wireless routing device according to the wireless
- the connection authentication information contained in the connection request authenticates the user equipment or user identity.
- step S23 when the connection request is authenticated by the connection, the wireless routing device accepts the connection request and returns connection success information to the user equipment. For example, if the connection request sent by the user equipment is sent to the corresponding network device for connection authentication, when the network device returns the “authentication success” message, the wireless routing device accepts the connection request of the user equipment, and establishes the target wireless access point and the user equipment. Wireless connection and return "connection success" information to the user equipment; or, if the wireless routing device performs connection authentication for the wireless connection request locally, for example, according to the connection authentication information therein, after the authentication is successful, the standard wireless is established. A wireless connection between the access point and the user equipment, and returning a "connection success" message to the user equipment. The user device can present the "connection successful" information to its user.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, and the user equipment UE 1 detects the connection instruction. After generated locally, a connection request for connection authentication, the authentication request is sent to the user equipment UE 1 is connected with appropriate permissions, or corresponding user U 1 have the appropriate permissions.
- the wireless routing device WR or the authentication server After receiving the connection request or the connection authentication information, the wireless routing device WR or the authentication server authenticates the connection authentication information, and checks whether the user equipment UE 1 or the user U 1 has the corresponding authority; when the connection request passes the connection authentication, the user is established.
- the authentication operation may be that the connection request or the connection authentication information is sent to the authentication server, and the authentication success or failure is determined according to the information returned by the authentication server, or may be locally performed by the wireless routing device WR.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user U1 or the user equipment UE1, but also to collect user connection data, such as the number of connections and connection duration of a specific user or user equipment.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- the wireless routing device sends the connection request to the corresponding network device, and the connection authentication is performed by the network.
- the wireless routing device first sends the connection authentication information to the corresponding network device, and then receives the authentication result information returned by the network device about the connection authentication information.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- the user equipment UE 1 is mounted in connection with a wireless connection to a wireless application access point.
- the user U 1 selects the wireless access point icon provided by the wireless routing device WR on the touch screen of the user equipment UE 1 and clicks the “Connect” button to trigger the connection instruction.
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, and the user equipment UE 1 detects the connection instruction. after generated locally, a connection request for connection authentication, the authentication request is sent to the user equipment UE 1 is connected with appropriate permissions, or corresponding user U 1 have the appropriate permissions.
- the wireless routing device WR After receiving the connection request, the wireless routing device WR forwards the connection request to the corresponding authentication server, and the authentication server authenticates the connection authentication information, and checks whether the user equipment UE 1 or the user U 1 has the corresponding authority; when the connection request passes the connection authentication, the wireless connection is performed.
- WR routing device returns "authentication success”message; wireless routing device establishes a user equipment UE and the radio WR routing device 1 of a radio connection between the radio access points, and the user equipment UE 1 transmits the connection success information, the user equipment UE 1 successfully Connect to a wireless access point.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user U1 or the user equipment UE1, but also to collect user connection data, such as the number of connections and connection duration of a specific user or user equipment.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- a method for connecting a wireless access point at a network device end includes step S31, step S32, and step S33.
- step S31 the network device receives, by the corresponding wireless routing device, connection authentication information about the user equipment requesting the connection target wireless access point, where the connection authentication information is generated by the user equipment; in step S32, The network device performs connection authentication on the connection authentication information; in step S33, the network device returns corresponding authentication result information to the wireless routing device.
- the wireless routing device After receiving the connection request of the user equipment, the wireless routing device sends the connection request to the corresponding network device, where the wireless connection request includes connection authentication information generated locally by the user equipment; and the network device is based on the connection authentication information.
- the connection request is connected for authentication, and then the authentication success or the authentication failure is returned to the wireless routing device.
- the wireless routing device can establish a wireless connection with the user equipment.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user U 1 selects the wireless access point icon provided by the wireless routing device WR on the touch screen of the user equipment UE 1 and clicks the “Connect” button to trigger the connection instruction.
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, and the user equipment UE 1 detects the connection instruction. after generated locally, a connection request for connection authentication, the authentication request is sent to the user equipment UE 1 is connected with appropriate permissions, or corresponding user U 1 have the appropriate permissions.
- the wireless routing device WR After receiving the connection request, the wireless routing device WR forwards the connection request to the corresponding authentication server, and the authentication server authenticates the connection authentication information, and checks whether the user equipment UE 1 or the user U 1 has the corresponding authority; when the connection request passes the connection authentication, the wireless connection is performed.
- WR routing device returns "authentication success”message; wireless routing device establishes a user equipment UE and the radio WR routing device 1 of a radio connection between the radio access points, and the user equipment UE 1 transmits the connection success information, the user equipment UE 1 successfully Connect to a wireless access point.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user U1 or the user equipment UE1, but also to collect user connection data, such as the number of connections and connection duration of a specific user or user equipment.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- the connection authentication information includes service data information that the user equipment communicates with the wireless access point, and additional identification information generated based on the service data information; in step S32, the network device according to the service
- the data information and the additional identification information are connected and authenticated to the connection authentication information.
- the service data information between the user equipment and the wireless access point can be used not only to authenticate the rights of the user or the user equipment, but also to conveniently count the user connection data, such as the number of connections and connection duration of a specific user or user equipment, etc.; with additional identification information
- the connection authentication information can identify the connection request from the illegal device, further enhancing the security of the system.
- the user U 1 holds a user equipment (eg, a mobile phone) UE 1 , and the user equipment UE 1 can serve as a wireless network terminal; the user equipment UE 1 detects a wireless access point signal provided by the wireless routing device WR.
- a wireless connection application for connecting to the wireless access point is installed in the user equipment UE 1 .
- the user equipment UE 1 After detecting the connection instruction, the user equipment UE 1 sends a connection request to the wireless routing device WR, the wireless connection request is based on the unified authentication user name “wifimasterkey”, and includes connection authentication information, where the connection authentication information includes the user equipment and the wireless
- the wireless connection application obtains service data information, where the service data information may include a communication protocol used by the current wireless connection application, an application version of the current wireless connection application, a user equipment number uniquely allocated by the wireless connection application to the user equipment, and a trigger connection instruction.
- System time information of the user equipment after obtaining the service data information, processing all or part of the service data information according to a previously agreed algorithm, for example, performing operations such as encryption, shifting, hashing, etc., to obtain additional identification information;
- a previously agreed algorithm for example, performing operations such as encryption, shifting, hashing, etc.
- Each field in the data information and the obtained additional identification information are used as fields in the connection authentication information, and the fields are separated by special symbols.
- the wireless routing device or the authentication server After receiving the connection request, the wireless routing device or the authentication server first generates additional identification information based on the same algorithm based on the service data information, and compares it with the additional identification information in the connection request.
- the wireless connection between the wireless access points provided by the user equipment UE 1 and the wireless routing device WR is established, and the connection success information is sent to the user equipment UE 1 , and the user equipment UE 1 successfully connects to the wireless access point.
- the authentication operation is to send the connection request to the authentication server, and determine whether the authentication succeeds or fails according to the information returned by the authentication server; or it may be completed locally in the wireless routing device WR.
- the communication protocol version used by the wireless connection application is "1.0"
- the application version is "2.0”
- the user equipment number is “1234567890abcdef”
- the system time information is "20100312051730200” (system time accurate to milliseconds).
- the service data information is obtained by performing a preset operation according to the service data information, and obtaining the additional identification information “qwerasdf”, which is used together with the service data information as the content of the connection authentication information, and the connection authentication information is: “ 1.0; 2.0; 1234567890abcdef; 20100312051730200; qwerasdf”.
- the authentication server After receiving the connection request and obtaining the connection authentication information, the authentication server determines the meaning of each field in the connection authentication information according to the communication protocol version information “1.0”, according to the service data information part “1.0; 2.0; 1234567890abcdef; 20100312051730200” according to the same The algorithm generates additional identification information and compares it with "qwerasdf”. If it is inconsistent, it returns the authentication failure information; if it is consistent, it determines whether the corresponding user equipment has the right to connect to the wireless routing device WR according to the user equipment number "1234567890abcdef", if any, Returns the message "Authentication Successful" to the wireless routing device.
- the service data information may also be base64 encoded in advance.
