CN106714158B - A kind of WiFi access method and device - Google Patents
A kind of WiFi access method and device Download PDFInfo
- Publication number
- CN106714158B CN106714158B CN201510507794.5A CN201510507794A CN106714158B CN 106714158 B CN106714158 B CN 106714158B CN 201510507794 A CN201510507794 A CN 201510507794A CN 106714158 B CN106714158 B CN 106714158B
- Authority
- CN
- China
- Prior art keywords
- access point
- wifi
- detection platform
- client
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提供一种WiFi接入方法及装置,其中WiFi接入方法包括:向一接入点检测平台发送注册信息进行接入点注册,并接收接入点检测平台对注册信息核查后返回的注册成功结果;其中注册信息包括接入认证相关信息及公钥;接收WiFi客户端发送的连接验证请求,利用预置私钥生成认证信息发送给WiFi客户端,将WiFi客户端发送的包含认证信息的连接接入请求转发至接入点检测平台;接收接入点检测平台利用注册信息中的公钥对认证信息进行合法认证后反馈的认证成功结果通知,与WiFi客户端之间建立WiFi连接。通过本发明实施例提高了WiFi验证的安全性,避免了数据信息被恶意篡改,可以防止接入钓鱼WiFi接入点,实现了WiFi的安全接入。
The present invention provides a WiFi access method and device, wherein the WiFi access method includes: sending registration information to an access point detection platform for access point registration, and receiving registration information returned by the access point detection platform after checking the registration information Successful result; the registration information includes access authentication related information and public key; receive the connection verification request sent by the WiFi client, use the preset private key to generate authentication information and send it to the WiFi client, and send the authentication information sent by the WiFi client to the WiFi client. The connection access request is forwarded to the access point detection platform; the authentication success result notification fed back after the access point detection platform uses the public key in the registration information to legally authenticate the authentication information, establishes a WiFi connection with the WiFi client. The embodiment of the present invention improves the security of WiFi verification, avoids malicious tampering of data information, prevents access to phishing WiFi access points, and realizes secure access to WiFi.
Description
技术领域technical field
本发明涉及信息安全技术领域,尤其涉及一种WiFi接入方法及装置。The present invention relates to the technical field of information security, and in particular, to a WiFi access method and device.
背景技术Background technique
随着移动互联网的发展与普及,在餐厅或咖啡馆用餐时,手机上网用户会拿出具有上网功能的手机或平板电脑,搜索免费的WiFi无线网络,很多商家也会贴出“店内提供免费WiFi”的广告。但是,免费WiFi可能存在不小的安全风险。一些不法分子在公共场所用一台带有无线网卡的电脑及一个网络包分析软件就可建一个无线热点,搭建一个不设密码的钓鱼WiFi。若用户使用该WiFi,不法分子即可在短时间内窃取手机上网用户的银行密码等敏感信息。With the development and popularization of the mobile Internet, when dining in restaurants or cafes, mobile Internet users will take out their mobile phones or tablet computers with Internet access functions to search for free WiFi wireless networks. "advertisment. However, free WiFi can come with no small security risks. Some criminals can use a computer with a wireless network card and a network packet analysis software in a public place to build a wireless hotspot, and build a phishing WiFi without a password. If the user uses the WiFi, criminals can steal sensitive information such as bank passwords of mobile Internet users in a short period of time.
发明内容SUMMARY OF THE INVENTION
本发明实施例的目的在于提供一种WiFi接入方法及装置,提高WiFi验证的安全性,避免了数据信息被恶意篡改,可以防止接入钓鱼WiFi接入点,实现了WiFi的安全接入。The purpose of the embodiments of the present invention is to provide a WiFi access method and device, which improves the security of WiFi verification, avoids malicious tampering of data information, prevents access to phishing WiFi access points, and realizes secure WiFi access.
