WO2022048125A1 - Procédé et appareil de de traitement d'informations, dispositif et support de stockage - Google Patents

Procédé et appareil de de traitement d'informations, dispositif et support de stockage Download PDF

Info

Publication number
WO2022048125A1
WO2022048125A1 PCT/CN2021/079365 CN2021079365W WO2022048125A1 WO 2022048125 A1 WO2022048125 A1 WO 2022048125A1 CN 2021079365 W CN2021079365 W CN 2021079365W WO 2022048125 A1 WO2022048125 A1 WO 2022048125A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
network
information
calculation parameter
access
Prior art date
Application number
PCT/CN2021/079365
Other languages
English (en)
Chinese (zh)
Inventor
罗朝明
茹昭
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN202180042424.2A priority Critical patent/CN115769542A/zh
Publication of WO2022048125A1 publication Critical patent/WO2022048125A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the embodiments of the present application relate to the field of communication technologies, and in particular, to an information processing method, apparatus, device, and storage medium.
  • Intelligent devices include devices, instruments, and machines with computing and processing capabilities.
  • a smart device for the first time or in the usage scenario of replacing the smart device (such as replacing the smart device from one network environment to another network environment)
  • the smart device is connected to the network, and then the smart device is controlled through the network.
  • the related art provides a variety of methods for configuring smart devices to access the network, mainly including: soft AP (Access Point, access point) distribution network (hereinafter referred to as "soft AP distribution network”) and scanning code distribution network.
  • soft AP distribution network The main process of soft AP distribution network is as follows: the smart device turns on the soft AP and broadcasts the soft AP's beacon; the distribution network device joins the soft AP after scanning the soft AP's beacon; The network device can send the network configuration information of the AP to be accessed to the smart device. After that, the smart device closes the soft AP and accesses the AP according to the network configuration information, thereby completing the network configuration process.
  • the main process of scanning the code to configure the network is as follows: the network configuration device displays the network configuration information of the AP that needs to be connected in the form of a QR code; the smart device scans the QR code displayed by the network configuration device to obtain the network configuration information, and then according to The network configuration information is connected to the AP to complete the network configuration process.
  • the above-mentioned network configuration process does not involve the identity authentication of the smart device, so it is very likely that a counterfeit smart device can obtain the network configuration information of the AP, which will lead to the leakage of the network configuration information of the AP, which will greatly affect the security of the AP. threat. Therefore, how to realize the identity authentication of the smart device to improve the security of the AP needs further discussion and research.
  • Embodiments of the present application provide an information processing method, apparatus, device, and storage medium.
  • the technical solution is as follows:
  • an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:
  • the beacon includes key calculation parameters and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the network distribution device The access key to perform authentication between.
  • an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
  • the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device The access key to perform authentication.
  • an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:
  • a first graphic code is displayed, and the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, and the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information from the network configuration device, the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
  • the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, the information The encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine an information decryption key
  • the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
  • an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
  • the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine the information decryption key
  • the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
  • an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:
  • First information from the distribution network device is received, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
  • an embodiment of the present application provides an information processing apparatus, which is set in a device to be connected to a network, and the apparatus includes:
  • a beacon broadcasting module configured to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.
  • an embodiment of the present application provides an information processing apparatus, which is set in a distribution network device, and the apparatus includes:
  • a beacon receiving module configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device identifier of the device to be accessed.
  • the access key for performing identity authentication between the distribution network devices.
  • an embodiment of the present application provides an information processing apparatus, which is set in a device to be connected to a network, and the apparatus includes:
  • a first display module configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key,
  • the information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides an information processing apparatus, which is set in a distribution network device, and the apparatus includes:
  • the second scanning module is used to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides an information processing apparatus, which is set in a device to be connected to a network, and the apparatus includes:
  • a third scanning module configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine an information decryption key
  • the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
  • an embodiment of the present application provides an information processing apparatus, which is set in a distribution network device, and the apparatus includes:
  • a third display module configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine the information decryption key
  • the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
  • an embodiment of the present application provides an information processing apparatus, which is set in a device to be connected to a network, and the apparatus includes:
  • the first receiving module is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • an embodiment of the present application provides an information processing apparatus, which is set in a distribution network device, and the apparatus includes:
  • the first sending module is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • an embodiment of the present application provides a device to be connected to a network, where the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:
  • the transceiver is used to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.
  • an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver connected to the processor; wherein:
  • the transceiver is configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device ID of the device to be connected to the network.
  • the access key for performing identity authentication between the distribution network devices.
  • an embodiment of the present application provides a device to be connected to a network, and the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:
  • the processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key,
  • the information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver connected to the processor; wherein:
  • the processor is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • an embodiment of the present application provides a device to be connected to a network, and the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:
  • the processor is configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine an information decryption key
  • the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
  • an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver connected to the processor; wherein:
  • the processor configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the network to access the second access point
  • the key calculation parameter is used to determine the information decryption key
  • the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
  • an embodiment of the present application provides a device to be connected to a network, and the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:
  • the transceiver is configured to receive first information from a distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver connected to the processor; wherein:
  • the transceiver is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a device to be connected to the network, so as to implement the device to be connected to the network as described above. side information processing methods.
  • an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a network distribution device, so as to realize the above-mentioned network distribution device side information processing methods.
  • an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on the device to be connected to the network, it is used to implement the above-mentioned device to be connected to the network side.
  • Information processing method when the chip runs on the device to be connected to the network, it is used to implement the above-mentioned device to be connected to the network side.
  • an embodiment of the present application provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a distribution network device, it is used to implement the above-mentioned configuration on the distribution network device side.
  • Information processing method when the chip runs on a distribution network device, it is used to implement the above-mentioned configuration on the distribution network device side.
  • an embodiment of the present application provides a computer program product, which is used to implement the above-mentioned information processing method on the device to be connected to the network when the computer program product runs on the device to be connected to the network.
  • an embodiment of the present application provides a computer program product, which is used to implement the information processing method on the side of the distribution network device as described above when the computer program product runs on the distribution network device.
  • FIG. 1 is a schematic diagram of a distribution network system provided by an embodiment of the present application.
  • Fig. 2 is the flow chart of soft AP distribution network provided by an embodiment of the present application.
  • FIG. 3 is a flowchart of a scanning code distribution network provided by an embodiment of the present application.
  • FIG. 4 is a flowchart of security authentication provided by an embodiment of the present application.
  • FIG. 6 is a flowchart of a method for determining an access key provided by an embodiment of the present application.
  • FIG. 9 is a flowchart of a method for determining an information decryption key and an information encryption key provided by an embodiment of the present application.
  • FIG. 10 is a flowchart of an information processing method coupled with a network distribution process provided by an embodiment of the present application
  • FIG. 11 is a flowchart of an information processing method decoupled from a distribution network process provided by an embodiment of the present application
  • FIG. 13 is a flowchart of an information processing method provided by another embodiment of the present application.
  • FIG. 14 is a flowchart of a method for determining an information decryption key and an information encryption key provided by another embodiment of the present application;
  • 17 is a flowchart of a method for determining an information decryption key and an information encryption key provided by yet another embodiment of the present application;
  • FIG. 19 is a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • 20 is a block diagram of an information processing apparatus provided by another embodiment of the present application.
  • 21 is a block diagram of an information processing apparatus provided by another embodiment of the present application.
  • 22 is a block diagram of an information processing apparatus provided by another embodiment of the present application.
  • FIG. 23 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • 24 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • 25 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • FIG. 26 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • FIG. 27 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • FIG. 29 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • FIG. 30 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • FIG. 31 is a block diagram of an information processing apparatus provided by still another embodiment of the present application.
  • 32 is a block diagram of an information processing apparatus provided by another embodiment of the present application.
  • 33 is a block diagram of an information processing apparatus provided by another embodiment of the present application.
  • 35 is a schematic structural diagram of a device to be connected to a network provided by an embodiment of the present application.
  • FIG. 36 is a schematic structural diagram of a distribution network device provided by an embodiment of the present application.
  • FIG. 1 shows a schematic diagram of a network distribution system provided by an embodiment of the present application.
  • the network distribution system may include: a device to be connected to a network 110 and a network distribution device 120 .
  • the device 110 to be connected to the network refers to a device with network access capability, for example, a device with WiFi (Wireless Fidelity, wireless fidelity) access capability.
  • the device 110 to be connected to the network is a smart device (such as VR (Virtual Reality, virtual reality) glasses, a smart wearable device, etc.), a terminal device, or other device with network access capability, which is not made in this embodiment of the present application. limited.
  • the device 110 to be connected to the network may be a smart TV, a smart speaker, a smart air conditioner, a smart lamp, a smart door and window, a smart curtain, and a smart socket. and other smart home devices.
  • there is one device 110 to be connected to the network or there are multiple devices 110 to be connected to the network, which is not limited in this embodiment of the present application. Determine the maximum number of devices that can be managed, etc.
  • the network distribution device 120 refers to a device capable of configuring network access.
  • the network distribution device 120 may be a server, terminal device, router, terminal device, mobile phone, tablet computer, wearable device, or other devices capable of configuring network access.
  • this embodiment of the present application does not limit this.
  • the implementation form of the distribution network device 120 may be determined in combination with the application scenario of the distribution network system. In an example, as shown in FIG. 1 , when the distribution network system is applied to smart home life, considering that the home environment has the characteristics of small area and frequent activities, the use of distribution network equipment 120 that occupies a large space will affect the normal operation.
  • the distribution network device 120 can be implemented as a router, a terminal device, a mobile phone, a tablet computer, a wearable device, and the like.
  • the number of distribution network devices corresponding to the distribution network system may be one or multiple, which is not limited in this embodiment of the present application.
  • the network distribution devices corresponding to different distribution network systems are different, so that the device 110 to be connected to the network corresponding to a certain distribution network system is bound to the network distribution device 120 under the distribution network system.
  • the network system is implemented as a smart home life, taking the family as a unit, the devices to be connected to the network in a certain family are bound to the distribution network devices of the family.
  • the network configuration device 120 can configure the device 110 to be connected to the network to access the AP, that is, configure the device to be connected to the network 110 to access the network.
  • the network access device 110 there are mainly two ways to configure the network access device 110 to be connected to the network: soft AP network configuration and code scanning configuration network. In the following, the two network distribution methods are introduced and explained respectively.
  • FIG. 2 shows a flowchart of a soft AP network configuration provided by an embodiment of the present application.
  • the process of soft AP network configuration mainly includes the following steps:
  • Step 210 the device to be connected to the network starts the soft AP and broadcasts the beacon of the soft AP.
  • the device to be connected to the network can start the soft AP when it enters the network distribution mode. After the device to be connected to the network starts the soft AP, it can broadcast the beacon of the soft AP.
  • the beacon of the soft AP includes at least one of the following contents: the device ID (Identifier, identification) of the device to be connected to the network, a user-defined network name , the protocol name of the application protocol, etc.
  • the device ID may be the MAC (Media Access Control Address, media access control) address of the device to be connected to the network.
  • the beacon of the soft AP includes at least one of the following fields: a BSSID (Basic Service Set Identifier, basic service set identifier) field, an SSID (Service Set Identifier, service set identifier) field, and a vendor specific (Vendor Specific) field.
  • BSSID Basic Service Set Identifier, basic service set identifier
  • SSID Service Set Identifier, service set identifier
  • vendor specific Vendor Specific
  • Step 220 when the network configuration device scans the beacon of the soft AP, it joins the soft AP.
  • the distribution network device can scan the beacons broadcast by other devices on different channels.
  • the distribution network device scans the beacon of the soft AP on the channel where the device to be connected broadcasts the beacon of the soft AP, it can join the soft AP.
  • the network configuration device confirms whether the SSID field in the beacon conforms to the preset format, and adds it to the soft AP if the SSID field conforms to the preset format.
  • Step 230 Establish a communication connection between the network distribution device and the device to be connected to the network.
  • the network distribution device can establish a communication connection with the device to be connected through the soft AP.
  • the communication between the network distribution equipment and the equipment to be connected to the network satisfies the TCP (Transmission Control Protocol, Transmission Control Protocol) protocol, and thus, the communication connection between the network distribution equipment and the equipment to be connected to the network can also be referred to as a TCP connection; or , the communication between the network distribution device and the device to be connected to the network satisfies the UDP (User Datagram Protocol) protocol, so the communication connection between the distribution network device and the device to be connected to the network can also be called a UDP connection.
  • TCP Transmission Control Protocol, Transmission Control Protocol
  • UDP User Datagram Protocol
  • Step 240 The network distribution device sends an information acquisition request to the device to be connected to the network.
  • the information acquisition request is used to request to acquire information about APs that can be accessed by the device to be connected to the network.
  • the information acquisition request is used to request to acquire the SSID field of the AP that the device to access can access and/or the signal strength of the AP that can be accessed.
  • the device to be connected may scan the AP's beacon according to a certain period (for example, 10 seconds), and determine whether it can access the AP according to the SSID field in the beacon.
  • step 250 the device to be connected to the network sends the information of the accessible AP to the network distribution device.
  • the device to be connected to the network After receiving the information acquisition request, the device to be connected to the network, in response to the information acquisition request, sends information about APs that can be accessed by the device to be connected to the network to the network distribution device, so as to access the AP information.
  • the accessible AP information includes at least one of the following: the SSID field of the accessible AP, and the signal strength of the accessible AP.
  • Step 260 The network configuration device sends network configuration information to the device to be connected to the network.
  • the network distribution device can select the AP to be accessed by the device to be connected to the network according to the information of the accessible APs.
  • This embodiment of the present application does not limit the manner in which the network configuration device selects the AP to be accessed by the network access device.
  • the network configuration device determines the AP with the highest signal strength indicated by the accessible AP information as the AP to be accessed by the network access device. . After the network configuration device selects the AP to be accessed by the device to be connected to the network, it can send network configuration information to the device to be connected to the network to configure the device to be connected to the selected AP.
  • the network configuration information includes at least one of the following: the SSID field of the AP to be accessed by the device to be connected to the network, and the authentication information of the AP to be accessed by the device to be connected to the network.
  • the authentication information of the AP to be accessed by the device to be connected to the network includes the password of the AP to be accessed by the device to be connected to the network.
  • Step 270 The device to be connected to the network sends a configuration response message to the network configuration device.
  • the configuration response message is used to respond to the network configuration information sent by the network configuration device, so as to indicate to the network configuration device whether the device to be connected to the network has received the network configuration information.
  • the network configuration device receives the network configuration information by default after sending the network configuration information to the device to be connected to the network. In the case that the device to be connected to the network successfully receives the network configuration information, it may not send the configuration information to the network configuration device.
  • Response message if the device to be connected to the network fails to receive the network configuration information successfully, such as the device to be connected to the network cannot parse the network configuration information, it can send a configuration response message to the network configuration device.
  • Step 280 the network configuration device cancels access to the soft AP.
  • the network configuration device After the network configuration device sends the network configuration information to the device to be connected to the network, it can disconnect the connection with the soft AP started by the device to be connected to the network, that is, cancel the access to the soft AP.
  • the distribution network device cancels access to the soft AP after sending the network configuration information; or, after receiving the configuration response message, the distribution network device cancels access to the soft AP, and the embodiment of the present application cancels access to the distribution network device.
  • the timing of soft AP is not limited.
  • Step 290 the device to be connected to the network closes the soft AP.
  • the device to be connected to the network Since the device to be connected to the network usually cannot access two APs at the same time, the device to be connected to the network needs to close the soft AP to access the AP indicated by the network configuration information.
  • the device to be connected to the network closes the soft AP; or, the device to be connected to the network closes the soft AP after sending a configuration response message to the distribution network device; After entering the soft AP, the soft AP is closed.
  • the embodiment of the present application does not limit the timing of closing the soft AP for the device to be connected to the network.