- the authentication success or authentication failure message may be based on the RADIUS protocol. For example, the authentication succeeds in returning "Access-Accept", and the authentication failure returns "Access-Reject".
- the network device in the present application may further include a transit server and an authentication server, where the wireless connection request sent by the user equipment is sent to the wireless routing device, and the wireless routing device transmits the connection authentication information in the connection request via the relay.
- the server sends the authentication result to the authentication server. After the connection authentication operation is performed on the connection authentication information, the returned authentication result information is also sent to the wireless routing device via the relay server.
- the transit server may be multiple in series or in parallel, and the wireless connection request sent by the wireless routing device or the authentication password information therein may also be transferred to the authentication server after multiple times of transfer.
- the transit server can be used to perform statistics on the service data communicated between the user equipment and the wireless routing device, for example, by counting the service data information included in the connection authentication information in the connection request.
- an apparatus for connecting a wireless access point at a user equipment end comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection request includes connection authentication information generated by the user equipment, based on an operation of the user connecting the target wireless access point in the application of the user equipment .
- a wireless connection request is generated according to a connection operation of the user in a wireless connection application installed on the user equipment, and the wireless connection request includes connection authentication information for performing authentication, and the connection authentication information is that the user equipment is locally Generating the connection request to the target wireless access point, and the target wireless access point corresponds to a wireless routing device, for example, the target wireless access point is provided by the wireless routing device;
- an apparatus for connecting a wireless access point at a wireless routing device end comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection request includes connection authentication information generated by the user equipment.
- a wireless connection request is generated according to a connection operation of the user in a wireless connection application installed on the user equipment, and the wireless connection request includes connection authentication information for performing authentication, and the connection authentication information is that the user equipment is locally Generating the connection request to the target wireless access point, and the target wireless access point corresponds to a wireless routing device, for example, the target wireless access point is provided by the wireless routing device;
- connection request When the connection request is authenticated by the connection, the connection request is accepted and the connection success information is returned to the user equipment.
- an apparatus for connecting a wireless access point at a network device end comprising:
- a memory arranged to store computer executable instructions that, when executed, cause the processor to execute:
- connection authentication information about the user equipment requesting to connect to the target wireless access point, where the connection authentication information is generated by the user equipment
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection request includes connection authentication information generated by the user equipment, based on an operation of the user connecting the target wireless access point in the application of the user equipment ;
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection request sent by the user equipment about the target wireless access point, where the connection request includes connection authentication information generated by the user equipment
- connection request When the connection request is authenticated by the connection, the connection request is accepted and the connection success information is returned to the user equipment.
- a computer readable medium comprising instructions that, when executed, cause a system to:
- connection authentication information about the user equipment requesting the connection target wireless access point, where the connection authentication information is generated by the user equipment
- the present application can be implemented in software and/or a combination of software and hardware, for example, using an application specific integrated circuit (ASIC), a general purpose computer, or any other similar hardware device.
- the software program of the present application can be executed by a processor to implement the steps or functions described above.
- the software programs (including related data structures) of the present application can be stored in a computer readable recording medium such as a RAM memory, a magnetic or optical drive or a floppy disk and the like.