为了实现上述目的,本发明实施例提供一种一种WiFi接入方法,应用于一WiFi接入点,所述WiFi接入方法包括:In order to achieve the above object, an embodiment of the present invention provides a WiFi access method, which is applied to a WiFi access point, and the WiFi access method includes:
向一接入点检测平台发送注册信息进行接入点注册,并接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果;其中所述注册信息包括接入认证相关信息及公钥;Send registration information to an access point detection platform for access point registration, and receive a successful registration result returned by the access point detection platform after checking the registration information; wherein the registration information includes access authentication related information and public key;
接收WiFi客户端发送的连接验证请求,利用预置私钥生成认证信息发送给所述WiFi客户端,将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台;Receive the connection verification request sent by the WiFi client, use the preset private key to generate authentication information and send it to the WiFi client, and forward the connection access request including the authentication information sent by the WiFi client to the access point detection platform;
接收接入点检测平台利用所述注册信息中的公钥对所述认证信息进行合法认证后反馈的认证成功结果通知,与所述WiFi客户端之间建立WiFi连接。Receive an authentication success result notification fed back after the access point detection platform uses the public key in the registration information to legally authenticate the authentication information, and establish a WiFi connection with the WiFi client.
其中,所述接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果时,同时接收所述接入点检测平台的地址配置,将所述接入点检测平台的地址存储至一白名单列表中。Wherein, when receiving the successful registration result returned by the access point detection platform after checking the registration information, the address configuration of the access point detection platform is simultaneously received, and the address of the access point detection platform is stored. to a whitelist.
其中,所述利用预置私钥生成认证信息发送给所述WiFi客户端的步骤包括:Wherein, the step of generating authentication information by using a preset private key and sending it to the WiFi client includes:
生成接入点随机数Rc,采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc),所述Rc和所述EAPs(Rc)组成所述认证信息;generating an access point random number Rc, encrypting the Rc with the access point private key to obtain a first encrypted random number EAPs (Rc), the Rc and the EAPs (Rc) forming the authentication information;
将所述Rc和所述EAPs(Rc)发送至所述WiFi客户端,由所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用检测平台公钥加密后生成所述连接接入请求。Send the Rc and the EAPs (Rc) to the WiFi client, which is generated by the WiFi client according to the authentication information, the registration information of the current access point acquired by scanning, and the WiFi client The client random number Rs and the corresponding digest value of each part are encrypted with the public key of the detection platform to generate the connection access request.
其中,所述将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台,具体为:Wherein, the forwarding of the connection access request including the authentication information sent by the WiFi client to the access point detection platform is specifically:
将所述连接接入请求根据所述白名单列表中存储的所述接入点检测平台的地址透传至所述接入点检测平台。The connection access request is transparently transmitted to the access point detection platform according to the address of the access point detection platform stored in the whitelist.
其中,所述接收接入点检测平台利用所述注册信息中的公钥对所述认证信息进行合法认证后反馈的认证成功结果通知,与所述WiFi客户端之间建立WiFi连接,具体包括:The receiving access point detection platform uses the public key in the registration information to perform legal authentication on the authentication information and feeds back a notification of a successful authentication result, and establishes a WiFi connection with the WiFi client, which specifically includes:
接收所述认证成功结果通知,同时接收所述接入点检测平台发送的第二加密随机数EAPp(Rs),所述EAPp(Rs)是所述接入点检测平台利用对获得的加密后的Rs进行解密再利用接入点公钥加密后生成的;Receive the authentication success result notification, and simultaneously receive the second encrypted random number E APp (Rs) sent by the access point detection platform, where the E APp (Rs) is the encryption obtained by the access point detection platform. The resulting Rs is decrypted and then encrypted with the access point public key;
利用接入点私钥对所述EAPp(Rs)进行解密,得到所述Rs;Use the access point private key to decrypt the EAPp (Rs) to obtain the Rs;
以所述Rs和所述Rc为因子使用密钥生成算法生成与所述WiFi客户端共享密钥Ks并安全存储,建立与所述WiFi客户端的连接,实现信息的传送。Using the Rs and the Rc as factors, a key generation algorithm is used to generate a shared key Ks with the WiFi client and store it securely, establish a connection with the WiFi client, and realize the transmission of information.