  • the device to be connected to the network cancels access to the soft AP, it can access the AP indicated by the network configuration information according to the authentication information in the network configuration information.
  • the network distribution device cancels access to the soft AP, in order to continue to control and manage the device to be connected to the network, it can also access the AP indicated by the network configuration information. Therefore, the network distribution device and the device to be connected to the network establish a communication connection through the access AP.
  • FIG. 3 shows a flowchart of a scanning code distribution network provided by an embodiment of the present application.
  • the process of scanning code distribution network mainly includes the following steps:
  • Step 310 the network distribution device scans the two-dimensional code of the device to be connected to the network.
  • the device to be connected to the network can display the QR code on its screen; if the device to be connected to the network does not have the function of screen display, the device manufacturer of the device to be connected to the network can leave the factory of the device to be connected to the network , paste the QR code on the device to be connected to the network.
  • the two-dimensional code of the device to be connected to the network indicates the device information of the device to be connected to the network.
  • the device information includes at least one of the following: the device type of the device to be connected to the network, and the device public key.
  • the network distribution device scans the QR code of the device to be connected to the network to obtain the device information of the device to be connected to the network.
  • Step 320 the network distribution device generates a two-dimensional code according to the network configuration information and displays the two-dimensional code.
  • the network configuration device can determine the AP to be accessed by the device to be connected to the network, and determine the network configuration information corresponding to the AP.
  • the network configuration information includes at least one of the following: the SSID field of the AP to be accessed by the device to be connected to the network, the device to be connected to the network.
  • Authentication information of the access AP is the authentication information of the AP to be accessed by the device to be connected to the network.
  • the authentication information of the AP to be accessed by the device to be connected to the network includes the password of the AP to be accessed by the device to be connected to the network.
  • the network distribution device can encrypt the network configuration information according to the device public key of the device to be connected to the network obtained by scanning, and generate a two-dimensional code according to the encrypted network configuration information for the device to be connected to the network to scan.
  • Step 330 the device to be connected to the network scans the two-dimensional code provided by the network distribution device to obtain network configuration information.
  • the device to be connected to the network scans the QR code provided by the distribution device to obtain the network configuration information provided by the distribution device. Since the two-dimensional code provided by the network distribution device is generated by encrypting the network configuration information with the device public key of the device to be connected to the network, after the device to be connected to the network scans the two-dimensional code provided by the network distribution device, it obtains the encrypted network configuration information. It uses the device public key to decrypt to obtain the network configuration information.
  • Step 340 the device to be connected to the network accesses the AP.
  • the AP indicated by the network configuration information can be accessed according to the authentication information of the AP obtained by scanning. After the network access device accesses the AP, it can further access the cloud platform for authentication and so on.
  • the above network distribution process does not involve the identity authentication of the smart device, so it is very likely that a counterfeit smart device can obtain the network configuration information of the AP, resulting in the leakage of the network configuration information of the AP.
  • AP security poses a great threat.
  • the network distribution device if it is necessary to verify the identity of the network access device during the soft AP network distribution process, the network distribution device needs to be used as a proxy service, that is, the network distribution device is connected to the network device to start.
  • a soft AP obtain the device certificate of the device to be connected to the network; after that, the network configuration device switches from the soft AP to the AP that the device to be connected to accesses to connect to the cloud service, and forwards the device certificate of the device to be connected to the cloud service.
  • the verification result is fed back to the distribution network device; then, the distribution network device needs to switch from the AP to be accessed by the device to be connected back to the soft AP, and then set the network configuration information of the AP to be accessed by the device to be connected to the network (such as SSID and password, etc.). It can be seen that this process requires network distribution equipment to switch back and forth between different access points, which is cumbersome and inefficient.
  • the embodiments of the present application provide an information processing method, which can be used to solve the above technical problems.
  • the technical solutions of the present application will be described with reference to several embodiments.
  • the embodiment of the present application adopts a 4-way handshake (Sample 4-way handshake) process for security authentication, wherein:
  • Authenticator authentication party
  • EAPOL Extensible Authentication Protocol, Extended Authentication Protocol
  • ANonce random number generated by AP
  • Supplicant requester
  • the Supplicant sends the EAPOL-Key carrying the SNonce (a random number generated by the STA) and other information to the Authenticator. Among them, after receiving the ANonce, the Supplicant can calculate the PTK (Pairwise Transient Key, paired temporary key) according to the ANonce.
  • the calculation formula of the PTK is as follows:
  • PTK PRF-Length(PMK,”Pairwise key expansion",Min(AA,SPA)
  • the Authenticator After the Authenticator receives the SNonce, it can generate a PTK, and compare the received MIC with the MIC generated by itself for integrity verification. If the verification fails, the handshake fails.
  • Message 3 (Message 3 in the 4-way handshake): The Authenticator sends an EAPOL-Key carrying GTK (Group Transient Key, group temporary key) and MIC (Message Integrity Code, message integrity check code) to Supplicant.
  • GTK Group Transient Key, group temporary key
  • MIC Message Integrity Code, message integrity check code
  • 4-Way Handshake Message 4 (message 4 in the 4-way handshake): Supplicant sends the EAPOL-Key for confirmation to the Authenticator. After receiving the 4-Way Handshake Message 3, the Supplicant can use the PTK generated by itself to decrypt the GTK, and verify the MIC at the same time. If there is no error, it will send an ACK (Acknowledge) to the Authenticator for confirmation.
  • the control port of Authenticator will be opened, so that 802.11 data frames will be able to pass normally, and all unicast data frames will be protected by PTK, and all multicast data and broadcast data will be protected by PTK. GTK protection.
  • the calculation parameters of PTK include PMK. If the PMKs of the two parties are inconsistent, the calculated PTKs are also inconsistent, and the two parties cannot correctly parse the data of the other party, and thus cannot complete the handshake, then Supplicant will not be able to. Access Authenticator.
  • the PMK is a common key (that is, the password of the Authenticator) predicted by the Supplicant and the Authenticator, and there is a great risk of leakage, which is not conducive to security protection.
  • FIG. 5 shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 .
  • the method may include the following steps:
  • Step 510 the device to be connected to the network broadcasts the beacon of the first access point, the beacon includes the key calculation parameter and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the connection between the device to be connected to the network and the network distribution device.
  • the access key to perform authentication is used to perform authentication.
  • the device to be connected to the network can start the first access point when it enters the network distribution mode.
  • the device to be connected to the network automatically enters the network configuration mode when it is turned on for the first time, or the device to be connected to the network is operated by the user to passively trigger entering the distribution network. model.
  • the first access point is a soft AP started by the device to be connected to the network.
  • the beacon of the first access point may be broadcast, and the beacon includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the device identifier of the device to be connected to the network includes the device ID of the device to be connected to the network, so as to uniquely identify the device to be connected to the network.
  • the key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device.
  • the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the content of the key calculation parameter.
  • the key calculation parameter includes a predefined value; or, the key calculation parameter includes a random number.
  • the key calculation parameter is pre-configured by the device cloud platform (the cloud platform corresponding to the device to be connected to the network); or, the key calculation parameter is generated by the device to be connected to the network.
  • the key calculation parameter in order to reduce the risk of leakage of the key calculation parameter and improve the security of the key calculation parameter, includes a random number generated by the device to be connected to the network.
  • the beacon of the first access point further includes a pre-shared verification identifier F, optionally, the pre-shared verification identifier occupies at least 1 bit.
  • the beacon of the first access point includes at least one of the following fields: a BSSID field, an SSID field, and a custom field (eg, a Vendor Specific field).
  • a BSSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or,
  • the SSID field includes key calculation parameters and/or the device identification of the device to be connected to the network; or, the custom field includes key calculation parameters and/or the device identification of the device to be connected to the network.
  • the key calculation parameter is set in the SSID field
  • the device identifier of the device to be connected to the network is set in the BSSID field.
  • the key calculation parameters and the device ID of the device to be connected to the network can be in fields other than the custom fields to avoid configuring network devices. Not available.
  • the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network.
  • the device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the cloud platform of the device manufacturer (ie, the cloud platform corresponding to the device to be connected to the network).
  • Step 520 the distribution network device receives the beacon of the first access point.
  • the distribution network device can scan the beacons broadcast by other devices on different channels, so that on the channel where the device to be connected broadcasts the beacon of the first access point, the distribution network device can scan the beacon of the first access point , that is, the distribution network device can receive the beacon of the first access point.
  • the network distribution device may further parse the beacon of the first access point to obtain the device identification and/or key calculation parameters of the device to be connected to the network.
  • the network distribution device can send the key calculation parameters and/or the device identification of the device to be connected to the network to the distribution cloud platform, and the distribution cloud platform and the device cloud platform calculate the access to perform identity authentication between the device to be connected to the network and the network distribution device. key.
  • the technical solutions provided by the embodiments of this application add a key calculation parameter to the beacon of the access point activated by the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device.
  • the access key for performing identity authentication between devices provides a basis for performing identity authentication between the device to be connected to the network and the device to be deployed on the network, which is helpful for the subsequent realization of identity authentication between the device to be connected to the network and the device to be connected to the network.
  • the identity authentication between the device to be accessed and the network distribution device is performed before the device to access the network obtains the network configuration information, that is, the device to be connected to the network can obtain the network configuration information only when the identity authentication is passed. , thereby reducing the risk of network configuration information leakage and improving the security of the access point.
  • the network device switches the access point back and forth to verify the identity of the device to be connected to the network.
  • the embodiment of the present application simplifies the identity authentication process and improves the identity authentication efficiency.
  • the following describes the calculation process of the access key (first access key) on the side of the device to be connected to the network and the access key (second access key) on the side of the distribution device.
  • the above method further includes the following steps:
  • Step 531 the device to be connected to the network determines the first access key based on the key calculation parameter and the first device key.
  • the first device key is the device key of the device to be connected to the network preset in the device to be connected to the network, that is, the above-mentioned key K.
  • the first access key can be calculated based on the key calculation parameter and the first device key.
  • the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key.
  • the above step 531 includes: the device to be connected to the network uses the first key generation algorithm to The key calculation parameter and the first device key are processed to obtain the first encryption key; the first encryption key is processed by the first encoding method to obtain the first access key. Since the first encryption key obtained by the first key generation algorithm is usually binary data, in order to obtain the first access key in the form of a visible string, the first encryption key needs to be encoded.
  • An encoding method encodes the first encryption key.
  • the first encoding manner includes: Base64 (representing binary data based on 64 printable characters).
  • the first key generation algorithm includes any item: AES (Advanced Encryption Standard, Advanced Encryption Standard) 128-CMAC (Cypher-Based Message Authentication Code, based on symmetric encryption to achieve message authentication), HKDF (HMAC (Hash) -based Message Authentication Code, hash operation message verification code)-based KDF (Key Derivation Function, key derivation function), HMAC-based key derivation function), PBKDF (Password-Based Key Derivation Function, password-based key Derivation function), SHA (Secure Hash Algorithm, secure hash algorithm), DES (Data Encryption Standard, data encryption standard) algorithm, 3DES (Triple DES, triple data encryption standard) algorithm.
  • AES Advanced Encryption Standard, Advanced Encryption Standard
  • 128-CMAC Chip-Based Message Authentication Code, based on symmetric encryption to achieve message authentication
  • HKDF HMAC (Hash) -based Message Authentication Code, hash operation
  • the above method further includes the following steps:
  • Step 532 The distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key.
  • the calculation parameters of the second access key need to be the same as the calculation parameters of the first access key.
  • the above-mentioned calculation parameters of the first access key include the key calculation parameters and the first device key. Therefore, the calculation parameters of the second access key should also include the key calculation parameters and the device key of the device to be connected to the network.
  • the device key of the device to be connected to the network is only held by the cloud platform (that is, the device cloud platform) of the device to be connected to the network and the device manufacturer of the device to be connected to the network. Second, the access key needs to be calculated by the device cloud platform.
  • the distribution network device After receiving the beacon of the first access point, the distribution network device can obtain the device identification and/or key calculation parameters of the device to be connected to the network from the beacon of the first access point, and then the distribution network device sends the data to the distribution network cloud.
  • the platform sends the first acquisition request to request the acquisition of the second access key.
  • the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or, the first acquisition request also includes the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. First get request.
  • the device key of the device to be connected to the network is not held by the network configuration cloud platform. Therefore, after receiving the first acquisition request, the network configuration cloud platform , the second access key needs to be further obtained from the device cloud platform. That is, as shown in FIG. 6, after the above step 532, the following steps are further included:
  • Step 53A the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network.
  • the first acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 53B the distribution network cloud platform sends a third acquisition request to the device cloud platform, where the third acquisition request is used to request to acquire the second access key.
  • the network configuration cloud platform may further send a third acquisition request to the device cloud platform to request the device cloud platform to calculate the second access key and request the device cloud platform to store the second access key.
  • the key is sent to the distribution network cloud platform.
  • the third acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the third acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 53C the device cloud platform calculates the second access key.
  • the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network,
  • the second device key is the device key of the device to be connected to the network stored in the device cloud platform, that is, the key K.
  • the calculation method of the first access key and the calculation method of the second access key should also be consistent.
  • An access key is used to calculate a second access key.
  • the process of calculating the second access key by the device cloud platform is as follows: the device cloud platform adopts the first key generation algorithm to calculate the parameters and the key calculation parameters.
  • the second device key is processed to obtain the second encryption key; the second encryption key is processed by using the first encoding method to obtain the second access key.
  • the process of encoding the second encryption key may also be implemented by a distribution network cloud platform or a distribution network device. That is, after the device cloud platform calculates the second encryption key based on the key calculation parameters and the second device key, the encoding process of the second encryption key can be performed by any of the device cloud platform, the distribution network cloud platform, and the distribution network device. one to implement.
  • Step 53D the device cloud platform sends the access key information to the distribution network cloud platform.
  • the device cloud platform can directly calculate the second access key and send the second access key to the distribution network cloud platform, or it can first calculate the second encryption key and send the second encryption key to the cloud platform. Send it to the distribution network cloud platform. Therefore, the access key information sent by the device cloud platform to the distribution network cloud platform includes the second access key or the second encryption key.
  • Step 534 The distribution network cloud platform sends access key information to the distribution network device, where the access key information is used to determine the second access key.
  • the distribution network cloud platform may directly forward the access key information to the distribution network device.
  • the distribution network cloud platform can also directly forward the access key information to the distribution network device, and then the distribution network device encodes the second encryption key. Processing, that is, after the above step 534, it further includes: the distribution network device uses the first encoding method to process the second encryption key to obtain the second access key; or, the distribution network cloud platform may The encoding process is performed to obtain the second access key, and the second access key is sent to the distribution network device.
  • FIG. 6 only uses the device cloud platform to calculate the second access key and send the second access key to the distribution network cloud platform as an example for introduction and description, but this does not constitute the technical solution of the present application.
  • the second encryption key may also be encoded by the distribution network cloud platform or the distribution network device.
  • the above method further includes: the device to be connected to the network and the device for network distribution perform identity authentication based on the first access key and the second access key, respectively.
  • the device to be connected to the network calculates the first access key and the device to be connected to the network obtains the second access key
  • the device to be connected to the network and the device to be connected to the network can perform identity authentication based on the first access key and the second access key.
  • the above-mentioned 4-way handshake process is used for identity authentication
  • the device to be connected to the network is equivalent to the Supplicant in the above-mentioned 4-way handshake process
  • the network distribution device is equivalent to the Authenticator in the above-mentioned 4-way handshake process.
  • the key is equivalent to the PMK on the Supplicant side in the above-mentioned 4-way handshake process
  • the second access key is equivalent to the PMK on the Authenticator side in the above-mentioned 4-way handshake process.
  • the above method further includes: in the case that the identity authentication is passed, the network distribution device accesses the first access point. After the identity authentication is passed, the network configuration device can access the first access point activated by the device to be connected to the network. Optionally, after the network configuration device accesses the first access point, the network configuration device sends the network configuration to the device to be connected to the network. information, the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the embodiments of the present application only take the calculation of the access key based on the key calculation parameter and the device key of the device to be connected to the network as an example. It is easy to think of using other calculation parameters to calculate the access key, such as calculating the access key by using the key calculation parameter, the device key of the device to be connected to the network, and the device identifier of the device to be connected to the network, these should all belong to the protection scope of this application. Inside.
  • the device to be connected to the network and the network distribution device respectively obtain the access key according to the key calculation parameter, and perform identity authentication according to the separately obtained access key, so that the device to be connected to the network and the network distribution device can perform identity authentication.
  • the identity of the device to be connected to the network is authenticated, so as to avoid leakage of the network configuration information and improve the security of the access point.