- some of the steps or functions of the present application may be implemented in hardware, for example, as a circuit that cooperates with a processor to perform various steps or functions.
- a portion of the present application can be applied as a computer program product, such as computer program instructions, which, when executed by a computer, can invoke or provide a method and/or technical solution in accordance with the present application.
- the form of computer program instructions in a computer readable medium includes, but is not limited to, source files, executable files, installation package files, etc., accordingly, the manner in which the computer program instructions are executed by the computer includes but not Limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installation. program.
- the computer readable medium can be any available computer readable storage medium or communication medium that can be accessed by a computer.
- Communication media includes media that can be transferred from one system to another by communication signals including, for example, computer readable instructions, data structures, program modules or other data.
- Communication media can include conductive transmission media such as cables and wires (eg, fiber optics, coaxial, etc.) and wireless (unguided transmission) media capable of propagating energy waves, such as acoustic, electromagnetic, RF, microwave, and infrared.
- Computer readable instructions, data structures, program modules or other data may be embodied, for example, as modulated data signals in a wireless medium, such as a carrier wave or a similar mechanism, such as embodied in a portion of a spread spectrum technique.
- modulated data signal refers to a signal whose one or more features are altered or set in such a manner as to encode information in the signal. Modulation can be analog, digital or hybrid modulation techniques.
- the computer readable storage medium may comprise, by way of example and not limitation, vols and non-volatile, implemented in any method or technology for storing information such as computer readable instructions, data structures, program modules or other data.
- a computer readable storage medium includes, but is not limited to, volatile memory such as random access memory (RAM, DRAM, SRAM); and nonvolatile memory such as flash memory, various read only memories (ROM, PROM, EPROM) , EEPROM), magnetic and ferromagnetic/ferroelectric memories (MRAM, FeRAM); and magnetic and optical storage devices (hard disks, tapes, CDs, DVDs); or other currently known media or later developed for storage in computer systems Computer readable information/data used.
- volatile memory such as random access memory (RAM, DRAM, SRAM)
- nonvolatile memory such as flash memory, various read only memories (ROM, PROM, EPROM) , EEPROM), magnetic and ferromagnetic/ferroelectric memories (MRAM, FeRAM); and magnetic and optical storage devices (hard disk
- an embodiment in accordance with the present application includes a device including a memory for storing computer program instructions and a processor for executing program instructions, wherein when the computer program instructions are executed by the processor, triggering
- the apparatus operates based on the aforementioned methods and/or technical solutions in accordance with various embodiments of the present application.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
本申请的目的之一是提供一种用于连接无线接入点的方法,该方法包括:基于用户在用户设备的应用中连接目标无线接入点的操作,所述用户设备向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;所述用户设备接收所述无线路由设备在所述连接请求通过连接认证后发送的连接成功信息。本申请能简化连接无线设备和无线接入点的操作过程,提高用户设备及无线网络的安全性。
Description
本申请涉及通信领域,尤其涉及一种用于连接无线接入点的技术。
无线设备接入无线网络时,为保证无线链路的安全,需要完成对无线设备的认证,只有通过认证后,才能进入后续的关联阶段。通常,链路的认证有两种机制(例如IEEE 802.11链路):开放系统认证和预共享密钥(网络密码)认证。
其中,若采用网络密码认证,无线路由器后台设置有固定的网络密码,待认证设备用相同的网络密码进行连接,并且连接过程中通常需要手动输入预设的网络密码,不仅连接过程繁琐、容易出错,一旦密码泄露,其他用户也可根据该密码连接无线路由器,无法有效控制接入的设备;经常修改密码可有效降低密码泄露的风险,但是一旦路由器修改网络密码,之前连接过的设备均相应地需重新设置密码才能继续访问无线网络,同样比较繁琐,用户定期修改密码的积极性不高。
而若采用无密码连接的方式,虽然无线设备扫描到无线路由器的SSID后即可连接,但是后续仍需基于需求进行接入认证,认证过程通过网页输入信息的交互方式进行,使用门槛较高,连接转换率较低。
发明内容
本申请的一个目的是提供一种用于连接无线接入点的技术。
根据本申请的一个方面,提供了一种在用户设备端用于连接无线接入点的方法,该方法包括:
基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
接收所述无线路由设备在所述连接请求通过连接认证后发送的连接 成功信息。
根据本申请的另一个方面,提供了一种在无线路由设备端用于连接无线接入点的方法,该方法包括:
接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
根据所述连接认证信息对所述连接请求进行连接认证;
当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
根据本申请的又一个方面,提供了一种在网络设备端用于连接无线接入点的方法,该方法包括:
接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;
对所述连接认证信息进行连接认证;
将对应的认证结果信息返回至所述无线路由设备。
根据本申请的再一个方面,提供了一种用于连接无线接入点的方法,该方法包括:
基于用户在用户设备的应用中连接目标无线接入点的操作,所述用户设备向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
所述无线路由设备接收所述连接请求,根据所述连接认证信息对所述连接请求进行连接认证,当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息;
所述用户设备接收所述连接成功信息。
根据本申请的一个方面,提供了一种用于连接无线接入点的设备,该设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目 标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
接收所述无线路由设备在所述连接请求通过连接认证后发送的连接成功信息。
根据本申请的另一个方面,提供了一种用于连接无线接入点的无线路由设备,该无线路由设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
根据所述连接认证信息对所述连接请求进行连接认证;
当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
根据本申请的又一个方面,提供了一种用于连接无线接入点的网络设备,该网络设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;
对所述连接认证信息进行连接认证;
将对应的认证结果信息返回至所述无线路由设备。