本发明实施例提供一种WiFi接入方法,应用于一WiFi客户端,所述接入方法包括:An embodiment of the present invention provides a WiFi access method, which is applied to a WiFi client, and the access method includes:
扫描WiFi接入点列表,向所述WiFi接入点列表的第一WiFi接入点发送连接验证请求;Scan the WiFi access point list, and send a connection verification request to the first WiFi access point in the WiFi access point list;
当所述第一WiFi接入点为预先在接入点检测平台注册成功的接入点时,接收所述第一WiFi接入点利用私钥生成的认证信息;When the first WiFi access point is an access point successfully registered on the access point detection platform in advance, receiving authentication information generated by the first WiFi access point using a private key;
将包含所述认证信息的连接接入请求发送至所述接入点检测平台进行合法性认证;sending a connection access request including the authentication information to the access point detection platform for legality authentication;
接收所述接入点检测平台发送的经所述第一WiFi接入点转发、且经所述接入点检测平台的私钥签名后的合法性检验结果,建立与所述第一WiFi接入点之间的连接。Receive the legitimacy test result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform, and establish access to the first WiFi connections between points.
其中,所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的,所述认证信息中包含所述第一WiFi接入点生成的接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到的第一加密随机数EAPs(Rc)。Wherein, the connection access request is the WiFi client according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest value of each part. Generated after encryption with the public key of the access point detection platform, the authentication information includes the access point random number Rc generated by the first WiFi access point and the Rc obtained by encrypting the Rc with the access point private key The first encrypted random number EAPs(Rc).
其中,所述接收所述接入点检测平台发送的经所述第一WiFi接入点转发、且经所述接入点检测平台的私钥签名后的合法性检验结果,建立与所述第一WiFi接入点之间的连接,具体为:Wherein, the receiving the validity check result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform, establishes a connection with the first WiFi access point. A connection between WiFi access points, specifically:
在收到所述合法性检验结果后,以接收到的所述Rc和生成的所述Rs为因子使用密钥生成算法生成与所述第一WiFi接入点共享密钥Ks并安全存储,建立与所述第一WiFi接入点的连接,实现信息的传送。After receiving the validity check result, use the received Rc and the generated Rs as factors to use a key generation algorithm to generate a shared key Ks with the first WiFi access point, store it securely, and establish The connection with the first WiFi access point realizes the transmission of information.
其中,所述方法还包括:Wherein, the method also includes:
当所述第一WiFi接入点不是预先在所述接入点检测平台注册成功的接入点时,所述WiFi客户端终止认证流程,提示用户无法确定所述第一WiFi接入点的合法性。When the first WiFi access point is not an access point that has been successfully registered on the access point detection platform in advance, the WiFi client terminates the authentication process and prompts the user that the legality of the first WiFi access point cannot be determined. sex.
本发明实施例还提供一种WiFi接入方法,应用于接入点检测平台,所述WiFi接入方法包括:An embodiment of the present invention further provides a WiFi access method, which is applied to an access point detection platform, and the WiFi access method includes:
接收一WiFi接入点发送的注册信息,对当前WiFi接入点进行核查,在核查成功后将所述注册信息存储到合法接入点列表中,并将注册成功结果返回当前WiFi接入点,使得当前WiFi接入点利用预置私钥生成认证信息;Receive the registration information sent by a WiFi access point, check the current WiFi access point, store the registration information in the legal access point list after the verification is successful, and return the successful registration result to the current WiFi access point, Make the current WiFi access point use the preset private key to generate authentication information;
接收WiFi客户端发送的包含所述认证信息的连接接入请求;receiving a connection access request including the authentication information sent by the WiFi client;
根据接收到的所述连接接入请求,利用所述注册信息中的公钥对所述认证信息进行合法认证,向当前WiFi接入点发送认证成功结果通知,使得当前WiFi接入点建立与所述WiFi客户端的连接。According to the received connection access request, use the public key in the registration information to legally authenticate the authentication information, and send a notification of the successful authentication result to the current WiFi access point, so that the current WiFi access point establishes an the connection of the WiFi client described above.