  • the access key on the side of the distribution device is calculated by the cloud platform corresponding to the device to be connected to the network, so as to avoid leaking the device key of the device to be connected to the network. , which improves the effectiveness of identity authentication.
  • the information processing method provided by the embodiment of the present application includes the following steps:
  • Step 700 the device to be connected to the network broadcasts the beacon of the soft AP.
  • the beacon includes a key calculation parameter and/or a device identity of the device to be connected to the network, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be connected to the network and the network distribution device.
  • Step 710 the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identification and/or key calculation parameters of the device to be connected to the network.
  • Step 720 the device to be connected to the network determines the first access key based on the key calculation parameter and the first device key.
  • the device to be connected to the network uses the first key generation algorithm to process the key calculation parameter and the first device key to obtain the first encryption key; uses the first encoding method to process the first encryption key to obtain the first access key. key.
  • Step 730 The distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key.
  • the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. First get request.
  • Step 740 the configuration network cloud platform determines the device cloud platform.
  • the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 750 The distribution network cloud platform sends a third acquisition request to the device cloud platform, where the third acquisition request is used to request to acquire the second access key.
  • the distribution network cloud platform needs to first establish a secure connection with the device cloud platform, and then send the first message to the device cloud platform.
  • Step 760 the device cloud platform calculates the second access key.
  • the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the first key generation algorithm to process the key calculation parameters and the second device key to obtain the second encryption key; uses the first encoding method to process the second encryption key to obtain the second encryption key. access key.
  • Step 770 the device cloud platform sends the second access key to the distribution network cloud platform.
  • Step 780 The distribution network cloud platform sends the second access key to the distribution network device.
  • step 790 the device to be connected to the network and the network distribution device perform identity authentication based on the first access key and the second access key, respectively.
  • the identity authentication is passed, and the network configuration device can access the soft AP, and send the network configuration information of the home WiFi network to the device to be connected to the network.
  • the embodiment of the present application does not limit the execution sequence of the above steps, and the above steps can be combined in any execution order on the premise of satisfying the implementation logic.
  • the above-mentioned step 720 may also be performed before the above-mentioned step 710 , or the above-mentioned step 720 may also be performed after the above-mentioned step 780 . These should all fall within the protection scope of the present application.
  • FIG. 8 shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 .
  • the method may include the following steps:
  • Step 810 The network distribution device sends first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • the network distribution device After connecting to the first access point started by the device to be connected to the network, the network distribution device establishes a communication connection with the device to be connected to the network.
  • the communication connection between the network configuration device and the device to be connected to the network is a TCP connection or a UDP connection.
  • data transmission can be performed between the network distribution device and the device to be connected to the network.
  • the network distribution device sends first information to the device to be connected to the network, where the first information includes a key calculation parameter.
  • the device to be connected to the network can use the key calculation parameter to determine the first information key, and the first information key can be used to decrypt the second information encrypted with the second information key or the network configuration information encrypted with the second information key, It can also be used to encrypt the first reference information.
  • the device to be connected to the network can successfully parse the network configuration information or the second information encrypted by the second information key, and then the device to be connected to the network passes the identity authentication;
  • the first information key and the second information key are the same, and the first reference information and the second reference information are the same, the first reference information encrypted with the first encryption key and the first reference information encrypted with the second encryption key are the same.
  • the two reference information can be consistent, and then the device to be connected to the network can pass the identity authentication.
  • the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value.
  • the key calculation parameter is generated by the device cloud platform (the cloud platform corresponding to the device to be connected to the network).
  • the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the timing for determining the key calculation parameter.
  • the device cloud platform generates the key calculation parameter after receiving the request for obtaining the second information key or for obtaining the fourth reference information;
  • the device cloud platform has pre-generated key calculation parameters, and subsequently receives a request for obtaining the second information key or for obtaining the fourth reference information, and directly calculates the parameters according to the key and the device key of the device to be connected to the network.
  • the second information key can be calculated using the key.
  • the embodiment of the present application proposes two methods for the identity authentication under the soft AP distribution network, one way is that the identity authentication process is coupled with the network distribution process, and the other way is the decoupling of the identity authentication process and the network distribution process.
  • the following describes the two methods respectively.
  • the above-mentioned first information further includes network configuration information encrypted with the second information key; the above-mentioned method further includes: the distribution network cloud platform sends the key calculation parameter and the second information key to the distribution network device; the distribution network The device determines the first information based on the key calculation parameter, the second information key, and the network configuration information.
  • the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the network configuration device needs to send the network device corresponding to the second access point to the device to be connected to the network.
  • configuration information, and the subsequent device to be connected to the network can access the second access point according to the network configuration information.
  • the network configuration device does not directly send the network configuration information to the device to be connected to the network, but uses the second information key to process the network configuration information, and then sends the encrypted network configuration information to the device to be connected to the network. If the device to be connected to the network can successfully decrypt the encrypted network configuration information, it can use the acquired network configuration information to access the second access point.
  • the network distribution device In order to ensure that the first information key calculated by the device to be connected to the network can be consistent with the second information key, the network distribution device also needs to send the key calculation parameters used in the calculation of the second information key to the device to be connected to the network, so that In subsequent steps, the device to be connected to the network determines the first information key according to the key calculation parameter and the device key of the device to be connected to the network.
  • the calculation process of the first information key and the second information key please refer to the following method embodiments, and details are not repeated here.
  • the network distribution device needs to send at least the following information to the device to be connected to the network: network configuration information encrypted with the second information key, and key calculation parameters. Therefore, the network distribution device needs to first determine the network configuration information encrypted with the second information key according to the network configuration information and the second information key, and then send the network configuration information and key calculation parameters encrypted with the second information key to the The device to be connected to the network. Based on this, optionally, determining the first information based on the key calculation parameter, the second information key, and the network configuration information includes: using the fourth encryption algorithm and the second information key to process the network configuration information to obtain The network configuration information encrypted with the second information key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.
  • the fourth encryption algorithm is a symmetric encryption algorithm.
  • the fourth encryption algorithm includes but is not limited to any one of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, and AES256-GCM.
  • the device to be connected to the network After the network distribution device sends the first information to the device to be connected to the network, the device to be connected to the network first determines the first information key according to the key calculation parameter in the first information, and then uses the first information key to decrypt the first information using the second key. Information key encrypted network configuration information.
  • the above method further includes: the device to be connected to the network uses the first information key to decrypt the network configuration information encrypted by the second information key; in the case that the first information key and the second information key are consistent, The identity authentication of the network access device can succeed, and then the network access device succeeds in obtaining network configuration information; in the case where the first information key and the second information key are inconsistent, the network access device identity authentication fails, and the network access device fails to obtain network configuration information. .
  • the embodiment of the present application also proposes two methods for decoupling the identity authentication process from the network distribution process.
  • One method is that the network distribution device performs identity identification according to the data encrypted by the first information key and the second information key respectively.
  • Authentication another way is that the network distribution device performs identity authentication according to the data from the device cloud platform and the device to be connected to the network.
  • the above method further includes: the device to be connected to the network obtains the first encrypted information according to the first information key and the first reference information; the device to be connected to the network sends the first encrypted information to the network distribution device.
  • the first reference information is used for the identity authentication process of the device to be connected to the network.
  • the device manufacturer of the device to be connected to the network uniquely allocates reference information for the device to be connected to the network, and preconfigures the reference information into the device to be connected to the network (the reference information preconfigured in the device to be connected to the network is referred to as "first reference information") . Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the reference information.
  • the device manufacturer of the device to be connected to the network can upload the device identification and reference information of the device to be connected to the network to the device cloud platform (that is, the cloud platform corresponding to the device to be connected to the network) (the reference information stored in the device cloud platform is called "second reference”. information").
  • the reference information is a preconfigured value, or the reference information is a preconfigured random number, and the content of the reference information is not limited in this embodiment of the present application.
  • the first reference information and the second reference information are respectively held by the device to be connected to the network and the device cloud platform (the cloud platform corresponding to the device to be connected to the network), so the network distribution device cannot directly
  • the second reference information is acquired, but the acquired first reference information (ie, the second encrypted information) encrypted with the second information key. That is, the above method further includes: the distribution network cloud platform sends the second encrypted information to the distribution network device.
  • the device cloud platform may calculate the second information key based on the key calculation parameter, and use the second information key to encrypt the second reference information to obtain the second encrypted information, and then combine the second encrypted information and the
  • the key calculation parameters are sent to the distribution network cloud platform, and the distribution network cloud platform is further sent to the distribution network equipment.
  • the key calculation parameter can be sent to the device to be connected to the network, so that the device to be connected to the network can use the key calculation parameter to calculate the first information key and encrypt it with the first information key.
  • the first reference information is used to obtain the first encrypted information, and the first encrypted information is further sent to the distribution network device.
  • the network distribution device receives the first encrypted information from the device to be connected to the network; By comparison, if the two encrypted information are the same, the identity authentication of the device to be connected to the network has passed, and the network configuration device can further send network configuration information to the device to be connected to the network. Based on this, the above method further includes: when the first encrypted information and the second encrypted information are consistent, the network configuration device sends network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the identity authentication of the device to be connected to the network fails.
  • Network configuration information is, only when the first information key and the second information key are consistent, and the first reference information and the second reference information are consistent, the identity authentication of the device to be connected to the network can be successful, and then the device to be connected to the network can be obtained.
  • the first information further includes second information encrypted with the second information key; the method further includes: decrypting the second information encrypted with the second information key using the first information key, to obtain the third information Reference information; send third reference information to the distribution network device.
  • the second information is used for the identity authentication process of the device to be connected to the network.
  • the second information decrypted by the device to be connected to the network includes third reference information.
  • the third reference information is a preconfigured value, or, the third reference information is a preconfigured random number, and the content of the third reference information is not limited in this embodiment of the present application.
  • the second information decrypted by the device to be connected to the network may further include a predefined value, and the predefined value is only held by the device to be connected to the network and the device cloud platform.
  • the device cloud platform may calculate the second information key based on the key calculation parameter, and use the second information key to encrypt the second information to obtain the encrypted second information (the device cloud platform encrypts the second information key) information, the reference information in the second information is called "fourth reference information"), and then the reference information, the encrypted second information and the key calculation parameters are sent to the distribution network cloud platform, and the distribution network cloud platform further sends to distribution network equipment.
  • the key calculation parameter and the encrypted second information can be sent to the device to be connected to the network, so that the device to be connected to the network subsequently uses the key calculation parameter to calculate the first information key, and Use the first information key to decrypt the encrypted second information to obtain the reference information in the second information (the reference information in the second information decrypted by the device side to be accessed is called "third reference information"), and further The reference information is sent to the distribution network device.
  • the distribution network device receives the third reference information from the device to be connected to the network; By comparison, if the two reference information are the same, the identity authentication of the device to be connected to the network has passed, and the network configuration device can further send network configuration information to the device to be connected to the network.
  • the above method further includes: the device to be connected to the network sends third reference information to the distribution network device; the distribution network cloud platform sends fourth reference information to the distribution network device; In this case, network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the identity authentication of the device to be connected to the network fails.
  • Network configuration information is, only when the first information key and the second information key are consistent, and the third reference information and the fourth reference information are consistent, the identity authentication of the device to be connected to the network can be successful, and then the device to be connected to the network can be obtained.
  • the key calculation parameters are sent to the device to be connected to the network through the network distribution device, and the key calculation parameters are used to calculate the information key, and the information key can be used for decryption using the device.
  • the data encrypted by the information key calculated by the cloud platform or the network configuration information encrypted by the information key calculated by the device cloud platform can also be used to encrypt the reference information.
  • the device to be connected can successfully parse the network configuration information or data encrypted with the information key calculated by the device cloud platform, and then the device to be connected to the network can successfully parse the network configuration information or data encrypted by the information key calculated by the device cloud platform.
  • identity authentication the network configuration information can be further obtained; or, in the case where the information key calculated by the device to be connected to the network is consistent with the information key calculated by the device cloud platform, the data obtained by encrypting the two information keys respectively can be used. Consistency is achieved, and then the device to be connected to the network passes identity authentication and further obtains network configuration information. Therefore, in the embodiment of the present application, the identity of the device to be accessed is authenticated before the device to access the wireless access point, so as to avoid leakage of network configuration information corresponding to the wireless access point, and improve the security of the wireless access point.
  • the identity authentication process of the device to be connected to the network can be coupled with the network distribution process, that is, the network distribution device directly encrypts the network configuration information with the information key calculated by the device cloud platform, and the information calculated by the device to be connected to the network is encrypted.
  • the device to be connected to the network can directly obtain the network configuration information, which reduces the data exchange between the network distribution device and the device to be connected to the network, and reduces the number of distribution devices and the device to be connected to the network. processing overhead.
  • the identity authentication process of the device to be connected to the network can also be decoupled from the network distribution process, that is, after the identity authentication of the device to be connected to the network is passed, the network distribution device sends the network configuration information to the device to be connected to the network.
  • the decoupling of the identity authentication process and the distribution network process can fully improve the security of network configuration information.
  • the following describes the calculation process of the first information key on the side of the device to be connected to the network and the second information key on the side of the network distribution device.
  • the above method further includes the following steps:
  • Step 831 the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key.
  • the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network.
  • the device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the device cloud platform (ie, the cloud platform corresponding to the device to be connected to the network).
  • the first device key is the device key of the device to be connected that is preset in the device to be connected to the network. After the device to be connected to the network specifies the key calculation parameter and the first device key, the first information key can be calculated based on the key calculation parameter and the first device key.
  • the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key.
  • the above step 831 includes: the device to be connected to the network uses a fourth key generation algorithm to The key calculation parameter and the first device key are processed to obtain the first information key.
  • the fourth key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.
  • the identity authentication process and the network distribution process of the device to be connected to the network can be either coupled or decoupled. The following describes the two situations respectively.
  • Case 1 The identity authentication process of the device to be connected to the network is coupled with the network distribution process:
  • the above method further includes the following steps:
  • Step 841 The network distribution device receives the beacon of the first access point activated by the device to be connected to the network, where the beacon includes the device identifier of the device to be connected to the network.
  • the device to be connected to the network can start the first access point when it enters the network distribution mode.
  • the device to be connected to the network automatically enters the network configuration mode when it is turned on for the first time, or the device to be connected to the network is operated by the user to passively trigger entering the distribution network. model.
  • the first access point is a soft AP started by the device to be connected to the network.
  • the beacon of the first access point may be broadcast, and the beacon includes the device identifier of the device to be connected to the network.
  • the device identifier of the device to be connected to the network includes the device ID of the device to be connected to the network, so as to uniquely identify the device to be connected to the network.
  • the beacon of the first access point includes at least one of the following fields: a BSSID field, an SSID field, and a custom field (such as a Vendor Specific field).
  • a BSSID field a BSSID field
  • an SSID field a custom field
  • the device identifier of the device to be connected to the network is set in the BSSID field.