根据本申请的一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
接收所述无线路由设备在所述连接请求通过连接认证后发送的连接 成功信息。
根据本申请的另一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
根据所述连接认证信息对所述连接请求进行连接认证;
当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
根据本申请的又一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;
对所述连接认证信息进行连接认证;
将对应的认证结果信息返回至所述无线路由设备。
与现有技术相比,本申请至少具有以下有益效果:
1)简化连接无线设备和无线接入点的操作过程,无需手动输入密码;并且由于认证过程发生在网络设备(例如服务器)端,可随时连接不同的无线接入点,而无需获取每个无线接入点各自的密码;
2)大大降低网络密码泄露的可能性,阻止非法用户通过重放攻击连接无线接入点,从而提高用户设备及无线网络的安全性;
3)基于网络设备(例如服务器)的连接认证便于定制针对不同用户设备的控制策略(例如连接时长、流量等),实现对用户设备的精准识别及控制,并且能够方便地统计各用户设备的业务数据。
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:
图1示出根据本申请一个实施例的一种用于连接无线接入点的系统拓扑图;
图2示出根据本申请一个实施例的一种在用户设备端用于连接无线接入点的方法流程图;
图3示出图2中其中一个步骤的子步骤流程图;
图4示出根据本申请另一个实施例的一种在无线路由设备端用于连接无线接入点的方法流程图;
图5示出根据本申请又一个实施例的一种在网络设备端用于连接无线接入点的方法流程图;
图6示出根据本申请一个实施例的一种用于连接无线接入点的方法流程图;
图7示出根据本申请另一个实施例的一种用于连接无线接入点的系统拓扑图;
附图中相同或相似的附图标记代表相同或相似的部件。
下面结合附图对本申请作进一步详细描述。
在本申请一个典型的配置中,终端、服务网络的设备和可信方均包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。
本申请所指设备包括但不限于用户设备、网络设备、或用户设备与网络设备通过网络相集成所构成的设备。所述用户设备包括但不限于任何一种可与用户进行人机交互(例如通过触摸板进行人机交互)的移动电子产品,例如智能手机、平板电脑等,所述移动电子产品可以采用任意操作系统,如android操作系统、iOS操作系统等。其中,所述网络设备包括一种能够按照事先设定或存储的指令,自动进行数值计算和信息处理的电子设备,其硬件包括但不限于微处理器、专用集成电路(ASIC)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、数字信号处理器(DSP)、嵌入式设备等。所述网络设备包括但不限于计算机、网络主机、单个网络服务器、多个网络服务器集或多个服务器构成的云;在此,云由基于云计算(Cloud Computing)的大量计算机或网络服务器构成,其中,云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个虚拟超级计算机。所述网络包括但不限于互联网、广域网、城域网、局域网、VPN网络、无线自组织网络(Ad Hoc网络)等。优选地,所述设备还可以是运行于所述用户设备、网络设备、或用户设备与网络设备、网络设备、触摸终端或网络设备与触摸终端通过网络相集成所构成的设备上的程序。
当然,本领域技术人员应能理解上述设备仅为举例,其他现有的或今后可能出现的设备如可适用于本申请,也应包含在本申请保护范围以内,并在此以引用方式包含于此。
在本申请的描述中,“多个”的含义是两个或者更多,除非另有明确具体的限定。
图1示出本申请一个典型应用场景,用户设备生成、并向无线路由设备发送包含连接认证信息的连接请求,在所述连接请求通过连接认证后,用户设备连接至无线路由设备,并接收无线路由设备所发送的连接成功信息。其中,用于进行连接认证的连接认证信息也是用户设备生成的。对连接请求的连接认证可以由无线路由设备完成;也可以由无线路由设备发送至对应网络设备,由网络设备完成。
图2示出了根据本申请一个方面的一种在用户设备端用于连接无线接入点的方法,该方法包括步骤S11和步骤S12。在步骤S11中,用户设备 基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;在步骤S12中,接收所述无线路由设备在所述连接请求通过连接认证后发送的连接成功信息。
具体而言,在步骤S11中,基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息。用于进行连接认证的连接认证信息是在用户设备本地生成的。例如,无线连接应用安装于用户所操作的用户设备上,通过该无线连接应用,用户可在其用户设备与欲连接的目标无线接入点之间建立无线连接;根据用户在无线连接应用中的连接操作,生成无线连接请求,该无线连接请求基于统一的认证用户名,并包含了用于对用户设备或用户身份进行认证的连接认证信息,而该连接认证信息则是在用户设备本地生成的,其可基于用户身份信息、用户设备标识信息、用户设备序列号等生成;将该连接请求发送至目标无线接入点,而该目标无线接入点对应一无线路由设备,例如无线路由设备提供目标无线接入点的无线信号,用户设备探测到该无线信号后可与目标无线接入点通信。连接认证信息在用户设备本地生成,而无需用户设备事先向网络设备请求该连接认证信息,可提高连接操作效率,并且由于减少了中间环节,大大减少了连接认证信息被非法用户截获的可能,且便于对连接认证信息的合法性进行鉴别,从而提高了系统安全性。
随后,在步骤S12中,用户设备接收无线路由设备发送的连接成功信息;其中,连接成功信息是在无线路由设备根据用户设备发送的连接请求通过连接认证之后发送的,例如根据无线连接请求中所包含的连接认证信息进行认证。认证的过程可以是将用户设备所发送的连接请求或连接认证信息发送至对应的网络设备,例如认证服务器,根据网络设备返回的信息判断认证成功或失败;也可以是在无线路由设备本地完成的,例如无线路由设备根据无线连接请求中所包含的连接认证信息,对用户设备进行认证。当用户设备认证成功,建立用户设备与无线接入点之间的无线连接,并向用户设备发送连接成功信息。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,由用户设备UE
1在检测到连接指令后在本地生成,用于对连接请求进行连接认证,鉴别发出连接请求的用户设备UE
1是否具有相应权限,或对应的用户U
1是否具有相应权限。无线路由设备WR或认证服务器接收该连接请求或其中的连接认证信息后,对连接认证信息进行认证,检查用户设备UE
1或用户U
1是否具有相应的权限;当连接请求通过连接认证,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将连接认证信息发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户U1或用户设备UE1的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
优选地,参考图3,步骤S11还包括子步骤S11a和子步骤S11b。在子步骤S11a中,当获取到用户在用户设备的应用中连接目标无线接入点的操作,所述用户设备基于其与所述目标无线接入点通信的业务数据信息生成连接认证信息;在子步骤S11b中,所述用户设备向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述连接认证信息。例如,用户设备检测用户在无线连接应用中连接目标无线接入点的操作,其中,无线连接应用安装于用户设备上;当获取到用户的连接操作,根据用户在无线连接应用中的连接操作,生成无线连接请求,该 无线连接请求基于统一的认证用户名,并包含了用于对用户设备或用户身份进行认证的连接认证信息,而该连接认证信息则是基于用户设备与无线接入点之间通信过程中的业务数据生成的,如用户设备标识信息、无线路由设备的标识信息(例如MAC地址)、用户进行连接操作的系统时间、无线连接应用当前所用通信协议版本和/或无线连接应用当前的版本信息等;将该连接请求发送至目标无线接入点,用于基于上述连接认证信息进行连接认证,而该目标无线接入点对应一无线路由设备,例如目标无线接入点由该无线路由设备提供。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户或用户设备的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,其中,连接认证信息包括当前无线连接应用所采用的通信协议、当前无线连接应用的应用版本、无线连接应用为用户设备唯一分配的用户设备号、触发连接指令时用户设备的系统时间信息,各字段通过特殊符号连接。无线路由设备WR或认证服务器接收该连接请求或其中的连接认证信息后,对连接认证信息进行认证,检查该用户设备号所对应的用户设备UE
1是否具有相应的权限;当连接请求通过连接认证,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将用户设备UE
1对应的用户设备号发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。例如,一条连接认证信息的内容为“1.0;2.0;1234567890abcdef;20100312051730200”,其中通信协议版本为“1.0”,应用版本为“2.0”,用户设备号为“1234567890abcdef”, 系统时间信息为“20100312051730200”(精确到毫秒的系统时间),各字段通过“;”连接并相互隔开;认证服务器收到连接请求并获取该条连接认证信息后,根据通信协议版本信息“1.0”确定连接认证信息中各字段的含义,再根据用户设备号“1234567890abcdef”判断对应的用户设备是否具有连接无线路由设备WR的权限,若有,向无线路由设备返回“认证成功”的信息。为去除连接认证信息中的特殊字符,还可事先对业务数据信息进行base64编码。
优选地,所述连接认证信息包括所述业务数据信息,以及基于所述业务数据信息生成的附加识别信息是指,用户设备在本地生成的连接认证信息,不仅包含用户设备和无线路由设备通信的业务数据信息,还包括基于该业务数据信息和预设算法进一步生成的附加识别信息。其中,由于附加识别信息是基于应用预设算法生成的,当无线路由设备或验证服务器基于相同的算法能够生成与连接请求中相同的附加识别信息,则可判定连接请求是由合法设备发出的,可进行进一步的连接认证操作,否则,很有可能是非法设备伪造的连接认证信息,例如通过劫持合法设备发出的连接请求,可直接拒绝该连接请求。带有附加识别信息的连接认证信息可识别非法设备发出的连接请求,进一步增强系统的安全性。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,其中,连接认证信息包括用户设备和无线路由设备通信的业务数据信息,以及基于该业务数据信息和预设算法生成的附加识别信息。首先,无线连接应用获取业务数据信息,业务数据信息可包括当前无线连接应用所采用的通信协议、当前无线连接应用的应用版本、无线连接应用为用户设备唯一分配的用户设备号和触发连接指令时用户设备的系统时间信息;获取业务数据信息后,再 根据事先约定的算法,对业务数据信息的全部或其中一部分进行处理,例如进行加密、移位、散列等操作,获得附加识别信息;将业务数据信息中各字段和获得的附加识别信息作为连接认证信息中的字段,各字段通过特殊符号隔开。无线路由设备或认证服务器接收该连接请求后,首先根据业务数据信息基于相同的算法生成附加识别信息,与连接请求中的附加识别信息比对。若不一致,直接返回认证失败信息;若比对一致,对用户设备号进行认证,检查该用户设备号所对应的用户设备UE
1是否具有相应的权限;当连接请求通过连接认证,返回认证成功信息,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将用户设备UE