其中,所述认证信息包括:接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc);所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的。The authentication information includes: the access point random number Rc and the first encrypted random number EAPs (Rc) obtained by encrypting the Rc with the access point private key; the connection access request is the WiFi client According to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part are encrypted with the public key of the access point detection platform. .
其中,所述根据接收到的所述连接接入请求,利用所述注册信息中的公钥对所述认证信息进行合法认证,包括:Wherein, according to the received connection access request, using the public key in the registration information to legally authenticate the authentication information, including:
利用所述接入点检测平台的私钥对所述连接接入请求进行解密,完成信息的完整性校验;Decrypt the connection access request by using the private key of the access point detection platform to complete the integrity check of the information;
通过当前WiFi接入点的注册信息搜索合法接入点列表;Search the list of legitimate access points through the registration information of the current WiFi access point;
若搜索到完全对应项,用当前WiFi接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同则获得认证成功结果。If the exact corresponding item is found, decrypt the E APs (Rc) with the public key of the current WiFi access point, and compare whether the decryption result is the same as the received Rc. If they are the same, the authentication success result is obtained.
其中,当当前WiFi接入点为合法接入点时,所述方法还包括:Wherein, when the current WiFi access point is a legitimate access point, the method further includes:
将解密出的Rs用当前WiFi接入点的公钥加密得到第二加密随机数EAPp(Rs);Encrypt the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number E APp (Rs);
将所述EAPp(Rs)和认证成功结果通知发送至当前WiFi接入点。The E APp (Rs) and the authentication success result notification are sent to the current WiFi access point.
其中,所述方法还包括:Wherein, the method also includes:
若搜索到相应项,但解密结果与收到的Rc不相同,则获得认证失败结果;If the corresponding item is searched, but the decryption result is different from the received Rc, the authentication failure result is obtained;
若未搜索到相应项,则获得认证失败结果。If no corresponding item is found, the authentication failure result is obtained.
本发明实施例还提供一种WiFi接入装置,应用于一WiFi接入点,所述WiFi接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to a WiFi access point, and the WiFi access device includes:
第一处理模块,用于向一接入点检测平台发送注册信息进行接入点注册,并接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果;其中所述注册信息包括接入认证相关信息及公钥;a first processing module, configured to send registration information to an access point detection platform for access point registration, and receive a successful registration result returned by the access point detection platform after checking the registration information; wherein the registration information Including access authentication related information and public key;
第二处理模块,用于接收WiFi客户端发送的连接验证请求,利用预置私钥生成认证信息发送给所述WiFi客户端,将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台;The second processing module is configured to receive a connection verification request sent by the WiFi client, generate authentication information by using a preset private key and send it to the WiFi client, and access the connection containing the authentication information sent by the WiFi client. forwarding the request to the access point detection platform;
第三处理模块,用于接收接入点检测平台利用所述注册信息中的公钥对所述认证信息进行合法认证后反馈的认证成功结果通知,与所述WiFi客户端之间建立WiFi连接。The third processing module is configured to receive an authentication success result notification fed back after the access point detection platform uses the public key in the registration information to legally authenticate the authentication information, and establish a WiFi connection with the WiFi client.
其中,所述WiFi接入装置还包括:Wherein, the WiFi access device further includes:
接收存储模块,用于所述第一处理模块接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果时,同时接收所述接入点检测平台的地址配置,将所述接入点检测平台的地址存储至一白名单列表中。A receiving storage module, used for the first processing module to receive the address configuration of the access point detection platform when receiving the registration success result returned by the access point detection platform after checking the registration information, and to store the access point detection platform at the same time. The address of the access point detection platform is stored in a whitelist.