  • the distribution network device can scan the beacons broadcast by other devices on different channels, so that on the channel where the device to be connected broadcasts the beacon of the first access point, the distribution network device can scan the beacon of the first access point , that is, the distribution network device can receive the beacon of the first access point.
  • Step 842 The distribution network device sends a seventh acquisition request to the distribution network cloud platform, where the seventh acquisition request is used to request to acquire the second information key.
  • the seventh acquisition request is used for requesting to acquire the second information key. Since the second information key is calculated by the device cloud platform, when the distribution network device needs to obtain the second information key, it can send a seventh acquisition request to the distribution network cloud platform for further acquisition through the distribution network cloud platform The second information key.
  • This embodiment of the present application does not limit the content of the seventh acquisition request.
  • the seventh acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Seventh Get Request.
  • Step 843 the configuration network cloud platform determines the device cloud platform.
  • the distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network.
  • the seventh acquisition request sent by the network configuration device to the network configuration cloud platform includes the device manufacturer name of the device to be connected to the network, and the network configuration cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 844 the distribution network cloud platform sends an eighth acquisition request to the device cloud platform, where the eighth acquisition request is used to request to acquire the second information key.
  • the eighth acquisition request is used to request the acquisition of the second information key. Based on this, after determining the device cloud platform corresponding to the device to be connected to the network, the distribution network cloud platform can further send an eighth acquisition request to the device cloud platform to request the device cloud platform. The platform calculates the second information key, and requests the device cloud platform to send the second information key to the distribution network cloud platform.
  • the eighth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 845 the device cloud platform calculates the second information key.
  • the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K.
  • the calculation method of the first information key and the calculation method of the second information key should also be consistent.
  • a second information key is calculated by means of an information key.
  • the process of calculating the second information key by the device cloud platform is as follows: the device cloud platform adopts the fourth key generation algorithm to calculate the parameters of the key and The second device key is processed to obtain the second information key.
  • the fourth key generation algorithm please refer to the above method embodiments, and details are not repeated here.
  • Step 846 the device cloud platform sends the second information key and key calculation parameters to the distribution network cloud platform.
  • the device cloud platform can send the second information key and key calculation parameters to the distribution network cloud platform.
  • Step 847 The distribution network cloud platform sends the second information key to the distribution network device.
  • the distribution network cloud platform After receiving the second information key, the distribution network cloud platform further sends the second information key and the key calculation parameter to the distribution network device, so as to respond to the seventh acquisition request of the distribution network device.
  • Scenario 2 The identity authentication process of the device to be connected to the network is decoupled from the network distribution process:
  • the above method further includes the following steps:
  • Step 851 The network distribution device receives the beacon of the first access point activated by the device to be connected to the network, and the beacon includes the device identifier of the device to be connected to the network.
  • step 851 For the description of step 851, please refer to the description of step 841, which is not repeated here.
  • Step 852 The distribution network device sends a ninth acquisition request to the distribution network cloud platform.
  • the ninth acquisition request is used to request to acquire the second reference information or the second information. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network (the second information also includes the reference information of the device to be connected to the network), the network distribution device needs to obtain the second reference information or the second information when Next, a ninth acquisition request may be sent to the distribution network cloud platform, so as to further acquire the second reference information or the second information through the distribution network cloud platform.
  • the ninth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.
  • Step 853 the configuration network cloud platform determines the device cloud platform.
  • step 853 please refer to the above-mentioned step 843, and details are not repeated here.
  • Step 854 the distribution network cloud platform sends a tenth acquisition request to the device cloud platform.
  • the tenth acquisition request is used to request the acquisition of the second reference information or the second information. Based on this, after determining the device cloud platform corresponding to the device to be connected to the network, the network distribution cloud platform can further send the tenth acquisition request to the device cloud platform to obtain the information.
  • the device cloud platform is requested to send the second reference information or the second information to the distribution network cloud platform.
  • This embodiment of the present application does not limit the content of the tenth acquisition request.
  • the tenth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Ten get requests if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 855 the device cloud platform calculates the second information key.
  • the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K.
  • the calculation method of the first information key and the calculation method of the second information key should also be consistent.
  • a second information key is calculated by means of an information key.
  • the process of calculating the second information key by the device cloud platform is as follows: the device cloud platform adopts the fourth key generation algorithm to calculate the parameters of the key and The second device key is processed to obtain the second information key.
  • the fourth key generation algorithm please refer to the above method embodiments, and details are not repeated here.
  • Step 856 the device cloud platform encrypts the second reference information or the second information by using the second information key.
  • the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network. Therefore, after determining the second information key, the device cloud platform uses the second information key to encrypt the first 2. Reference information or second information, so as to avoid leaking the reference information of the device to be connected to the network.
  • Step 857 The device cloud platform sends the key calculation parameter and the second reference information or second information encrypted with the second information key to the distribution network cloud platform.
  • Step 858 The distribution network cloud platform sends the key calculation parameter and the second reference information or second information encrypted with the second information key to the distribution network device.
  • the distribution network cloud platform After receiving the key calculation parameter from the device cloud platform and the second reference information or second information encrypted with the second information key, the distribution network cloud platform further sends it to the distribution network device, in response to the first information of the distribution network device.
  • the embodiment of the present application only uses the first information key and the second information key to be calculated based on the key calculation parameters and the device key of the device to be connected to the network for illustration. After applying for the technical solution, it is easy to think of using other calculation parameters to calculate the information key, such as calculating the first information key and The second information key, all of which should fall within the protection scope of this application.
  • the key calculation parameter is generated through the cloud platform corresponding to the device to be connected to the network, and the key is calculated according to the key. Calculate the parameters and the device key of the device to be connected to the network, determine the information key, and further send the information key and key calculation parameters to the network distribution device, so as to avoid leaking the device key of the device to be connected to the network and improve the effectiveness of identity authentication. sex.
  • the key calculation parameter is generated through the cloud platform corresponding to the device to be connected to the network, and the information encryption parameter is determined according to the key calculation parameter and the device key of the device to be connected to the network. Then use the information key to further encrypt the reference information, so as to send the key calculation parameters and encrypted reference information to the distribution network device, so as to avoid leaking the device key and reference information of the device to be connected to the network, and improve the effectiveness of identity authentication. sex.
  • the information processing method includes the following steps:
  • Step 1001 the device to be connected to the network broadcasts the beacon of the soft AP.
  • the beacon includes the device identifier of the device to be connected to the network.
  • Step 1002 the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.
  • Step 1003 the distribution network device sends a seventh acquisition request to the distribution network cloud platform, where the seventh acquisition request is used to request to acquire the second information key.
  • the seventh acquisition request includes the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Seventh Get Request.
  • Step 1004 the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1005 the distribution network cloud platform sends an eighth acquisition request to the device cloud platform.
  • the eighth acquisition request is used to request to acquire the second information key.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Eight Get Requests.
  • Step 1006 the device cloud platform calculates the second information key.
  • the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.
  • Step 1007 the device cloud platform sends the second information key and key calculation parameters to the distribution network cloud platform.
  • Step 1008 the distribution network cloud platform sends the second information key and the key calculation parameter to the distribution network device.
  • Step 1009 The distribution network device determines the first information based on the second information key, the key calculation parameter and the network configuration information.
  • the network configuration device uses the third encryption algorithm and the information encryption key to process the network configuration information, and obtains the network configuration information encrypted with the information encryption key; configuration information, and determine the first information.
  • Step 1010 The network distribution device sends the first information to the device to be connected to the network.
  • Step 1011 the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key.
  • the device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information.
  • the first device key is processed to obtain the first information key.
  • Step 1012 the device to be connected to the network uses the first information key to decrypt the network configuration information encrypted by the second information key.
  • the device to be connected to the network succeeds in acquiring the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.
  • the information processing method includes the following steps:
  • Step 1101 the device to be connected to the network broadcasts the beacon of the soft AP.
  • the beacon includes the device identifier of the device to be connected to the network.
  • Step 1102 the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.
  • Step 1103 The distribution network device sends a ninth acquisition request to the distribution network cloud platform.
  • the ninth acquisition request is used to request to acquire the second reference information.
  • the ninth acquisition request includes the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.
  • Step 1104 the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1105 the distribution network cloud platform sends a tenth acquisition request to the device cloud platform.
  • the tenth acquisition request is used to request to acquire the second reference information.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Ten get requests.
  • Step 1106 the device cloud platform calculates the second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.
  • Step 1107 the device cloud platform encrypts the second reference information with the second information key to obtain the second encrypted information. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network, in order to avoid leakage of the reference information of the device to be connected to the network, the device cloud platform needs to encrypt the second reference information.
  • Step 1108 the device cloud platform sends the key calculation parameter and the second encryption information to the distribution network cloud platform.
  • Step 1109 the distribution network cloud platform sends the key calculation parameter and the second encryption information to the distribution network device.
  • Step 1110 The network distribution device sends the key calculation parameter to the device to be connected to the network.
  • Step 1111 the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key.
  • the device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information.
  • the first device key is processed to obtain the first information key.
  • Step 1112 the device to be connected to the network encrypts the first reference information by using the first information key to obtain the first encrypted information.
  • the reference information of the device to be connected to the network is preconfigured in the device to be connected to the network by the device manufacturer of the device to be connected to the network. After the device to be connected to the network calculates the first information key, the first information key can be used to encrypt the first reference information.
  • the device to be connected to the network uses the first reference information and the third encryption algorithm to process the first reference information to obtain the first encrypted information.
  • Step 1113 the device to be connected to the network sends the first encrypted information to the network distribution device.
  • Step 1114 In the case that the first encrypted information and the second encrypted information are consistent, the network configuration device sends network configuration information to the device to be connected to the network.
  • the distribution network device receives the second encrypted information from the distribution network cloud platform, and on the other hand, it receives the first encrypted information from the device to be connected to the network, and then compares the first encrypted information with the second encrypted information.
  • the network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the home WiFi network.
  • the network access device After the network access device receives the network configuration information, it can join the home WiFi network according to the network configuration information.
  • the information processing method includes the following steps:
  • Step 1201 the device to be connected to the network broadcasts the beacon of the soft AP.
  • the beacon includes the device identifier of the device to be connected to the network.
  • Step 1202 the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.
  • Step 1203 The distribution network device sends a ninth acquisition request to the distribution network cloud platform.
  • the ninth acquisition request is used to request to acquire the second information.
  • the ninth acquisition request includes the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.
  • Step 1204 the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1205 The distribution network cloud platform sends a tenth acquisition request to the device cloud platform.
  • the tenth acquisition request is used to request to acquire the second information.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Ten get requests if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Ten get requests.
  • Step 1206 the device cloud platform calculates the second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.
  • Step 1207 the device cloud platform encrypts the second information by using the second information key. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network, in order to avoid leakage of the reference information of the device to be connected to the network, the device cloud platform needs to encrypt the reference information, and then obtain the second information encryption key. Encrypted second information, where the second information includes reference information of the device to be connected to the network.
  • Step 1208 the device cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network cloud platform.
  • Step 1209 The distribution network cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network device.
  • Step 1210 The network distribution device sends the key calculation parameter and the second information to the device to be connected to the network.
  • Step 1211 the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key.
  • the device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information.
  • the first device key is processed to obtain the first information key.
  • Step 1212 the device to be connected to the network uses the first information key to decrypt the second information to obtain third reference information.
  • the device to be connected to the network decrypts the second information, and can obtain the reference information of the device to be connected to the network in the second information, that is, the third reference information.
  • Step 1213 The device to be connected to the network sends third reference information to the network distribution device.
  • Step 1214 In the case that the third reference information and the fourth reference information are consistent, the network distribution device sends network configuration information to the device to be connected to the network.
  • the network distribution device receives the fourth reference information from the distribution network cloud platform, and on the other hand, receives the third reference information from the device to be connected to the network, and then compares the fourth reference information with the third reference information. If the fourth reference information is consistent with the third reference information, it is confirmed that the device to be connected to the network has passed identity authentication, and network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the home WiFi network. After the network access device receives the network configuration information, it can join the home WiFi network according to the network configuration information.
  • FIG. 13 shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 .
  • the method may include the following steps:
  • Step 1310 the device to be connected to the network displays a first graphic code
  • the first graphic code includes the key calculation parameter and/or the device identifier of the device to be connected to the network
  • the key calculation parameter is used to determine the information decryption key
  • the information decryption key is used for decryption
  • the network configuration information from the network distribution device is used to configure the device to be connected to the network to access the second access point.
  • a device For a device to be connected to a network with a scanning function or a camera function, it can also access the network by scanning and configuring the network.
  • the embodiment of the present application also provides an identity authentication method.
  • the device to be connected to the network first displays the first graphic code.
  • the first graphic code is displayed on the screen of the device to be connected to the network;
  • the first image code may be pasted on the device surface of the device to be connected to the network by the device manufacturer of the device to be connected to the network, or pasted on the packaging box of the device to be connected to the network, which is not limited in this embodiment of the present application.
  • the first graphic code is represented as a two-dimensional code, a barcode, or the like.
  • the first graphic code includes a key calculation parameter and/or a device identifier of a device to be connected to the network.
  • the first graphic code further includes the device manufacturer name of the device to be connected to the network, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, and the like.
  • the key calculation parameter is used to determine the information decryption key for decrypting the network configuration information.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the key calculation parameter is preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network. If the device to be connected to the network does not have the screen display function, the key calculation parameters can be pre-configured by the device cloud platform corresponding to the device to be connected to the network; if the device to be connected to the network has the screen display function, the key calculation parameters The device generates itself.
  • the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value.
  • the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network.
  • the device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the cloud platform of the device manufacturer (ie, the cloud platform corresponding to the device to be connected to the network).
  • Step 1320 the network distribution device scans the first graphic code of the device to be connected to the network, the first graphic code includes the key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, and the information encryption key is The key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the network distribution device scans the first graphic code of the device to be connected to the network to obtain the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the key calculation parameter is used to determine the information decryption key for decrypting the network configuration information; for the network configuration device, the key calculation parameter is used to determine the information encryption key for encrypting the network configuration information.
  • the network distribution device configures the network for the device to be connected by scanning the code to configure the network, after obtaining the information encryption key, the network distribution device needs to further display the second graphic code for the device to scan to obtain the network configuration information.
  • the above method further includes: the network distribution device determines the second graphic code according to the network configuration information and the information encryption key; and displays the second graphic code.
  • the information encryption key is used to encrypt the network configuration information, that is, the network configuration device can use the first encryption algorithm and the information encryption key to process the network configuration information, obtain the encrypted network configuration information, and then generate the encrypted network configuration information according to the encrypted network configuration information.
  • the second graphic code is used to encrypt the network configuration information.
  • the first encryption algorithm is a symmetric encryption algorithm.
  • the first encryption algorithm includes but is not limited to any of the following: AES128-CMAC, AES128-CBC (Cipher Block Chaining, cipher block chaining), AES128-GCM (Galois/Counter Mode), AES256-CMAC, AES256 -CBC, AES256-GCM.
  • the above method further includes: the device to be connected to the network scans a second graphic code displayed by the network configuration device, where the second graphic code includes network configuration information encrypted with an information encryption key.