1对应的用户设备号发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。例如,无线连接应用所用通信协议版本为“1.0”,应用版本为“2.0”,用户设备号为“1234567890abcdef”,系统时间信息为“20100312051730200”(精确到毫秒的系统时间)。根据这些信息,业务数据信息为,根据该业务数据信息进行预设的操作,获得附加识别信息“qwerasdf”,将其与业务数据信息一起作为连接认证信息的内容,此时连接认证信息为:“1.0;2.0;1234567890abcdef;20100312051730200;qwerasdf”。认证服务器收到连接请求并获取该条连接认证信息后,根据通信协议版本信息“1.0”确定连接认证信息中各字段的含义,根据业务数据信息部分“1.0;2.0;1234567890abcdef;20100312051730200”根据相同的算法生成附加识别信息,与“qwerasdf”比对,若不一致,返回认证失败信息;若一致,再根据用户设备号“1234567890abcdef”判断对应的用户设备是否具有连接无线路由设备WR的权限,若有,向无线路由设备返回“认证成功”的信息。为去除连接认证信息中的特殊字符,还可事先对业务数据信息进行base64编码。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
优选地,子步骤S11a还包括子步骤S11a1(未示出)和子步骤s11a2 (未示出)。在子步骤S11a1(未示出)中,当获取到用户在用户设备的应用中连接目标无线接入点的操作,用户设备对所述用户设备与所述目标无线接入点通信的业务数据信息进行预处理,从而获得附加识别信息;在子步骤S11a2(未示出)中,所述用户设备生成连接认证信息,其中,所述连接认证信息包括所述业务数据信息以及所述附加识别信息。例如,用户设备检测用户在无线连接应用中连接目标无线接入点的操作,其中,无线连接应用安装于用户设备上;当获取到用户的连接操作,根据用户在无线连接应用中的连接操作,生成无线连接请求,该无线连接请求基于统一的认证用户名,并包含了用于对用户设备或用户身份进行认证的连接认证信息,以及基于该连接认证信息生成的附加识别信息。该连接认证信息则是基于用户设备与无线接入点之间通信过程中的业务数据生成的,如用户设备标识信息、无线路由设备的标识信息(例如MAC地址)、用户进行连接操作的系统时间、无线连接应用当前所用通信协议版本和/或无线连接应用当前的版本信息等;将该连接请求发送至目标无线接入点,用于基于上述连接认证信息进行连接认证,而该目标无线接入点对应一无线路由设备,例如目标无线接入点由该无线路由设备提供。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户或用户设备的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,其中,连接认证信息包括用户设备和无线路由设备通信的业务数据信息,以及基于该业务数据信息和预设算法生成的附加识别信息。首先,无线连接应用获取业务数据信息,业务数据信息可包括当前无线连接应用所采用的通信协议、当前无线连接应用的应用版本、无线连接应用为用户设备唯一分配的用户设备 号和触发连接指令时用户设备的系统时间信息;获取业务数据信息后,再根据事先约定的算法,对业务数据信息全部或其中一部分进行处理,例如进行加密、移位、散列等操作,获得附加识别信息;将业务数据信息中各字段和获得的附加识别信息作为连接认证信息中的字段,各字段通过特殊符号隔开。无线路由设备或认证服务器接收该连接请求后,首先根据业务数据信息基于相同的算法生成附加识别信息,与连接请求中的附加识别信息比对。若不一致,直接返回认证失败信息;若比对一致,根据用户设备号进行认证,检查该用户设备号所对应的用户设备UE
1是否具有相应的权限;当连接请求通过连接认证,返回认证成功信息,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将连接请求或连接认证信息发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。例如,无线连接应用所用通信协议版本为“1.0”,应用版本为“2.0”,用户设备号为“1234567890abcdef”,系统时间信息为“20100312051730200”(精确到毫秒的系统时间)。根据这些信息,业务数据信息为,根据该业务数据信息进行预设的操作,获得附加识别信息“qwerasdf”,将其与业务数据信息一起作为连接认证信息的内容,此时连接认证信息为:“1.0;2.0;1234567890abcdef;20100312051730200;qwerasdf”。认证服务器收到连接请求并获取该条连接认证信息后,根据通信协议版本信息“1.0”确定连接认证信息中各字段的含义,根据业务数据信息部分“1.0;2.0;1234567890abcdef;20100312051730200”根据相同的算法生成附加识别信息,与“qwerasdf”比对,若不一致,返回认证失败信息;若一致,再根据用户设备号“1234567890abcdef”判断对应的用户设备是否具有连接无线路由设备WR的权限,若有,向无线路由设备返回“认证成功”的信息。为去除连接认证信息中的特殊字符,还可事先对业务数据信息进行base64编码。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
优选地,子步骤S11a1(未示出)中的预处理包括以下至少任意一项:1)散列处理;2)加密处理。例如,在根据业务数据信息生成附加识别信息时,可以是通过散列函数计算后获得,可以是通过加密算法加密后获得,也可以是通过散列函数计算、加密算法加密的组合获得的。当然,在此基础上也可结合其他数据处理方式,例如移位、取反、异或等。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,其中,连接认证信息包括用户设备和无线路由设备通信的业务数据信息,以及基于该业务数据信息和预设算法生成的附加识别信息。首先,无线连接应用获取业务数据信息,业务数据信息可包括当前无线连接应用所采用的通信协议、当前无线连接应用的应用版本、无线连接应用为用户设备唯一分配的用户设备号和触发连接指令时用户设备的系统时间信息;获取业务数据信息后,再根据事先约定的算法,对业务数据信息全部或其中一部分进行处理,例如进行加密、移位、散列等操作,获得附加识别信息;将业务数据信息中各字段和获得的附加识别信息作为连接认证信息中的字段,各字段通过特殊符号隔开。无线路由设备或认证服务器接收该连接请求后,首先根据业务数据信息基于相同的算法生成附加识别信息,与连接请求中的附加识别信息比对。若不一致,直接返回认证失败信息;若比对一致,根据用户设备号进行认证,检查该用户设备号所对应的用户设备UE
1是否具有相应的权限;当连接请求通过连接认证,返回认证成功信息,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将连接请求或连接认证信息发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。 例如,无线连接应用所用通信协议版本为“1.0”,应用版本为“2.0”,用户设备号为“1234567890abcdef”,系统时间信息为“20100312051730200”(精确到毫秒的系统时间)。根据这些信息,业务数据信息为,根据该业务数据信息进行预设的操作,获得附加识别信息“qwerasdf”,将其与业务数据信息一起作为连接认证信息的内容,此时连接认证信息为:“1.0;2.0;1234567890abcdef;20100312051730200;qwerasdf”。认证服务器收到连接请求并获取该条连接认证信息后,根据通信协议版本信息“1.0”确定连接认证信息中各字段的含义,根据业务数据信息部分“1.0;2.0;1234567890abcdef;20100312051730200”根据相同的算法生成附加识别信息,与“qwerasdf”比对,若不一致,返回认证失败信息;若一致,再根据用户设备号“1234567890abcdef”判断对应的用户设备是否具有连接无线路由设备WR的权限,若有,向无线路由设备返回“认证成功”的信息。为去除连接认证信息中的特殊字符,还可事先对业务数据信息进行base64编码。为进一步提高安全性,附加识别信息可进行多次数据处理,例如多次加密和/或散列。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
当然,本领域技术人员应能理解上述数据处理方式仅为举例,其他现有的或今后可能出现的数据处理方式如可适用于本申请,也应包含在本申请保护范围以内,并在此以引用方式包含于此。
优选地,所述业务数据信息包括以下至少任意一项:1)所述用户设备的用户设备标识信息;2)所述无线路由设备的路由设备标识信息;3)所述连接目标无线接入点的操作对应的时间信息;4)所述用户设备与所述无线接入点通信的协议版本信息;5)所述用户在所述应用中的用户标识信息。其中,对用户设备或用户身份的认证可通过用户设备标识信息(例如用户设备号)或用户标识信息(例如用户在应用中的用户名及密码)进行;连接目标无线接入点的操作对应的时间信息可用于阻止恶意用户的重放攻击,其中,该时间信息可以是系统实际时间信息,也可以是时间戳信息;在通信协议版本信息有利于实现多样化的产品结构。
其中,通过时间信息阻止重放攻击,可以是判断相同的消息是否已经被接收过,若是,则判定无线连接请求是重放消息,拒绝该无线连接请求;也可以是在服务器端、客户端各产生一时间信息,当两个时间之差在一时间阈值内,判定无线连接请求有效,不是重放消息。
图4示出了根据本申请另一个方面的一种在无线路由设备端用于连接无线接入点的方法,该方法包括步骤S21、步骤S22和步骤S23。在步骤S21中,无线路由设备接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;在步骤S22中,无线路由设备根据所述连接认证信息对所述连接请求进行连接认证;在步骤S23中,当所述连接请求通过连接认证,无线路由设备接受所述连接请求并向所述用户设备返回连接成功信息。
具体而言,在步骤S21中,无线路由设备接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息。例如,无线连接应用安装于用户所操作的用户设备上,通过该无线连接应用,用户可在其用户设备与欲连接的目标无线接入点之间建立无线连接;根据用户在无线连接应用中的连接操作,生成无线连接请求,该无线连接请求基于统一的认证用户名,并包含了用于对用户设备或用户身份进行认证的连接认证信息,而该连接认证信息则是在用户设备本地生成的,其可基于用户身份信息、用户设备标识信息、用户设备序列号等生成;将该连接请求发送至目标无线接入点,而该目标无线接入点对应一无线路由设备,例如无线路由设备提供目标无线接入点的无线信号,用户设备探测到该无线信号后可与目标无线接入点通信。连接认证信息在用户设备本地生成,而无需用户设备事先向网络设备请求该连接认证信息,可提高连接操作效率,并且由于减少了中间环节,大大减少了连接认证信息被非法用户截获的可能,且便于对连接认证信息的合法性进行鉴别,从而提高了系统安全性。
随后,在步骤S22中,无线路由设备根据所述连接认证信息对所述连接请求进行连接认证。例如,将用户设备所发送的连接请求发送至对应的网络设备,例如认证服务器,根据网络设备返回的信息判断认证成功或失 败;也可以是在无线路由设备本地完成的,例如无线路由设备根据无线连接请求中所包含的连接认证信息,对用户设备或用户身份进行认证。
最后,在步骤S23中,当所述连接请求通过连接认证,无线路由设备接受所述连接请求并向所述用户设备返回连接成功信息。例如,若将用户设备发送的连接请求发送至对应网络设备进行连接认证,当网络设备返回“认证成功”信息,则无线路由设备接受用户设备的连接请求,建立目标无线接入点和用户设备之间的无线连接,并向用户设备返回“连接成功”信息;或者,若无线路由设备在本地对无线连接请求进行连接认证,例如根据其中的连接认证信息进行认证,在认证成功后,建立标无线接入点和用户设备之间的无线连接,并向用户设备返回“连接成功”信息。用户设备可将该“连接成功”信息呈现给其用户。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,由用户设备UE