其中,所述第二处理模块包括:Wherein, the second processing module includes:
生成子模块,用于生成接入点随机数Rc,采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc),所述Rc和所述EAPs(Rc)组成所述认证信息;The generating submodule is used for generating the random number Rc of the access point, and encrypting the Rc with the private key of the access point to obtain the first encrypted random number EAPs(Rc), and the Rc and the EAPs(Rc) constitute the Certification Information;
第一发送子模块,用于将所述Rc和所述EAPs(Rc)发送至所述WiFi客户端,由所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用检测平台公钥加密后生成所述连接接入请求。a first sending submodule, configured to send the Rc and the EAPs (Rc) to the WiFi client, and the WiFi client obtains the registration of the current access point according to the authentication information and scanning The information, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part are encrypted with the public key of the detection platform to generate the connection access request.
其中,所述第二处理模块进一步用于:Wherein, the second processing module is further used for:
将所述连接接入请求根据所述白名单列表中存储的所述接入点检测平台的地址透传至所述接入点检测平台。The connection access request is transparently transmitted to the access point detection platform according to the address of the access point detection platform stored in the whitelist.
其中,所述第三处理模块包括:Wherein, the third processing module includes:
接收子模块,用于接收所述认证成功结果通知时,同时接收所述接入点检测平台发送的第二加密随机数EAPp(Rs),所述EAPp(Rs)是所述接入点检测平台利用对获得的加密后的Rs进行解密再利用接入点公钥加密后生成的;A receiving submodule, configured to receive the second encrypted random number E APp (Rs) sent by the access point detection platform when receiving the authentication success result notification, where the E APp (Rs) is the access point The detection platform is generated by decrypting the obtained encrypted Rs and then encrypting it with the access point public key;
第一解密子模块,用于利用接入点私钥对所述EAPp(Rs)进行解密,得到所述Rs;The first decryption submodule is used to decrypt the EAPp (Rs) using the access point private key to obtain the Rs;
连接子模块,用于以所述Rs和所述Rc为因子使用密钥生成算法生成与所述WiFi客户端共享密钥Ks并安全存储,建立与所述WiFi客户端的连接,实现信息的传送。The connection sub-module is configured to use the Rs and the Rc as factors to generate a shared key Ks with the WiFi client using a key generation algorithm and store it securely, establish a connection with the WiFi client, and implement information transmission.
本发明实施例还提供一种WiFi接入装置,应用于一WiFi客户端,所述接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to a WiFi client, and the access device includes:
扫描发送模块,用于扫描WiFi接入点列表,向所述WiFi接入点列表的第一WiFi接入点发送连接验证请求;a scanning and sending module, configured to scan the WiFi access point list, and send a connection verification request to the first WiFi access point in the WiFi access point list;
第一接收模块,用于当所述第一WiFi接入点为预先在接入点检测平台注册成功的接入点时,接收所述第一WiFi接入点利用私钥生成的认证信息;a first receiving module, configured to receive authentication information generated by the first WiFi access point using a private key when the first WiFi access point is an access point successfully registered on the access point detection platform in advance;
第一发送模块,用于将包含所述认证信息的连接接入请求发送至所述接入点检测平台进行合法性认证;a first sending module, configured to send a connection access request including the authentication information to the access point detection platform for legality authentication;
第四处理模块,用于接收所述接入点检测平台发送的经所述第一WiFi接入点转发、且经所述接入点检测平台的私钥签名后的合法性检验结果,建立与所述第一WiFi接入点之间的连接。The fourth processing module is configured to receive the legitimacy test result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform, and establish and connection between the first WiFi access points.
其中,所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的,所述认证信息中包含所述第一WiFi接入点生成的接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到的第一加密随机数EAPs(Rc)。Wherein, the connection access request is the WiFi client according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest value of each part. Generated after encryption with the public key of the access point detection platform, the authentication information includes the access point random number Rc generated by the first WiFi access point and the Rc obtained by encrypting the Rc with the access point private key The first encrypted random number EAPs(Rc).
其中,所述第四处理模块进一步用于:Wherein, the fourth processing module is further used for:
在收到所述合法性检验结果后,以接收到的所述Rc和生成的所述Rs为因子使用密钥生成算法生成与所述第一WiFi接入点共享密钥Ks并安全存储,建立与所述第一WiFi接入点的连接,实现信息的传送。After receiving the validity check result, use the received Rc and the generated Rs as factors to use a key generation algorithm to generate a shared key Ks with the first WiFi access point, store it securely, and establish The connection with the first WiFi access point realizes the transmission of information.