  • the device to be connected to the network scans the second image code to obtain the network configuration information encrypted with the information encryption key. Since the device to be connected to the network determines the information decryption key based on the key calculation parameter, the device to be connected to the network uses the information decryption key to decrypt the information. Network configuration information. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. fail.
  • the device to be connected to the network can use the key calculation parameter to determine the information decryption key, and the network distribution device uses the key calculation parameter to determine the decryption key.
  • the key calculation parameters can obtain the information encryption key, and then the device to be connected to the network can use the information decryption key to decrypt the network configuration information encrypted by the distribution device using the information encryption key.
  • the following describes the calculation process of the information decryption key on the side of the network access device and the information encryption key on the side of the distribution device.
  • the above method further includes the following steps:
  • Step 1331 the device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key.
  • the first device key is the device key of the device to be connected to the network preset in the device to be connected to the network, that is, the above-mentioned key K. After specifying the key calculation parameters and the first device key, the device to be connected to the network can calculate the information decryption key based on the key calculation parameters and the first device key.
  • the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key.
  • the above step 1331 includes: the device to be connected to the network uses the second key generation algorithm to The key calculation parameter and the first device key are processed to obtain the information decryption key.
  • the second key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.
  • the above method further includes the following steps:
  • Step 1332 The distribution network device sends a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key.
  • the calculation parameters of the information encryption key and the calculation parameters of the information decryption key need to be the same.
  • the above calculation parameters of the information decryption key include the key calculation parameter and the first device key. Therefore, the calculation parameters of the information encryption key should also include the key calculation parameter and the device key of the device to be connected to the network.
  • the device key of the device to be connected to the network is only held by the cloud platform (that is, the device cloud platform) of the device to be connected to the network and the device manufacturer of the device to be connected to the network. Therefore, the information The encryption key needs to be calculated by the device cloud platform.
  • the network distribution device scans the graphic code of the device to be connected to the network, and obtains the device identification and/or key calculation parameters of the device to be connected to the network, and then the distribution network device sends a second acquisition request to the distribution network cloud platform to request to obtain the information encryption key.
  • This embodiment of the present application does not limit the content of the second acquisition request.
  • the second acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the second acquisition request also includes the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. The second get request.
  • the device key of the device to be connected to the network is not held by the network configuration cloud platform. Therefore, after receiving the second acquisition request, the network configuration cloud platform , you need to further obtain the information encryption key from the device cloud platform. That is, as shown in Figure 14, after the above step 1332, the following steps are further included:
  • Step 133A the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network.
  • the second acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 133B The distribution network cloud platform sends a fourth acquisition request to the device cloud platform, where the fourth acquisition request is used to request to acquire an information encryption key.
  • the distribution network cloud platform may further send a fourth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key.
  • the fourth acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the fourth acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Four Get Requests if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 133C the device cloud platform calculates the information encryption key.
  • the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network,
  • the second device key is the device key of the device to be connected to the network stored in the device cloud platform, that is, the key K.
  • the calculation method of the information decryption key and the calculation method of the information encryption key should also be consistent. way to calculate the message encryption key.
  • the process of calculating the information encryption key by the device cloud platform is as follows: the device cloud platform adopts the second key generation algorithm to calculate the parameters of the key and the second key The device key is processed to obtain the information encryption key.
  • the second key generation algorithm please refer to the above method embodiments, and details are not repeated here.
  • Step 133D the device cloud platform sends the information encryption key to the distribution network cloud platform.
  • the device cloud platform After the device cloud platform calculates the information encryption key, it can send the information encryption key to the distribution network cloud platform.
  • Step 1334 the distribution network cloud platform sends the information encryption key to the distribution network device.
  • the distribution network cloud platform After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key to the distribution network device in response to the second acquisition request of the distribution network device.
  • the embodiment of the present application only uses the information encryption key and the information decryption key to calculate based on the key calculation parameter and the device key of the device to be connected to the network for illustration. After the technical solution, it is easy to think of using other calculation parameters to calculate the access key. key, all of which should fall within the scope of protection of this application.
  • the information decryption key and the information encryption key are obtained by the device to be connected to the network and the network distribution device respectively according to the key calculation parameters, and the subsequent network distribution device uses the information encryption key to encrypt the network.
  • Configuration information the device to be connected to the network uses the information decryption key to decrypt the network configuration information encrypted with the information encryption key. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information. Before the network access device obtains the network configuration information, the identity of the network access device is authenticated, so as to avoid leakage of the network configuration information and improve the security of the access point.
  • the information encryption key on the side of the distribution device is calculated by the cloud platform corresponding to the device to be connected to the network, so as to avoid leaking the device key of the device to be connected to the network. key, which improves the effectiveness of identity authentication.
  • the information processing method provided by the embodiment of the present application includes the following steps:
  • Step 1500 the network distribution device scans the first graphic code of the device to be connected to the network, the first graphic code includes the key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, and the information encryption key is used to determine the information encryption key.
  • the key is used to encrypt the network configuration information, and the network configuration information is used to configure the device to be connected to the home WiFi network.
  • the network distribution device scans the first graphic code of the device to be connected to the network to obtain the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • Step 1510 The network distribution device sends a second acquisition request to the distribution network cloud platform.
  • the second acquisition request is used for requesting to acquire the information encryption key.
  • the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. The second get request.
  • Step 1520 the configuration network cloud platform determines the device cloud platform.
  • the second acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1530 The distribution network cloud platform sends a fourth acquisition request to the device cloud platform, where the fourth acquisition request is used to request to acquire an information encryption key.
  • the fourth acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 1540 the device cloud platform calculates the information encryption key.
  • the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, where the second device key is the device key of the device to be connected to the network stored by the device cloud platform.
  • the device cloud platform uses the second key generation algorithm to process the key calculation parameter and the second device key to obtain the information encryption key.
  • Step 1550 the device cloud platform sends the information encryption key to the distribution network cloud platform.
  • Step 1560 the distribution network cloud platform sends the information encryption key to the distribution network device.
  • Step 1570 The network configuration device uses the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information; generate a second graphic code according to the encrypted network configuration information, and display the second graphic code .
  • Step 1580 the device to be connected to the network calculates the information decryption key.
  • the device to be connected to the network uses the second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • Step 1590 the device to be connected to the network scans the second graphic code.
  • the device to be connected to the network scans the second image code to obtain the network configuration information encrypted with the information encryption key. Since the device to be connected to the network determines the information decryption key based on the key calculation parameter, the device to be connected to the network uses the information decryption key to decrypt the information. Network configuration information. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. fail.
  • the embodiment of the present application does not limit the execution sequence of the above steps, and the above steps can be combined in any execution order on the premise of satisfying the implementation logic.
  • the above step 1580 can also be executed before the above step 1500, or the above step 1580 can also be executed after the above step 1540. These should all fall within the protection scope of the present application.
  • FIG. 16 shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 .
  • the method may include the following steps:
  • Step 1610 the network configuration device displays a third graphic code, and the third graphic code includes the network configuration information encrypted by the information encryption key and the key calculation parameter; wherein, the network configuration information is used to configure the device to be connected to the network to access the second access
  • the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key.
  • the embodiment of the present application further provides an information processing method.
  • the distribution network device first displays a third graphic code, optionally, the third graphic code is represented as a two-dimensional code, a barcode, or the like.
  • the third graphic code includes the network configuration information encrypted by the information encryption key, and the key calculation parameter.
  • the key calculation parameter is used to determine the information encryption key; for the device to be connected to the network, the key calculation parameter is used to determine the information decryption key.
  • the determination process of the information encryption key and the information decryption key please refer to the following method embodiments, and details are not repeated here.
  • the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value.
  • the key calculation parameter is generated by the device cloud platform (the cloud platform corresponding to the device to be connected to the network).
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the device cloud platform generates the key calculation parameters after receiving the request for obtaining the information encryption key; or, the device cloud platform pre-generates the encryption key After receiving the request for obtaining the information encryption key, the information encryption key can be calculated directly according to the key calculation parameter and the device key of the device to be connected to the network.
  • the information encryption key with the device key of the device to be connected to the network as the calculation parameter is calculated by the device cloud platform, and then the device cloud platform further passes the network configuration cloud platform to encrypt the information encryption key and The key calculation parameters are sent to the distribution network device.
  • the network distribution device After receiving the information encryption key and the key calculation parameter, the network distribution device needs to generate a third graphic code based on the information encryption key and the key calculation parameter for the device to be connected to the network to scan. Therefore, in an example, the above method further includes: the distribution network device receives the information encryption key, the key calculation parameter and the network configuration information from the distribution network cloud platform; based on the information encryption key, the key calculation parameter and the network configuration information to determine the third graphic code.
  • the above-mentioned determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information includes: using the second encryption algorithm and the information encryption key to process the network configuration information, and obtaining the information encryption key using the information encryption key. key-encrypted network configuration information; generate a third graphic code according to the network configuration information encrypted with the information encryption key and key calculation parameters. Since the key calculation parameters are not encrypted by the information encryption key, that is, the key calculation parameters are in plaintext, the device to be connected to the network can obtain the key calculation parameters by scanning the third graphic code.
  • the second encryption algorithm is a symmetric encryption algorithm.
  • the second encryption algorithm includes but is not limited to any one of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, and AES256-GCM.
  • Step 1620 the device to be connected to the network scans the third graphic code displayed by the network distribution device.
  • the device to be connected to the network scans the third graphic code displayed by the network distribution device to obtain the key calculation parameters in plaintext and the network configuration information encrypted with the information encryption key. After that, the device to be connected to the network needs to further determine the information decryption key based on the key calculation parameter, so as to decrypt the network configuration information encrypted by the information encryption key.
  • the process of determining the information decryption key by the device to be connected to the network please refer to the following method embodiments, and details are not repeated here.
  • the device to be connected to the network succeeds in obtaining the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. Configuration information failed.
  • the technical solutions provided by the embodiments of the present application add key calculation parameters and network configuration information encrypted by the information encryption key to the graphic code displayed by the network distribution device, and then the device to be connected to the network scans the graphic code, that is, The key calculation parameter can be obtained, so that the information decryption key can be determined according to the key calculation parameter. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information, thus realizing the need to access the network. The identity of the device is authenticated to avoid leakage of network configuration information.
  • the technical solution provided by the embodiment of the present application can further improve the security of the key calculation parameter.
  • the following describes the calculation process of the information decryption key on the side of the network access device and the information encryption key on the side of the distribution device.
  • the above method further includes the following steps:
  • Step 1631 the device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key.
  • the first device key is the device key of the device to be connected to the network preset in the device to be connected to the network, that is, the above-mentioned key K. After specifying the key calculation parameters and the first device key, the device to be connected to the network can calculate the information decryption key based on the key calculation parameters and the first device key.
  • the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key.
  • the above step 1631 includes: the device to be connected to the network uses a third key generation algorithm to The key calculation parameter and the first device key are processed to obtain the information decryption key.
  • the third key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.
  • the above method further includes the following steps:
  • Step 1632 The network configuration device scans the fourth graphic code of the device to be connected to the network, where the fourth graphic code includes the device identifier of the device to be connected to the network.
  • the device to be connected to the network can display a fourth graphic code.
  • the fourth graphic code is displayed on the screen of the device to be connected to the network;
  • the fourth image code may be pasted on the device surface of the device to be connected to the network by the device manufacturer of the device to be connected to the network, or pasted on the packaging box of the device to be connected to the network, which is not limited in this embodiment of the present application.
  • the fourth graphic code is represented as a two-dimensional code, a barcode, or the like.
  • the fourth graphic code includes the device identification of the device to be connected to the network.
  • the fourth graphic code further includes the device manufacturer name of the device to be connected to the network, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, and the like.
  • the network distribution device can obtain the device identification of the device to be connected to the network by scanning the fourth graphic code.
  • Step 1633 The distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire an information encryption key.
  • the distribution network device when the distribution network device needs to obtain the information encryption key, it can send a fifth acquisition request to the distribution network cloud platform to further obtain the information encryption through the distribution network cloud platform. key.
  • This embodiment of the present application does not limit the content of the fifth acquisition request.
  • the fifth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Fifth get request.
  • Step 1634 the distribution network cloud platform determines the device cloud platform.
  • the distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network.
  • the second acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1635 The distribution network cloud platform sends a sixth acquisition request to the device cloud platform, where the sixth acquisition request is used to request to acquire an information encryption key.
  • the distribution network cloud platform may further send a sixth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key.
  • the sixth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc.
  • the network distribution cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 1636 the device cloud platform calculates the information encryption key.
  • the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network.
  • the device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the cloud platform of the device manufacturer (ie, the cloud platform corresponding to the device to be connected to the network).
  • the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K.
  • the calculation method of the information decryption key and the calculation method of the information encryption key should also be consistent. way to calculate the message encryption key.
  • the process of calculating the information encryption key by the device cloud platform is as follows: the device cloud platform adopts the third key generation algorithm to calculate the parameters of the key and the second key The device key is processed to obtain the information encryption key.
  • the third key generation algorithm please refer to the above method embodiments, and details are not repeated here.
  • Step 1637 The device cloud platform sends the information encryption key and key calculation parameters to the distribution network cloud platform.
  • the device cloud platform can send the information encryption key and key calculation parameters to the distribution network cloud platform.
  • Step 1638 the distribution network cloud platform sends the information encryption key to the distribution network device.
  • the distribution network cloud platform After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key and the key calculation parameter to the distribution network device, so as to respond to the fifth acquisition request of the distribution network device.
  • the embodiment of the present application only uses the information encryption key and the information decryption key to calculate based on the key calculation parameter and the device key of the device to be connected to the network for illustration. After the technical solution, it is easy to think of using other calculation parameters to calculate the access key. key, all of which should fall within the scope of protection of this application.
  • the technical solutions provided by the embodiments of the present application generate key calculation parameters through the cloud platform corresponding to the device to be connected to the network, and determine the information encryption key according to the key calculation parameters and the device key of the device to be connected to the network, In order to further send the information encryption key and key calculation parameters to the distribution network device, so as to avoid leaking the device key of the device to be connected to the network, and improve the effectiveness of identity authentication.
  • the information processing method provided by the embodiment of the present application includes the following steps:
  • Step 1801 the network configuration device scans the fourth graphic code of the device to be connected to the network.
  • the fourth graphic code includes the device identification of the device to be connected to the network.
  • the network distribution device scans the fourth graphic code of the device to be connected to the network to obtain the device identification of the device to be connected to the network.
  • Step 1802 The distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire an information encryption key.
  • the fifth acquisition request includes the device identifier of the device to be connected to the network.
  • the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Fifth get request.
  • Step 1803 the distribution network cloud platform determines the device cloud platform.
  • the fifth acquisition request sent by the distribution device to the distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.
  • Step 1804 the distribution network cloud platform sends a sixth acquisition request to the device cloud platform, where the sixth acquisition request is used to request to acquire an information encryption key.
  • the sixth acquisition request includes the device identifier of the device to be connected to the network.