1在检测到连接指令后在本地生成,用于对连接请求进行连接认证,鉴别发出连接请求的用户设备UE
1是否具有相应权限,或对应的用户U
1是否具有相应权限。无线路由设备WR或认证服务器接收该连接请求或其中的连接认证信息后,对连接认证信息进行认证,检查用户设备UE
1或用户U
1是否具有相应的权限;当连接请求通过连接认证,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作可以是将连接请求或连接认证信息发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户U1或用户设备UE1的权限,也便于统计用户连接数据,例如特定用户或用户设备的 连接次数和连接时长等。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
优选地,在步骤S22中,无线路由设备将所述连接请求发送至对应网络设备,由网络进行连接认证。无线路由设备首先向对应的网络设备发送连接认证信息,再接收网络设备关于该连接认证信息返回的认证结果信息。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,由用户设备UE
1在检测到连接指令后在本地生成,用于对连接请求进行连接认证,鉴别发出连接请求的用户设备UE
1是否具有相应权限,或对应的用户U
1是否具有相应权限。无线路由设备WR接收该连接请求后,转发给对应的认证服务器,认证服务器对连接认证信息进行认证,检查用户设备UE
1或用户U
1是否具有相应的权限;当连接请求通过连接认证,向无线路由设备WR返回“认证成功”信息;无线路由设备建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户U1或用户设备UE1的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
参考图5和图6,根据本申请又一个方面,提供了一种在网络设备端用于连接无线接入点的方法,该方法包括步骤S31、步骤S32和步骤S33。在步骤S31中,网络设备接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述 用户设备生成的;在步骤S32中,网络设备对所述连接认证信息进行连接认证;在步骤S33中,网络设备将对应的认证结果信息返回至所述无线路由设备。例如,无线路由设备在接收到用户设备的连接请求后,将该连接请求发送给对应的网络设备,其中该无线连接请求包含用户设备在本地生成的连接认证信息;网络设备基于该连接认证信息对连接请求进行连接认证,再向无线路由设备返回认证成功或认证失败。当网络设备向无线路由设备返回认证成功,无线路由设备即可建立其与用户设备间的无线连接。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,由用户设备UE
1在检测到连接指令后在本地生成,用于对连接请求进行连接认证,鉴别发出连接请求的用户设备UE
1是否具有相应权限,或对应的用户U
1是否具有相应权限。无线路由设备WR接收该连接请求后,转发给对应的认证服务器,认证服务器对连接认证信息进行认证,检查用户设备UE
1或用户U
1是否具有相应的权限;当连接请求通过连接认证,向无线路由设备WR返回“认证成功”信息;无线路由设备建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户U1或用户设备UE1的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
优选地,所述连接认证信息包括所述用户设备与所述无线接入点通信的业务数据信息,以及基于所述业务数据信息生成的附加识别信息;在步骤S32中,网络设备根据所述业务数据信息和所述附加识别信息,对所述 连接认证信息进行连接认证。用户设备和无线接入点之间的业务数据信息不仅可用于鉴别用户或用户设备的权限,也便于统计用户连接数据,例如特定用户或用户设备的连接次数和连接时长等;带有附加识别信息的连接认证信息可识别非法设备发出的连接请求,进一步增强系统的安全性。
例如,用户U
1持有用户设备(如,手机)UE
1,用户设备UE
1可作为无线网络终端;用户设备UE
1探测到周围由无线路由设备WR提供的无线接入点信号。用户设备UE
1中安装有用于连接无线接入点的无线连接应用。用户U
1在用户设备UE
1的触摸屏上选中无线路由设备WR提供的无线接入点的图标,点击“连接”按钮触发连接指令。用户设备UE
1检测到该连接指令后,向无线路由设备WR发送连接请求,该无线连接请求基于统一的认证用户名“wifimasterkey”,并包含连接认证信息,其中,连接认证信息包括用户设备和无线路由设备通信的业务数据信息,以及基于该业务数据信息和预设算法生成的附加识别信息。首先,无线连接应用获取业务数据信息,业务数据信息可包括当前无线连接应用所采用的通信协议、当前无线连接应用的应用版本、无线连接应用为用户设备唯一分配的用户设备号和触发连接指令时用户设备的系统时间信息;获取业务数据信息后,再根据事先约定的算法,对业务数据信息全部或其中一部分进行处理,例如进行加密、移位、散列等操作,获得附加识别信息;将业务数据信息中各字段和获得的附加识别信息作为连接认证信息中的字段,各字段通过特殊符号隔开。无线路由设备或认证服务器接收该连接请求后,首先根据业务数据信息基于相同的算法生成附加识别信息,与连接请求中的附加识别信息比对。若不一致,直接返回认证失败信息;若比对一致,根据用户设备号进行认证,检查该用户设备号所对应的用户设备UE
1是否具有相应的权限;当连接请求通过连接认证,返回认证成功信息,建立用户设备UE
1和无线路由设备WR所提供无线接入点间的无线连接,并向用户设备UE
1发送连接成功信息,用户设备UE
1成功连接无线接入点。其中,认证操作是将连接请求发送至认证服务器,根据认证服务器返回的信息判断认证成功或失败;也可以是在无线路由设备WR本地完成的。例如,无线连接应用所用通信协议版本为“1.0”,应用版本为“2.0”,用户设备号为 “1234567890abcdef”,系统时间信息为“20100312051730200”(精确到毫秒的系统时间)。根据这些信息,业务数据信息为,根据该业务数据信息进行预设的操作,获得附加识别信息“qwerasdf”,将其与业务数据信息一起作为连接认证信息的内容,此时连接认证信息为:“1.0;2.0;1234567890abcdef;20100312051730200;qwerasdf”。认证服务器收到连接请求并获取该条连接认证信息后,根据通信协议版本信息“1.0”确定连接认证信息中各字段的含义,根据业务数据信息部分“1.0;2.0;1234567890abcdef;20100312051730200”根据相同的算法生成附加识别信息,与“qwerasdf”比对,若不一致,返回认证失败信息;若一致,再根据用户设备号“1234567890abcdef”判断对应的用户设备是否具有连接无线路由设备WR的权限,若有,向无线路由设备返回“认证成功”的信息。为去除连接认证信息中的特殊字符,还可事先对业务数据信息进行base64编码。认证服务器进行认证时,返回认证成功或认证失败消息可基于RADIUS协议进行,例如认证成功返回“Access-Accept”,认证失败返回“Access-Reject”。
另外,参考图7,本申请中的网络设备,还可包括中转服务器和认证服务器,其中,用户设备发送的无线连接请求发送至无线路由设备,无线路由设备将连接请求中的连接认证信息经由中转服务器发送至认证服务器;认证服务器对连接认证信息进行连接认证操作后,返回的认证结果信息,也经由中转服务器发送至无线路由设备。其中,中转服务器可为串联或并联的多个,无线路由设备发送的无线连接请求或其中的认证密码信息也可经过多次中转后到达认证服务器。中转服务器可用于对用户设备和无线路由设备之间通信的业务数据进行统计,如通过对连接请求中连接认证信息所包含的业务数据信息进行统计。
根据本申请的一个方面,提供了一种在用户设备端用于连接无线接入点的设备,该设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息。例如,根据用户在安装于用户设备上的无线连接应用中的连接操作,生成无线连接请求,该无线连接请求中包含了用于进行认证的连接认证信息,该连接认证信息则是用户设备在本地生成的;将该连接请求发送至目标无线接入点,而该目标无线接入点对应一无线路由设备,例如目标无线接入点由该无线路由设备提供;
接收所述无线路由设备在所述连接请求通过连接认证后发送的连接成功信息。
根据本申请的另一个方面,提供了一种在无线路由设备端用于连接无线接入点的设备,该设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息。例如,根据用户在安装于用户设备上的无线连接应用中的连接操作,生成无线连接请求,该无线连接请求中包含了用于进行认证的连接认证信息,该连接认证信息则是用户设备在本地生成的;将该连接请求发送至目标无线接入点,而该目标无线接入点对应一无线路由设备,例如目标无线接入点由该无线路由设备提供;
根据所述认证密码信息对所述连接请求进行连接认证;
当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
根据本申请的又一个方面,提供了一种在网络设备端用于连接无线接入点的设备,该设备包括:
处理器;以及
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行:
接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的 连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;
对所述认证密码信息进行连接认证;
将对应的认证结果信息返回至所述无线路由设备。
根据本申请的一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
接收所述无线路由设备在所述连接请求通过连接认证后发送的连接成功信息。
根据本申请的另一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;
根据所述连接认证信息对所述连接请求进行连接认证;
当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
根据本申请的又一个方面,提供了一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行以下操作:
接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;
对所述连接认证信息进行连接认证;
将对应的认证结果信息返回至所述无线路由设备。
需要注意的是,本申请可在软件和/或软件与硬件的组合体中被实施,例如,可采用专用集成电路(ASIC)、通用目的计算机或任何其他类似硬件设备来实现。在一个实施例中,本申请的软件程序可以通过处理器执行以实现上文所述步骤或功能。同样地,本申请的软件程序(包括相关的数据结构)可以被存储到计算机可读记录介质中,例如,RAM存储器,磁或光驱动器或软磁盘及类似设备。另外,本申请的一些步骤或功能可采用 硬件来实现,例如,作为与处理器配合从而执行各个步骤或功能的电路。
另外,本申请的一部分可被应用为计算机程序产品,例如计算机程序指令,当其被计算机执行时,通过该计算机的操作,可以调用或提供根据本申请的方法和/或技术方案。本领域技术人员应能理解,计算机程序指令在计算机可读介质中的存在形式包括但不限于源文件、可执行文件、安装包文件等,相应地,计算机程序指令被计算机执行的方式包括但不限于:该计算机直接执行该指令,或者该计算机编译该指令后再执行对应的编译后程序,或者该计算机读取并执行该指令,或者该计算机读取并安装该指令后再执行对应的安装后程序。在此,计算机可读介质可以是可供计算机访问的任意可用的计算机可读存储介质或通信介质。
通信介质包括藉此包含例如计算机可读指令、数据结构、程序模块或其他数据的通信信号被从一个系统传送到另一系统的介质。通信介质可包括有导的传输介质(诸如电缆和线(例如,光纤、同轴等))和能传播能量波的无线(未有导的传输)介质,诸如声音、电磁、RF、微波和红外。计算机可读指令、数据结构、程序模块或其他数据可被体现为例如无线介质(诸如载波或诸如被体现为扩展频谱技术的一部分的类似机制)中的已调制数据信号。术语“已调制数据信号”指的是其一个或多个特征以在信号中编码信息的方式被更改或设定的信号。调制可以是模拟的、数字的或混合调制技术。