其中,所述装置还包括:Wherein, the device also includes:
终止模块,用于当所述第一WiFi接入点不是预先在所述接入点检测平台注册成功的接入点时,终止认证流程,提示用户无法确定所述第一WiFi接入点的合法性。A termination module, configured to terminate the authentication process when the first WiFi access point is not an access point successfully registered on the access point detection platform in advance, and prompt the user that the legality of the first WiFi access point cannot be determined sex.
本发明实施例还提供一种WiFi接入装置,应用于接入点检测平台,所述WiFi接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to an access point detection platform, and the WiFi access device includes:
第五处理模块,用于接收一WiFi接入点发送的注册信息,对当前WiFi接入点进行核查,在核查成功后将所述注册信息存储到合法接入点列表中,并将注册成功结果返回当前WiFi接入点,使得当前WiFi接入点利用预置私钥生成认证信息;The fifth processing module is used to receive the registration information sent by a WiFi access point, check the current WiFi access point, store the registration information in the list of legal access points after the verification is successful, and record the successful registration result Return the current WiFi access point, so that the current WiFi access point uses the preset private key to generate authentication information;
第二接收模块,用于接收WiFi客户端发送的包含所述认证信息的连接接入请求;a second receiving module, configured to receive a connection access request including the authentication information sent by the WiFi client;
第六处理模块,用于根据接收到的所述连接接入请求,利用所述注册信息中的公钥对所述认证信息进行合法认证,向当前WiFi接入点发送认证成功结果通知,使得当前WiFi接入点建立与所述WiFi客户端的连接。The sixth processing module is configured to use the public key in the registration information to legally authenticate the authentication information according to the received connection access request, and send a notification of a successful authentication result to the current WiFi access point, so that the current The WiFi access point establishes a connection with the WiFi client.
其中,所述认证信息包括:接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc);所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的。The authentication information includes: the access point random number Rc and the first encrypted random number EAPs (Rc) obtained by encrypting the Rc with the access point private key; the connection access request is the WiFi client According to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part are encrypted with the public key of the access point detection platform. .
其中,所述第六处理模块包括:Wherein, the sixth processing module includes:
第二解密子模块,用于利用所述接入点检测平台的私钥对所述连接接入请求进行解密,完成信息的完整性校验;The second decryption submodule is used to decrypt the connection access request by using the private key of the access point detection platform to complete the integrity check of the information;
搜索子模块,用于通过当前WiFi接入点的注册信息搜索合法接入点列表;The search submodule is used to search the list of legal access points through the registration information of the current WiFi access point;
处理子模块,用于若搜索到完全对应项,用当前WiFi接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同则获得认证成功结果。The processing sub-module is used to decrypt the E APs (Rc) with the public key of the current WiFi access point if the exact corresponding item is found, and compare whether the decryption result is the same as the received Rc, and if they are the same, the authentication success result is obtained.
其中,当当前WiFi接入点为合法接入点时,所述装置还包括:Wherein, when the current WiFi access point is a legitimate access point, the device further includes:
加密模块,用于将解密出的Rs用当前WiFi接入点的公钥加密得到第二加密随机数EAPp(Rs);an encryption module for encrypting the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number E APp (Rs);
第二发送模块,用于将所述EAPp(Rs)和认证成功结果通知发送至当前WiFi接入点。The second sending module is configured to send the E APp (Rs) and the authentication success result notification to the current WiFi access point.
其中,所述装置还包括:Wherein, the device also includes:
第一认证模块,用于若搜索到相应项,但解密结果与收到的Rc不相同,则获得认证失败结果;The first authentication module is used to obtain the authentication failure result if the corresponding item is searched, but the decryption result is different from the received Rc;
第二认证模块,用于若未搜索到相应项,则获得认证失败结果。The second authentication module is used to obtain the authentication failure result if no corresponding item is found.