  • the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform.
  • Step 1805 the device cloud platform calculates the information encryption key.
  • the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, where the second device key is the device key of the device to be connected to the network stored by the device cloud platform.
  • the device cloud platform uses the third key generation algorithm to process the key calculation parameter and the second device key to obtain the information encryption key.
  • Step 1806 the device cloud platform sends the information encryption key and key calculation parameters to the distribution network cloud platform.
  • Step 1807 The distribution network cloud platform sends the information encryption key and key calculation parameters to the distribution network device.
  • Step 1808 the network configuration device uses the second encryption algorithm and the information encryption key to process the network configuration information, and obtains the network configuration information encrypted with the information encryption key; according to the network configuration information encrypted with the information encryption key and the key calculation The parameter generates the third graphic code and displays the third graphic code.
  • Step 1809 the device to be connected to the network scans the third graphic code.
  • the device to be connected to the network scans the third image code, the network configuration information and key calculation parameters encrypted with the information encryption key can be obtained.
  • Step 1810 the device to be connected to the network calculates the information decryption key.
  • the device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key.
  • the device to be connected to the network uses the third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • Step 1811 the device to be connected to the network acquires network configuration information.
  • the device to be connected to the network can use the calculated information decryption key to decrypt the previously obtained network configuration information encrypted with the information encryption key. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information. ; When the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.
  • the embodiments of the present application describe the information processing methods provided by the embodiments of the present application from the perspective of interaction among devices to be connected to the network, network distribution devices, network distribution cloud platforms, and device cloud platforms.
  • the above-mentioned steps performed by the device to be connected to the network can be independently implemented as an information processing method on the side of the device to be connected to the network; the above-mentioned steps performed by the network distribution device can be independently implemented as an information processing method on the network distribution device side.
  • FIG. 19 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware.
  • the device may be the device to be connected to the network described above, or may be set in the device to be connected to the network.
  • the apparatus 1900 may include: a beacon broadcasting module 1910 .
  • the beacon broadcasting module 1910 is used to broadcast the beacon of the first access point, the beacon includes key calculation parameters and/or the device identification of the device to be connected to the network, and the key calculation parameters are used to determine the The access key for performing identity authentication between the device to be accessed and the network distribution device is described.
  • the apparatus 1900 further includes: a first key determination module 1920, configured to determine a first access key based on the key calculation parameter and the first device key.
  • the first key determination module 1920 is configured to: use a first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key; the first encryption key is processed in a first encoding manner to obtain the first access key.
  • the apparatus 1900 further includes: an identity authentication module 1930, configured to perform the identity authentication with the distribution network device based on the first access key; wherein, If the first access key and the second access key determined by the distribution network device are consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device If the access keys are inconsistent, the identity authentication fails.
  • an identity authentication module 1930 configured to perform the identity authentication with the distribution network device based on the first access key; wherein, If the first access key and the second access key determined by the distribution network device are consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device If the access keys are inconsistent, the identity authentication fails.
  • the beacon includes at least one of the following fields: a BSSID field, an SSID field, and a custom field;
  • the BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or,
  • the SSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, the custom field includes the key calculation parameter and/or the device identification of the device to be connected to the network.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the apparatus 1900 further includes: a configuration information receiving module 1940, configured to receive the network configuration information from the distribution network device when the identity authentication is passed, so The network configuration information is used to configure the device to be connected to the network to access the second access point.
  • a configuration information receiving module 1940 configured to receive the network configuration information from the distribution network device when the identity authentication is passed, so The network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the technical solutions provided by the embodiments of this application add a key calculation parameter to the beacon of the access point activated by the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device.
  • the access key for performing identity authentication between devices provides a basis for performing identity authentication between the device to be connected to the network and the device to be deployed on the network, which is helpful for the subsequent realization of identity authentication between the device to be connected to the network and the device to be connected to the network.
  • the identity authentication between the device to be accessed and the network distribution device is performed before the device to access the network obtains the network configuration information, that is, the device to be connected to the network can obtain the network configuration information only when the identity authentication is passed. , thereby reducing the risk of network configuration information leakage and improving the security of the access point.
  • the network device switches the access point back and forth to verify the identity of the device to be connected to the network.
  • the embodiment of the present application simplifies the identity authentication process and improves the identity authentication efficiency.
  • FIG. 21 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware.
  • the device may be the distribution network equipment described above, or may be set in the distribution network equipment.
  • the apparatus 2100 may include: a beacon receiving module 2110 .
  • a beacon receiving module 2110 configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network An access key for performing identity authentication with the distribution network device.
  • the apparatus 2100 further includes: a first request sending module 2120, configured to send a first obtaining request to the distribution network cloud platform, where the first obtaining request is used to request to obtain the second Access key; the key information receiving module 2130 is configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
  • a first request sending module 2120 configured to send a first obtaining request to the distribution network cloud platform, where the first obtaining request is used to request to obtain the second Access key
  • the key information receiving module 2130 is configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
  • the access key information includes the second access key.
  • the access key information includes a second encryption key; as shown in FIG. 22 , the apparatus 2100 further includes: a second key determination module 2140, configured to use the first encoding method to encrypt the second encryption key.
  • the second encryption key is processed to obtain the second access key.
  • the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the apparatus 2100 further includes: an identity authentication module 2150, configured to perform the identity authentication with the device to be connected to the network based on the second access key; wherein, If the second access key is consistent with the first access key determined by the device to be connected to the network, the identity authentication is passed; if the second access key and the first access key determined by the device to be connected are the same If the access keys are inconsistent, the identity authentication fails.
  • an identity authentication module 2150 configured to perform the identity authentication with the device to be connected to the network based on the second access key; wherein, If the second access key is consistent with the first access key determined by the device to be connected to the network, the identity authentication is passed; if the second access key and the first access key determined by the device to be connected are the same If the access keys are inconsistent, the identity authentication fails.
  • the beacon includes at least one of the following fields: a BSSID field, an SSID field, and a custom field;
  • the BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or,
  • the SSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, the custom field includes the key calculation parameter and/or the device identification of the device to be connected to the network.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the apparatus 2100 further includes: an access module 2160, configured to access the first access point when the identity authentication is passed.
  • the apparatus 2100 further includes: a configuration information sending module 2170, configured to send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network Access the second access point.
  • a configuration information sending module 2170 configured to send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network Access the second access point.
  • the technical solutions provided by the embodiments of this application add a key calculation parameter to the beacon of the access point activated by the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device.
  • the access key for performing identity authentication between devices provides a basis for performing identity authentication between the device to be connected to the network and the device to be deployed on the network, which is helpful for the subsequent realization of identity authentication between the device to be connected to the network and the device to be connected to the network.
  • the identity authentication between the device to be accessed and the network distribution device is performed before the device to access the network obtains the network configuration information, that is, the device to be connected to the network can obtain the network configuration information only when the identity authentication is passed. , thereby reducing the risk of network configuration information leakage and improving the security of the access point.
  • the network device switches the access point back and forth to verify the identity of the device to be connected to the network.
  • the embodiment of the present application simplifies the identity authentication process and improves the identity authentication efficiency.
  • FIG. 23 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware.
  • the device may be the device to be connected to the network described above, or may be set in the device to be connected to the network.
  • the apparatus 2300 may include: a first receiving module 2310 .
  • the first receiving module 2310 is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • the apparatus 2300 further includes: a first key determination module 2320, configured to determine the first information based on the key calculation parameter and the first device key key.
  • the first key determination module 2320 is configured to: use a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
  • the first information further includes network configuration information encrypted with a second information key, where the network configuration information is used to configure the device to be connected to the network to access the second access point; as shown in FIG. 24 , the apparatus 2300 further includes: a first decryption module 2330, configured to use the first information key to decrypt the network configuration information encrypted with the second information key; If the second information key is the same, the device to be connected to the network successfully obtains the network configuration information; if the first information key and the second information key are inconsistent, the device to be connected to the network obtains the network configuration information. The network configuration information failed.
  • the apparatus 2300 further includes: a first encryption module 2340, configured to obtain the first encrypted information according to the first information key and the first reference information; send the first information Module 2350, configured to send the first encrypted information to the network distribution device.
  • a first encryption module 2340 configured to obtain the first encrypted information according to the first information key and the first reference information
  • send the first information Module 2350 configured to send the first encrypted information to the network distribution device.
  • the first encryption module 2340 is configured to: use a third encryption algorithm and the first information key to process the first reference information to obtain the first reference information Encrypted information.
  • the first information further includes second information encrypted with a second information key; as shown in FIG. 24 , the apparatus 2300 further includes: a second decryption module 2360, configured to use the first decryption module 2360 The information key decrypts the second information encrypted with the second information key to obtain third reference information; a third information sending module 2370 is configured to send the third reference information to the distribution network device.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the key calculation parameters are sent to the device to be connected to the network through the network distribution device, and the key calculation parameters are used to calculate the information key, and the information key can be used for decryption using the device.
  • the data encrypted by the information key calculated by the cloud platform or the network configuration information encrypted by the information key calculated by the device cloud platform can also be used to encrypt the reference information.
  • the device to be connected can successfully parse the network configuration information or data encrypted with the information key calculated by the device cloud platform, and then the device to be connected to the network can successfully parse the network configuration information or data encrypted by the information key calculated by the device cloud platform.
  • identity authentication the network configuration information can be further obtained; or, in the case where the information key calculated by the device to be connected to the network is consistent with the information key calculated by the device cloud platform, the data obtained by encrypting the two information keys respectively can be used. Consistency is achieved, and then the device to be connected to the network passes identity authentication and further obtains network configuration information. Therefore, in the embodiment of the present application, the identity of the device to be accessed is authenticated before the device to access the wireless access point, so as to avoid leakage of network configuration information corresponding to the wireless access point, and improve the security of the wireless access point.
  • the identity authentication process of the device to be connected to the network can be coupled with the network distribution process, that is, the network distribution device directly encrypts the network configuration information with the information key calculated by the device cloud platform, and the information calculated by the device to be connected to the network is encrypted.
  • the device to be connected to the network can directly obtain the network configuration information, which reduces the data exchange between the network distribution device and the device to be connected to the network, and reduces the number of distribution devices and the device to be connected to the network. processing overhead.
  • the identity authentication process of the device to be connected to the network can also be decoupled from the network distribution process, that is, after the identity authentication of the device to be connected to the network is passed, the network distribution device sends the network configuration information to the device to be connected to the network.
  • the decoupling of the identity authentication process and the distribution network process can fully improve the security of network configuration information.
  • FIG. 25 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware.
  • the device may be the distribution network equipment described above, or may be set in the distribution network equipment.
  • the apparatus 2500 may include: a first sending module 2510 .
  • the first sending module 2510 is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
  • the first information further includes network configuration information encrypted with a second information key, where the network configuration information is used to configure the device to be connected to the network to access the second access point; as shown in FIG. 26 .
  • the apparatus 2500 further includes: a first receiving module 2520 for receiving the key calculation parameter and the second information key from the distribution network cloud platform; a second determining module 2530 for The key calculation parameter, the second information key, and the network configuration information determine the first information.
  • the second determining module 2530 is configured to: use the fourth encryption algorithm and the second information key to process the network configuration information, and obtain the network configuration information encrypted with an information key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.
  • the apparatus 2500 further includes: a first information receiving module 2540, configured to receive first encrypted information from the device to be connected to the network, where the first encrypted information includes using the The first reference information encrypted by the first information key; the second information receiving module 2550 is used to receive the second encrypted information from the distribution network cloud platform, and the second encrypted information includes the encrypted information encrypted with the second information key. Second reference information; a configuration information sending module 2560, configured to send network configuration information to the device to be connected to the network when the first encrypted information and the second encrypted information are consistent, where the network configuration information is used for Configure the device to be connected to the network to access the second access point.
  • the apparatus 2500 further includes: a third information receiving module 2570, configured to receive the third reference information from the distribution network device; a fourth information receiving module 2580, It is used to receive the fourth reference information from the distribution network cloud platform; the configuration information sending module 2560 is used to send the network to the device to be connected to the network when the third reference information and the fourth reference information are consistent Configuration information, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • a third information receiving module 2570 configured to receive the third reference information from the distribution network device
  • a fourth information receiving module 2580 It is used to receive the fourth reference information from the distribution network cloud platform
  • the configuration information sending module 2560 is used to send the network to the device to be connected to the network when the third reference information and the fourth reference information are consistent Configuration information, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the key calculation parameters are sent to the device to be connected to the network through the network distribution device, and the key calculation parameters are used to calculate the information key, and the information key can be used for decryption using the device.
  • the data encrypted by the information key calculated by the cloud platform or the network configuration information encrypted by the information key calculated by the device cloud platform can also be used to encrypt the reference information.
  • the device to be connected can successfully parse the network configuration information or data encrypted with the information key calculated by the device cloud platform, and then the device to be connected to the network can successfully parse the network configuration information or data encrypted by the information key calculated by the device cloud platform.
  • identity authentication the network configuration information can be further obtained; or, in the case where the information key calculated by the device to be connected to the network is consistent with the information key calculated by the device cloud platform, the data obtained by encrypting the two information keys respectively can be used. Consistency is achieved, and then the device to be connected to the network passes identity authentication and further obtains network configuration information. Therefore, in the embodiment of the present application, the identity of the device to be accessed is authenticated before the device to access the wireless access point, so as to avoid leakage of network configuration information corresponding to the wireless access point, and improve the security of the wireless access point.
  • the identity authentication process of the device to be connected to the network can be coupled with the network distribution process, that is, the network distribution device directly encrypts the network configuration information with the information key calculated by the device cloud platform, and the information calculated by the device to be connected to the network is encrypted.
  • the device to be connected to the network can directly obtain the network configuration information, which reduces the data exchange between the network distribution device and the device to be connected to the network, and reduces the number of distribution devices and the device to be connected to the network. processing overhead.
  • the identity authentication process of the device to be connected to the network can also be decoupled from the network distribution process, that is, after the identity authentication of the device to be connected to the network is passed, the network distribution device sends the network configuration information to the device to be connected to the network.
  • the decoupling of the identity authentication process and the distribution network process can fully improve the security of network configuration information.
  • FIG. 27 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware.
  • the device may be the device to be connected to the network described above, or may be set in the device to be connected to the network.
  • the apparatus 2700 may include: a first display module 2710 .
  • the first display module 2710 is used to display a first graphic code, where the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, and the key calculation parameter is used to determine the information decryption key , the information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the apparatus 2700 further includes: a decryption key determination module 2720, configured to determine the information decryption key based on the key calculation parameter and the first device key.