作为示例而非限制,计算机可读存储介质可包括以用于存储诸如计算机可读指令、数据结构、程序模块或其它数据的信息的任何方法或技术实现的易失性和非易失性、可移动和不可移动的介质。例如,计算机可读存储介质包括,但不限于,易失性存储器,诸如随机存储器(RAM,DRAM,SRAM);以及非易失性存储器,诸如闪存、各种只读存储器(ROM,PROM,EPROM,EEPROM)、磁性和铁磁/铁电存储器(MRAM,FeRAM);以及磁性和光学存储设备(硬盘、磁带、CD、DVD);或其它现在已知的介质或今后开发的能够存储供计算机系统使用的计算机可读信息/数据。
在此,根据本申请的一个实施例包括一个装置,该装置包括用于存储计算机程序指令的存储器和用于执行程序指令的处理器,其中,当该计算 机程序指令被该处理器执行时,触发该装置运行基于前述根据本申请的多个实施例的方法和/或技术方案。
对于本领域技术人员而言,显然本申请不限于上述示范性实施例的细节,而且在不背离本申请的精神或基本特征的情况下,能够以其他的具体形式实现本申请。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本申请的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化涵括在本申请内。不应将权利要求中的任何附图标记视为限制所涉及的权利要求。此外,显然“包括”一词不排除其他单元或步骤,单数不排除复数。装置权利要求中陈述的多个单元或装置也可以由一个单元或装置通过软件或者硬件来实现。第一,第二等词语用来表示名称,而并不表示任何特定的顺序。
Claims (18)
- 一种在用户设备端用于连接无线接入点的方法,其中,该方法包括:基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;接收所述无线路由设备在所述连接请求通过认证后发送的连接成功信息。
- 根据权利要求1所述的方法,其中,所述基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息包括:当获取到用户在用户设备的应用中连接目标无线接入点的操作,基于所述用户设备与所述目标无线接入点通信的业务数据信息生成连接认证信息;向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述连接认证信息。
- 根据权利要求1所述的方法,其中,所述连接认证信息包括所述用户设备与所述目标无线接入点通信的业务数据信息,以及基于所述业务数据信息的全部或其中一部分生成的附加识别信息。
- 根据权利要求3所述的方法,其中,所述基于用户在用户设备的应用中连接目标无线接入点的操作,向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息包括:当获取到用户在用户设备的应用中连接目标无线接入点的操作,对所述用户设备与所述目标无线接入点通信的业务数据信息的全部或其中一部分进行预处理,从而获得附加识别信息;生成连接认证信息,其中,所述连接认证信息包括所述业务数据信息以及所述附加识别信息;向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述连接认证信息。
- 根据权利要求4所述的方法,其中,所述当获取到用户在用户设备的应用中连接目标无线接入点的操作,对所述用户设备与所述目标无线接入点 通信的业务数据信息的全部或其中一部分进行预处理,从而获得附加识别信息包括:当获取到用户在用户设备的应用中连接目标无线接入点的操作,获取所述用户设备与所述目标无线接入点通信的业务数据信息;对所述业务数据信息进行编码;对编码后的所述业务数据信息的全部或其中一部分进行预处理,从而获得附加识别信息。
- 根据权利要求3至5中任一项所述的方法,其中,所述业务数据信息包括以下至少任一项:所述用户设备的用户设备标识信息;所述无线路由设备的路由设备标识信息;所述连接目标无线接入点的操作对应的时间信息;所述用户设备与所述无线接入点通信的协议版本信息;所述用户在所述应用中的用户标识信息。
- 一种在无线路由设备端用于连接无线接入点的方法,其中,该方法包括:接收用户设备发送的关于目标无线接入点的连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;根据所述连接认证信息对所述连接请求进行认证;当所述连接请求通过认证,接受所述连接请求并向所述用户设备返回连接成功信息。
- 根据权利要求7所述的方法,其中,所述根据所述连接认证信息对所述连接请求进行认证包括:向对应网络设备发送所述连接认证信息;接收所述网络设备返回的认证结果信息。
- 一种在网络设备端用于连接无线接入点的方法,其中,该方法包括:接收对应无线路由设备发送的关于用户设备请求连接目标无线接入点的连接认证信息,其中,所述连接认证信息是由所述用户设备生成的;对所述连接认证信息进行连接认证;将对应的认证结果信息返回至所述无线路由设备。
- 根据权利要求9所述的方法,其中,所述连接认证信息包括所述用户设备与所述无线接入点通信的业务数据信息,以及基于所述业务数据信息生成的附加识别信息;其中,所述对所述连接认证信息进行连接认证包括:根据所述业务数据信息和所述附加识别信息,对所述连接认证信息进行连接认证。
- 根据权利要求10所述的方法,其中,所述对所述连接认证信息进行连接认证还包括:根据所述业务数据信息及所述附加识别信息,对所述连接认证信息进行合法性认证;其中,所述认证结果信息包括所述连接认证信息的合法性认证结果及连接认证结果。
- 根据权利要求11所述的方法,其中,所述根据所述业务数据信息及所述附加识别信息,对所述连接认证信息进行合法性认证包括:根据所述业务数据信息,基于识别信息生成算法生成校验识别信息,其中,所述附加识别信息是基于所述识别信息生成算法生成的;基于所述附加识别信息和所述校验识别信息,对所述连接认证信息进行合法性认证。
- 一种用于连接无线接入点的方法,其中,该方法包括:基于用户在用户设备的应用中连接目标无线接入点的操作,所述用户设备向所述目标无线接入点对应的无线路由设备发送连接请求,其中,所述连接请求包括所述用户设备生成的连接认证信息;所述无线路由设备接收所述连接请求,根据所述连接认证信息对所述连接请求进行连接认证,当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息;所述用户设备接收所述连接成功信息。
- 根据权利要求13所述的方法,其中,所述所述无线路由设备接收所述连接请求,根据所述连接认证信息对所述连接请求进行连接认证,当所述 连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息包括:所述无线路由设备接收所述连接请求,向对应网络设备发送所述连接认证信息;所述网络设备接收所述连接认证信息,对所述连接认证信息进行连接认证,将对应的认证结果信息返回至所述无线路由设备;所述无线路由设备接收所述认证结果信息,当所述连接请求通过连接认证,接受所述连接请求并向所述用户设备返回连接成功信息。
- 一种用于连接无线接入点的设备,其中,该设备包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行如权利要求1至6中任一项所述方法的操作。
- 一种用于连接无线接入点的无线路由设备,其中,该无线路由设备包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行如权利要求7或8所述方法的操作。
- 一种用于连接无线接入点的网络设备,其中,该网络设备包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行如权利要求9至12中任一项所述方法的操作。
- 一种包括指令的计算机可读介质,所述指令在被执行时使得系统进行如权利要求1至12中任一项所述方法的操作。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2019006618A MY201646A (en) | 2017-05-12 | 2018-05-11 | Method and device for establishing connection to wireless access point |
US16/680,524 US11129020B2 (en) | 2017-05-12 | 2019-11-12 | Method and device for establishing connection to wireless access point |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710335504.2A CN107148019B (zh) | 2017-05-12 | 2017-05-12 | 一种用于连接无线接入点的方法与设备 |
CN201710335504.2 | 2017-05-12 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/680,524 Continuation US11129020B2 (en) | 2017-05-12 | 2019-11-12 | Method and device for establishing connection to wireless access point |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018205997A1 true WO2018205997A1 (zh) | 2018-11-15 |
Family
ID=59777486
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/086509 WO2018205997A1 (zh) | 2017-05-12 | 2018-05-11 | 一种用于连接无线接入点的方法与设备 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11129020B2 (zh) |
CN (1) | CN107148019B (zh) |
MY (1) | MY201646A (zh) |
WO (1) | WO2018205997A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210302592A1 (en) * | 2020-03-26 | 2021-09-30 | Mcafee, Llc | Crowdsourced Reputations for Wireless Networks |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107148019B (zh) * | 2017-05-12 | 2019-06-21 | 上海连尚网络科技有限公司 | 一种用于连接无线接入点的方法与设备 |
CN107969003B (zh) * | 2017-10-31 | 2020-03-31 | 上海连尚网络科技有限公司 | 一种无线接入认证方法 |
CN107948980A (zh) * | 2017-12-29 | 2018-04-20 | 北京奇虎科技有限公司 | 一种识别接入点合法性的方法、装置和终端 |
CN108174381B (zh) * | 2018-04-17 | 2018-08-03 | 上海连尚网络科技有限公司 | 用于连接无线接入点的方法和设备 |
CN111132266B (zh) * | 2018-10-30 | 2021-12-14 | 中国电信股份有限公司 | 终端接入方法、系统和云服务器 |
CN111212428A (zh) * | 2018-11-22 | 2020-05-29 | 九阳股份有限公司 | 一种家电设备接入无线局域网的方法以及家电设备 |
US11259348B2 (en) | 2019-08-14 | 2022-02-22 | Sling Media Pvt. Ltd. | Remote wireless network setup without pairing |