本发明的上述技术方案的有益效果如下:The beneficial effects of the above-mentioned technical solutions of the present invention are as follows:
WiFi接入点在接入点检测平台中完成注册认证后,用户通过WiFi客户端连接WiFi接入点,WiFi接入点使用预置的私钥生成认证信息发送给WiFi客户端,WiFi客户端将包含认证信息的连接接入请求,经由WiFi接入点透传给接入点检测平台,接入点检测平台对WiFi接入点的合法性进行验证,确认接入点的合法身份,并将验证结果加密发送给WiFi客户端,WiFi客户端根据验证结果接入合法的接入点。可以提高WiFi验证的安全性,避免了数据信息被恶意篡改,防止接入钓鱼WiFi接入点,实现了WiFi的安全接入。After the WiFi access point completes the registration and authentication in the access point detection platform, the user connects to the WiFi access point through the WiFi client. The WiFi access point uses the preset private key to generate authentication information and sends it to the WiFi client. The connection access request containing authentication information is transparently transmitted to the access point detection platform through the WiFi access point, and the access point detection platform verifies the legitimacy of the WiFi access point, confirms the legal identity of the access point, and will verify the The result is encrypted and sent to the WiFi client, and the WiFi client accesses the legal access point according to the verification result. It can improve the security of WiFi verification, avoid malicious tampering of data information, prevent access to phishing WiFi access points, and realize secure WiFi access.
附图说明Description of drawings
图1为本发明实施例WiFi接入方法步骤示意图一;FIG. 1 is a schematic diagram 1 of steps of a WiFi access method according to an embodiment of the present invention;
图2为本发明实施例WiFi接入方法步骤示意图二;FIG. 2 is a schematic diagram 2 of steps of a WiFi access method according to an embodiment of the present invention;
图3为本发明实施例WiFi接入方法步骤示意图三;FIG. 3 is a schematic diagram 3 of steps of a WiFi access method according to an embodiment of the present invention;
图4为本发明实施例WiFi接入方法整体流程示意图;4 is a schematic diagram of an overall flow of a WiFi access method according to an embodiment of the present invention;
图5为本发明实施例WiFi接入装置示意图。FIG. 5 is a schematic diagram of a WiFi access device according to an embodiment of the present invention.
具体实施方式Detailed ways
为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention more clear, the following will be described in detail with reference to the accompanying drawings and specific embodiments.
本发明实施例提供一种WiFi接入方法,应用于一WiFi接入点,如图1所示,所述WiFi接入方法包括:An embodiment of the present invention provides a WiFi access method, which is applied to a WiFi access point. As shown in FIG. 1 , the WiFi access method includes:
步骤S101、向一接入点检测平台发送注册信息进行接入点注册,并接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果;其中所述注册信息包括接入认证相关信息及公钥;Step S101: Send registration information to an access point detection platform for access point registration, and receive a successful registration result returned by the access point detection platform after checking the registration information; wherein the registration information includes access authentication Relevant information and public key;
步骤S102、接收WiFi客户端发送的连接验证请求,利用预置私钥生成认证信息发送给所述WiFi客户端,将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台;Step S102: Receive the connection verification request sent by the WiFi client, use a preset private key to generate authentication information and send it to the WiFi client, and forward the connection access request including the authentication information sent by the WiFi client to the WiFi client. the access point detection platform;
步骤S103、接收接入点检测平台利用所述注册信息中的公钥对所述认证信息进行合法认证后反馈的认证成功结果通知,与所述WiFi客户端之间建立WiFi连接。Step S103: Receive an authentication success result notification fed back after the access point detection platform uses the public key in the registration information to legally authenticate the authentication information, and establish a WiFi connection with the WiFi client.