  • the decryption key determination module 2720 is configured to: use the second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • the apparatus 2700 further includes: a first scanning module 2730, configured to scan a second graphic code displayed by the network distribution device, where the second graphic code includes using an information encryption password The network configuration information encrypted with the key; wherein, in the case that the information decryption key and the information encryption key are consistent, the device to be connected to the network successfully obtains the network configuration information; When the information encryption key is inconsistent with the information encryption key, the device to be connected to the network fails to acquire the network configuration information.
  • a first scanning module 2730 configured to scan a second graphic code displayed by the network distribution device, where the second graphic code includes using an information encryption password The network configuration information encrypted with the key; wherein, in the case that the information decryption key and the information encryption key are consistent, the device to be connected to the network successfully obtains the network configuration information; When the information encryption key is inconsistent with the information encryption key, the device to be connected to the network fails to acquire the network configuration information.
  • the key calculation parameter includes a random number.
  • the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the device to be connected to the network can use the key calculation parameter to determine the information decryption key, and the network distribution device uses the key calculation parameter to determine the decryption key.
  • the key calculation parameter can obtain the information encryption key, and then the device to be connected to the network can use the information decryption key to decrypt the network configuration information encrypted by the distribution device using the information encryption key.
  • FIG. 29 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware.
  • the device may be the distribution network equipment described above, or may be set in the distribution network equipment.
  • the apparatus 2900 may include: a second scanning module 2910 .
  • the second scanning module 2910 is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine An information encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the apparatus 2900 further includes: a second request sending module 2920, configured to send a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the Information encryption key; encryption key receiving module 2930, configured to receive the information encryption key from the distribution network cloud platform.
  • a second request sending module 2920 configured to send a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the Information encryption key
  • encryption key receiving module 2930 configured to receive the information encryption key from the distribution network cloud platform.
  • the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the apparatus 2900 further includes: a graphic code determination module 2940, configured to determine a second graphic code based on the network configuration information and the information encryption key; a second display module 2950, for displaying the second graphic code.
  • the graphic code determination module 2940 is configured to: use the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information ; Generate the second graphic code according to the encrypted network configuration information.
  • the key calculation parameter includes a random number.
  • the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the device to be connected to the network can use the key calculation parameter to determine the information decryption key, and the network distribution device uses the key calculation parameter to determine the decryption key.
  • the key calculation parameter can obtain the information encryption key, and then the device to be connected to the network can use the information decryption key to decrypt the network configuration information encrypted by the distribution device using the information encryption key.
  • FIG. 31 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware.
  • the device may be the device to be connected to the network described above, or may be set in the device to be connected to the network.
  • the apparatus 3100 may include: a third scanning module 3110 .
  • the third scanning module 3110 is configured to scan the third graphic code displayed by the network distribution device, where the third graphic code includes the network configuration information and key calculation parameters encrypted by the information encryption key; In order to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key. .
  • the apparatus 3100 further includes: a decryption key determination module 3120, configured to determine the information decryption key based on the key calculation parameter and the first device key.
  • the decryption key determination module 3120 is configured to: use a third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • the device to be connected to the network succeeds in acquiring the network configuration information; If the keys are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the technical solutions provided by the embodiments of the present application add key calculation parameters and network configuration information encrypted by the information encryption key to the graphic code displayed by the network distribution device, and then the device to be connected to the network scans the graphic code, that is, The key calculation parameter can be obtained, so that the information decryption key can be determined according to the key calculation parameter. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information, thus realizing the need to access the network. The identity of the device is authenticated to avoid leakage of network configuration information.
  • the technical solution provided by the embodiment of the present application can further improve the security of the key calculation parameter.
  • FIG. 33 shows a block diagram of an information processing apparatus provided by an embodiment of the present application.
  • the apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware.
  • the device may be the distribution network equipment described above, or may be set in the distribution network equipment.
  • the apparatus 3300 may include: a third display module 3310 .
  • the third display module 3310 is configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key; wherein the network configuration information is used to configure the device to be connected to the network The second access point is accessed, and the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key.
  • the apparatus 3300 further includes: an information receiving module 3320, configured to receive the information encryption key, the key calculation parameter and the network from the distribution network cloud platform Configuration information; a graphic code determination module 3330, configured to determine the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
  • the graphic code determination module 3330 is configured to: use the second encryption algorithm and the information encryption key to process the network configuration information, and obtain the information encryption key using the information encryption key. key-encrypted network configuration information; the third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the technical solutions provided by the embodiments of the present application add key calculation parameters and network configuration information encrypted by the information encryption key to the graphic code displayed by the network distribution device, and then the device to be connected to the network scans the graphic code, that is, The key calculation parameter can be obtained, so that the information decryption key can be determined according to the key calculation parameter. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information, thus realizing the need to access the network. The identity of the device is authenticated to avoid leakage of network configuration information.
  • the technical solution provided by the embodiment of the present application can further improve the security of the key calculation parameter.
  • the device provided in the above embodiment realizes its functions, only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be allocated to different functional modules according to actual needs. That is, the content structure of the device is divided into different functional modules to complete all or part of the functions described above.
  • FIG. 35 shows a schematic structural diagram of a device to be connected to a network 350 provided by an embodiment of the present application.
  • the device to be connected to a network can be used to execute the above-mentioned method for processing information of a device to be connected to a network.
  • the device 350 to be connected to the network may include: a processor 351, and a transceiver 352 connected to the processor 351; wherein:
  • the processor 351 includes one or more processing cores, and the processor 351 executes various functional applications and information processing by running software programs and modules.
  • Transceiver 352 includes a receiver and a transmitter.
  • transceiver 352 is a communication chip.
  • the device 350 to be connected to the network further includes: a memory and a bus.
  • the memory is connected to the processor through a bus.
  • the memory can be used to store a computer program, and the processor is used to execute the computer program, so as to implement each step performed by the device to be connected to the network in the foregoing method embodiments.
  • volatile or non-volatile storage devices include but are not limited to: RAM (Random-Access Memory, random access memory) and ROM (Read-Only Memory), EPROM (Erasable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory) ), flash memory or other solid-state storage technology, CD-ROM (Compact Disc Read-Only Memory), DVD (Digital Video Disc, high-density digital video disc) or other optical storage, tape cassettes, tapes, disk storage or other magnetic storage devices. in:
  • the transceiver 352 is configured to broadcast the beacon of the first access point, and the beacon includes key calculation parameters and/or the device identifier of the device to be connected to the network, so The key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device.
  • the processor 351 is configured to: determine the first access key based on the key calculation parameter and the first device key.
  • the processor 351 is configured to: use a first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key; use a first encoding The first encryption key is processed in a manner to obtain the first access key.
  • the processor 351 is configured to: perform the identity authentication with the distribution network device based on the first access key; wherein, between the first access key and the If the second access key determined by the distribution network device is consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device are inconsistent, the identity authentication Authentication failed.
  • the beacon includes at least one of the following fields: a BSSID field, an SSID field, and a custom field;
  • the BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or,
  • the SSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, the custom field includes the key calculation parameter and/or the device identification of the device to be connected to the network.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the transceiver 352 is configured to: when the identity authentication is passed, receive network configuration information from the network configuration device, where the network configuration information is used to configure the device to be connected to the network Access the second access point.
  • the processor 351 is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, the password
  • the key calculation parameter is used to determine the information decryption key
  • the information decryption key is used to decrypt the network configuration information from the network configuration device
  • the network configuration information is used to configure the device to be connected to the network to access the second access point .
  • the processor 351 is configured to: determine the information decryption key based on the key calculation parameter and the first device key.
  • the processor 351 is configured to: use a second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • the processor 351 is configured to: scan a second graphic code displayed by the network configuration device, where the second graphic code includes the network configuration information encrypted with an information encryption key; wherein, in When the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; when the information decryption key and the information encryption key are inconsistent, The device to be connected to the network fails to acquire the network configuration information.
  • the key calculation parameter includes a random number.
  • the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the processor 351 is configured to scan a third graphic code displayed by the network configuration device, where the third graphic code includes the network configuration information encrypted by the information encryption key and the key calculation parameters; wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the Network configuration information encrypted with an information encryption key.
  • the processor 351 is further configured to: determine the information decryption key based on the key calculation parameter and the first device key.
  • the processor 351 is further configured to: use a third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • the device to be connected to the network succeeds in acquiring the network configuration information; If the keys are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the transceiver 352 is configured to receive first information from a distribution network device, where the first information includes key calculation parameters and second information encrypted with an information encryption key , the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the second information encrypted with the information encryption key.
  • the processor 351 is configured to: determine the information decryption key based on the key calculation parameter and the first device key.
  • the processor 351 is configured to: use a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.
  • the second information includes first reference information
  • the processor 351 is configured to use the information decryption key to decrypt the second information encrypted with the information encryption key to obtain the first reference information. reference information
  • the transceiver 352 is configured to receive network configuration information from the distribution network device when the first reference information and the second reference information are consistent, where the network configuration information is used to configure all The device to be connected to the network accesses the second access point.
  • the second information includes network configuration information
  • the network configuration information is used to configure the device to be connected to the network to access the second access point; between the information encryption key and the information decryption key If they are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; if the information encryption key and the information decryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • FIG. 36 shows a schematic structural diagram of a distribution network device 360 provided by an embodiment of the present application.
  • the distribution network device can be used to execute the above-mentioned method for processing information on the distribution network device side.
  • the network distribution device 360 may include: a processor 361, and a transceiver 362 connected to the processor 361; wherein:
  • the processor 361 includes one or more processing cores, and the processor 361 executes various functional applications and information processing by running software programs and modules.
  • Transceiver 362 includes a receiver and a transmitter.
  • transceiver 362 is a communication chip.
  • the distribution network device 360 further includes: a memory and a bus.
  • the memory is connected to the processor through a bus.
  • the memory can be used to store a computer program, and the processor is used to execute the computer program, so as to implement each step performed by the distribution network device in the above method embodiments.
  • the memory may be implemented by any type or combination of volatile or non-volatile storage devices including, but not limited to: RAM and ROM, EPROM, EEPROM, flash memory or other Solid-state storage technology, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices. in:
  • the transceiver 362 is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be connected to the network, the key The key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device.
  • the transceiver 362 is configured to: send a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key; receive data from the distribution network cloud platform access key information, the access key information is used to determine the second access key.
  • the access key information includes the second access key.
  • the processor 361 is configured to: process the second encryption key in a first encoding manner to obtain the second access key.
  • the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the processor 361 is configured to: perform the identity authentication with the device to be networked based on the second access key; wherein, between the second access key and the If the first access key determined by the device to be connected is consistent, the identity authentication is passed; if the second access key and the first access key determined by the device to be connected are inconsistent, the identity authentication Authentication failed.
  • the beacon includes at least one of the following fields: a BSSID field, an SSID field, and a custom field;
  • the BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or,
  • the SSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, the custom field includes the key calculation parameter and/or the device identification of the device to be connected to the network.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the processor 361 is configured to: access the first access point when the identity authentication is passed.
  • the transceiver 362 is configured to: send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the processor 361 is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or the device identifier of the device to be connected to the network , the key calculation parameter is used to determine an information encryption key, and the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
  • the transceiver 362 is configured to: send a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key; receive data from the distribution network cloud The information encryption key of the platform.
  • the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
  • the processor 361 is configured to: determine a second graphic code based on the network configuration information and the information encryption key; and display the second graphic code.
  • the processor 361 is configured to: use the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information; The configuration information generates the second graphic code.
  • the key calculation parameter includes a random number.
  • the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the processor 361 is configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the encrypted data using the information encryption key.
  • Network configuration information is used to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;
  • the network configuration information is used to configure the device to be connected to the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the encrypted data using the information encryption key.
  • the processor 361 is further configured to: receive the information encryption key, the key calculation parameter and the network configuration information from the distribution network cloud platform; encrypt the key based on the information , the key calculation parameter and the network configuration information to determine the third graphic code.
  • the processor 361 is further configured to: use the second encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key;
  • the third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • the transceiver 362 is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter and second information encrypted with an information encryption key, where The key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the second information encrypted with the information encryption key.
  • the second information includes first reference information; the method further includes: the transceiver 362, configured to receive the key calculation parameter and the encryption of the adopted information from the distribution network cloud platform second information encrypted with a key; the processor 361 is configured to determine the first information based on the key calculation parameter and the second information encrypted with an information encryption key.
  • the second information includes network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point;
  • the transceiver 362 is configured to receive information from the distribution network cloud the key calculation parameter and the information encryption key of the platform;
  • the processor 361 is configured to determine the first key calculation parameter based on the key calculation parameter, the information encryption key and the network configuration information information.
  • the processor 361 is configured to: use a third encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key;
  • the key calculation parameter and the network configuration information encrypted with the information encryption key determine the first information.
  • the key calculation parameter includes a random number.
  • the length of the key calculation parameter is greater than or equal to one byte.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by the processor of the device to be connected to the network, so as to realize the information processing on the device to be connected to the network as described above. method.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a distribution network device, so as to realize the above-mentioned information processing on the network distribution device side method.
  • An embodiment of the present application further provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on the device to be connected to the network, it is used to implement the above-mentioned method for processing information on the device to be connected to the network.
  • An embodiment of the present application further provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a distribution network device, it is used to implement the above-mentioned method for processing information on the distribution network device side.
  • the embodiment of the present application further provides a computer program product, which is used to implement the above-mentioned method for processing information on the device to be connected to the network when the computer program product runs on the device to be connected to the network.
  • the embodiment of the present application also provides a computer program product, which is used to implement the above-mentioned method for processing information on the distribution network device side when the computer program product runs on the distribution network device.
  • Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des modes de réalisation de la présente demande se rapportent au domaine technique des communications et concernent un procédé et un appareil de de traitement d'informations, ainsi qu'un dispositif et un support de stockage. Le procédé comprend les étapes suivantes : un dispositif qui doit accéder à un réseau diffuse une balise d'un premier point d'accès, la balise comprenant un paramètre de calcul de clé et/ou un identifiant dudit dispositif, et le paramètre de calcul de clé servant à déterminer une clé d'accès pour effectuer une authentification d'identité entre ledit dispositif et un dispositif réseau de distribution ; et le dispositif réseau de distribution reçoit la balise du premier point d'accès. Selon les modes de réalisation de la présente demande, un paramètre de calcul de clé est ajouté à la balise du point d'accès démarrée par le dispositif qui doit accéder à un réseau, et le paramètre de calcul de clé est utilisé pour déterminer une clé d'accès permettant d'effectuer une authentification d'identité entre ledit dispositif et un dispositif réseau de distribution, ce qui permet de fournir une base pour réaliser l'authentification d'identité entre ledit dispositif et le dispositif réseau de distribution, et faciliter ainsi la mise en œuvre de l'authentification d'identité entre ledit dispositif et le dispositif réseau de distribution.
PCT/CN2021/079365 2020-09-06 2021-03-05 Procédé et appareil de de traitement d'informations, dispositif et support de stockage WO2022048125A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202180042424.2A CN115769542A (zh) 2020-09-06 2021-03-05 信息处理方法、装置、设备及存储介质