US11265690B2 (en) * | 2019-09-13 | 2022-03-01 | Sling Media L.L.C. | Ecosystem-based wireless network setup |
CN112270559A (zh) * | 2020-09-09 | 2021-01-26 | 上海连尚网络科技有限公司 | 一种用于激励用户分享无线接入点的方法与设备 |
CN113573339B (zh) * | 2021-07-23 | 2024-03-22 | 青岛海尔科技有限公司 | 一种设备无线连接方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2731396A1 (en) * | 2011-07-08 | 2014-05-14 | Kwang-Min Lee | Wireless local area network access apparatus and operating method thereof |
CN106102061A (zh) * | 2016-06-07 | 2016-11-09 | 北京小米移动软件有限公司 | 网络连接方法及装置 |
CN106304057A (zh) * | 2015-05-20 | 2017-01-04 | 上海纳鑫信息科技有限公司 | 一种通用的wifi认证方法及系统 |
CN106412902A (zh) * | 2016-11-16 | 2017-02-15 | 深圳前海壹互联科技投资有限公司 | 一种支持高速代理认证的wifi认证系统及方法 |
CN107148019A (zh) * | 2017-05-12 | 2017-09-08 | 上海掌门科技有限公司 | 一种用于连接无线接入点的方法与设备 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060239265A1 (en) * | 2005-04-25 | 2006-10-26 | Samsung Electronics Co., Ltd. | System and method for providing broadcast service in a mobile communication system |
KR101429672B1 (ko) * | 2008-08-05 | 2014-08-13 | 삼성전자주식회사 | 이동 중계국을 지원하는 광대역 무선통신 시스템의핸드오버 장치 및 방법 |
CN103188676B (zh) * | 2011-12-29 | 2017-12-26 | 中兴通讯股份有限公司 | 可扩展认证协议认证接入方法及装置 |
US10419907B2 (en) * | 2012-02-22 | 2019-09-17 | Qualcomm Incorporated | Proximity application discovery and provisioning |
CN103731855B (zh) * | 2012-10-11 | 2017-01-25 | 中国移动通信集团上海有限公司 | 一种筛选高数据业务热点小区的方法及装置 |
CN104348792B (zh) * | 2013-07-30 | 2018-06-19 | 阿里巴巴集团控股有限公司 | 数据处理方法、装置和系统 |
CN103596173B (zh) * | 2013-09-30 | 2018-04-06 | 北京智谷睿拓技术服务有限公司 | 无线网络认证方法、客户端及服务端无线网络认证装置 |
CN105188056B (zh) * | 2015-08-17 | 2019-01-25 | 深圳市江波龙科技有限公司 | 一种WiFi设备与接入点的连接方法及装置 |
EP3342117A1 (en) * | 2015-08-28 | 2018-07-04 | Telefonaktiebolaget LM Ericsson (publ) | Systems and methods for routing traffic originating from a communication device |
CN106358190B (zh) * | 2016-09-19 | 2019-09-20 | 江苏福云星信息技术有限公司 | 智能无线终端快速自动接入wifi无线网络的连接方法和应用系统 |
CN106454813A (zh) * | 2016-11-17 | 2017-02-22 | 珠海市魅族科技有限公司 | 一种无线通信模式设置方法及装置 |
CN106507357B (zh) * | 2016-12-30 | 2020-01-14 | Oppo广东移动通信有限公司 | 一种接入控制方法,及终端设备 |
-
2017
- 2017-05-12 CN CN201710335504.2A patent/CN107148019B/zh active Active
-
2018
- 2018-05-11 MY MYPI2019006618A patent/MY201646A/en unknown
- 2018-05-11 WO PCT/CN2018/086509 patent/WO2018205997A1/zh active Application Filing
-
2019
- 2019-11-12 US US16/680,524 patent/US11129020B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2731396A1 (en) * | 2011-07-08 | 2014-05-14 | Kwang-Min Lee | Wireless local area network access apparatus and operating method thereof |
CN106304057A (zh) * | 2015-05-20 | 2017-01-04 | 上海纳鑫信息科技有限公司 | 一种通用的wifi认证方法及系统 |
CN106102061A (zh) * | 2016-06-07 | 2016-11-09 | 北京小米移动软件有限公司 | 网络连接方法及装置 |
CN106412902A (zh) * | 2016-11-16 | 2017-02-15 | 深圳前海壹互联科技投资有限公司 | 一种支持高速代理认证的wifi认证系统及方法 |
CN107148019A (zh) * | 2017-05-12 | 2017-09-08 | 上海掌门科技有限公司 | 一种用于连接无线接入点的方法与设备 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210302592A1 (en) * | 2020-03-26 | 2021-09-30 | Mcafee, Llc | Crowdsourced Reputations for Wireless Networks |
US12025711B2 (en) * | 2020-03-26 | 2024-07-02 | Mcafee, Llc | Crowdsourced reputations for wireless networks |
Also Published As
Publication number | Publication date |
---|---|
CN107148019A (zh) | 2017-09-08 |
CN107148019B (zh) | 2019-06-21 |
MY201646A (en) | 2024-03-07 |
US20200084630A1 (en) | 2020-03-12 |
US11129020B2 (en) | 2021-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018205997A1 (zh) | 一种用于连接无线接入点的方法与设备 | |
US11509485B2 (en) | Identity authentication method and system, and computing device | |
TWI725958B (zh) | 雲端主機服務權限控制方法、裝置和系統 | |
KR102116399B1 (ko) | 서비스 레이어에서의 콘텐츠 보안 | |
JP6121049B2 (ja) | プロキシを使用したリソースへの安全なアクセス | |
US8621598B2 (en) | Method and apparatus for securely invoking a rest API | |
US8543471B2 (en) | System and method for securely accessing a wirelessly advertised service | |
US20220394026A1 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
CN102624720B (zh) | 一种身份认证的方法、装置和系统 | |
WO2019062666A1 (zh) | 一种实现安全访问内部网络的系统、方法和装置 | |
US10257171B2 (en) | Server public key pinning by URL | |
EP3061027A1 (en) | Verifying the security of a remote server | |
CN102201915A (zh) | 一种基于单点登录的终端认证方法和装置 | |
US20180375648A1 (en) | Systems and methods for data encryption for cloud services | |
BR112015032325B1 (pt) | Método implementado por computador para melhorar a segurança em sistemas de autenticação/autorização, e, mídia legível por computador | |
CN107396364B (zh) | 一种用于对用户设备进行无线连接预授权的方法与设备 | |
CN112968910B (zh) | 一种防重放攻击方法和装置 | |
US20240146728A1 (en) | Access control method, access control system, and related device | |
US20230351028A1 (en) | Secure element enforcing a security policy for device peripherals | |
CN107396362B (zh) | 一种用于对用户设备进行无线连接预授权的方法与设备 | |
CN115603932A (zh) | 一种访问控制方法、访问控制系统及相关设备 | |
KR101836211B1 (ko) | 전자 기기 인증 매니저 장치 | |
US20240080195A1 (en) | Managing composite tokens for content access requests | |
US11032708B2 (en) | Securing public WLAN hotspot network access | |
US11665148B2 (en) | Systems and methods for addressing cryptoprocessor hardware scaling limitations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18797615 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 27/02/2020) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18797615 Country of ref document: EP Kind code of ref document: A1 |