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010925363.1 2020-09-06
CN202010925363.1A CN114157413A (zh) 2020-09-06 2020-09-06 信息处理方法、装置、设备及存储介质

Publications (1)

Publication Number Publication Date
WO2022048125A1 true WO2022048125A1 (fr) 2022-03-10

Family

ID=80460645

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/079365 WO2022048125A1 (fr) 2020-09-06 2021-03-05 Procédé et appareil de de traitement d'informations, dispositif et support de stockage

Country Status (2)

Country Link
CN (2) CN114157413A (fr)
WO (1) WO2022048125A1 (fr)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100080383A1 (en) * 2008-09-30 2010-04-01 Greg Vaughan Secure provisioning of a portable device using a representation of a key
CN102395216A (zh) * 2011-12-21 2012-03-28 上海云联计算机系统有限公司 快速接入无线局域网的方法及其移动终端
CN102802155A (zh) * 2012-08-17 2012-11-28 珠海金山办公软件有限公司 一种移动终端与智能显示设备快速建立连接的方法
CN105682088A (zh) * 2014-11-18 2016-06-15 腾讯科技(武汉)有限公司 一种无线网络共享方法及终端
CN106850209A (zh) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 一种身份认证方法及装置
CN106851632A (zh) * 2017-01-22 2017-06-13 海尔优家智能科技(北京)有限公司 一种智能设备接入无线局域网的方法及装置
CN108632056A (zh) * 2017-03-17 2018-10-09 阿里云计算有限公司 一种智能设备网络配置方法与系统
CN111510919A (zh) * 2019-01-31 2020-08-07 阿里巴巴集团控股有限公司 网络配置方法、装置、设备和系统

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100080383A1 (en) * 2008-09-30 2010-04-01 Greg Vaughan Secure provisioning of a portable device using a representation of a key
CN102395216A (zh) * 2011-12-21 2012-03-28 上海云联计算机系统有限公司 快速接入无线局域网的方法及其移动终端
CN102802155A (zh) * 2012-08-17 2012-11-28 珠海金山办公软件有限公司 一种移动终端与智能显示设备快速建立连接的方法
CN105682088A (zh) * 2014-11-18 2016-06-15 腾讯科技(武汉)有限公司 一种无线网络共享方法及终端
CN106851632A (zh) * 2017-01-22 2017-06-13 海尔优家智能科技(北京)有限公司 一种智能设备接入无线局域网的方法及装置
CN106850209A (zh) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 一种身份认证方法及装置
CN108632056A (zh) * 2017-03-17 2018-10-09 阿里云计算有限公司 一种智能设备网络配置方法与系统
CN111510919A (zh) * 2019-01-31 2020-08-07 阿里巴巴集团控股有限公司 网络配置方法、装置、设备和系统

Also Published As

Publication number Publication date
CN115769542A (zh) 2023-03-07
CN114157413A (zh) 2022-03-08

Similar Documents

Publication Publication Date Title
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
US10601594B2 (en) End-to-end service layer authentication
CN111669276B (zh) 一种网络验证方法、装置及系统
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
US10305684B2 (en) Secure connection method for network device, related apparatus, and system
WO2017190616A1 (fr) Procédé de connexion de réseau sans fil, point d'accès sans fil, serveur, et système
CN107005927B (zh) 用户设备ue的接入方法、设备及系统
US20160269176A1 (en) Key Configuration Method, System, and Apparatus
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
WO2022111187A1 (fr) Procédé et appareil d'authentification de terminal, dispositif informatique et support de stockage
US10680835B2 (en) Secure authentication of remote equipment
WO2023280194A1 (fr) Procédé et appareil de gestion de connexion de réseau, support lisible, produit de programme et dispositif électronique
WO2019051776A1 (fr) Procédé et dispositif de transmission de clé
CN108353279B (zh) 一种认证方法和认证系统
US20100161958A1 (en) Device for Realizing Security Function in Mac of Portable Internet System and Authentication Method Using the Device
WO2022116209A1 (fr) Procédé et appareil d'authentification d'accès à un dispositif de l'internet des objets, dispositif et support d'enregistrement
WO2019019853A1 (fr) Procédé de traitement de données, dispositif terminal, et dispositif de réseau
WO2015100675A1 (fr) Procédé de configuration de réseau, et dispositif et système associés
WO2014127751A1 (fr) Méthode de configuration de terminal sans fil, appareil et terminal sans fil
WO2023083170A1 (fr) Procédé et appareil de génération de clé, dispositif terminal et serveur
JP2007506329A (ja) Wlanセキュリティを向上させる方法
CN109561431B (zh) 基于多口令身份鉴别的wlan接入访问控制系统及方法
WO2022041151A1 (fr) Procédé de vérification de dispositif, dispositif et nuage
CN114390521A (zh) 密钥更新方法、装置、设备及存储介质
JP7312279B2 (ja) モバイルネットワークアクセスシステム、方法、記憶媒体及び電子機器

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21863196

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21863196

Country of ref document: EP

Kind code of ref document: A1