具体的,WiFi接入点通过HTTPS(hypertext transport protocol server超文本传送协议服务器)发送接入点的身份信息、WiFi接入点名称SSID、媒体访问控制值MAC、认证方式、公钥等信息至接入点检测平台进行注册,其中接入认证相关信息包括:接入点的身份信息、WiFi接入点名称SSID、媒体访问控制值MAC和认证方式。在注册完成后,接收接入点检测平台返回的对注册信息核查后的注册成功结果。在注册成功后,可以接收WiFi客户端发送的连接验证请求,接收到连接验证请求后利用预置私钥生成认证信息,将认证信息发送给WiFi客户端,由WiFi客户端发送包含认证信息的连接接入请求,WiFi接入点接收到连接接入请求后,通过HTTPS转发至接入点检测平台,由接入点检测平台对认证信息进行合法认证后,并返回认证成功结果通知,接收到认证成功结果通知后,建立与WiFi客户端之间的WiFi连接。Specifically, the WiFi access point sends information such as the identity information of the access point, the WiFi access point name SSID, the media access control value MAC, the authentication method, and the public key to the access point through HTTPS (hypertext transport protocol server). The access point detection platform performs registration, wherein the access authentication related information includes: the identity information of the access point, the WiFi access point name SSID, the media access control value MAC and the authentication method. After the registration is completed, a successful registration result after checking the registration information returned by the access point detection platform is received. After successful registration, you can receive the connection verification request sent by the WiFi client, use the preset private key to generate authentication information after receiving the connection verification request, send the authentication information to the WiFi client, and the WiFi client sends the connection containing the authentication information Access request. After the WiFi access point receives the connection access request, it forwards it to the access point detection platform through HTTPS. After the access point detection platform verifies the authentication information legally, it returns a notification of the successful authentication result and receives the authentication. After a successful result notification, establish a WiFi connection with the WiFi client.
通过WiFi接入点在接入点检测平台中完成注册认证后,WiFi接入点使用预置的私钥生成认证信息发送给WiFi客户端,WiFi客户端将包含认证信息的连接接入请求,经由WiFi接入点透传给接入点检测平台,接入点检测平台对WiFi接入点的合法性进行验证,确认接入点的合法身份后,WiFi接入点建立与WiFi客户端之间的WiFi连接,提高了WiFi验证的安全性,避免了数据信息被恶意篡改,可以防止接入钓鱼WiFi接入点,实现了WiFi的安全接入。After completing the registration and authentication in the access point detection platform through the WiFi access point, the WiFi access point uses the preset private key to generate authentication information and send it to the WiFi client. The WiFi client sends the connection access request containing the authentication information via The WiFi access point is transparently transmitted to the access point detection platform, and the access point detection platform verifies the legitimacy of the WiFi access point. After confirming the legal identity of the access point, the WiFi access point establishes a connection between the WiFi access point and the WiFi client. WiFi connection improves the security of WiFi authentication, avoids malicious tampering of data information, prevents access to phishing WiFi access points, and realizes secure WiFi access.
在本发明上述实施例中,所述接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果时,同时接收所述接入点检测平台的地址配置,将所述接入点检测平台的地址存储至一白名单列表中。In the above embodiment of the present invention, when receiving the registration success result returned by the access point detection platform after checking the registration information, the address configuration of the access point detection platform is simultaneously received, and the access point detection platform The addresses of the point detection platforms are stored in a whitelist.
具体的,WiFi接入点包含一白名单列表,白名单列表中存储有多个地址,客户端在访问白名单列表中的地址时,不需要进行认证,可以直接进行访问。WiFi接入点在接收接入点检测平台返回的注册成功结果时,同时接收接入点检测平台的地址配置,将接入点检测平台的地址存储至白名单列表,当向接入点检测平台发送消息时,通过白名单列表中存储的接入点检测平台的地址,可直接将消息通过HTTPS透传至接入点检测平台。Specifically, the WiFi access point includes a whitelist, and multiple addresses are stored in the whitelist. When the client accesses the addresses in the whitelist, it does not need to be authenticated and can directly access. When the WiFi access point receives the successful registration result returned by the access point detection platform, it also receives the address configuration of the access point detection platform, and stores the address of the access point detection platform in the whitelist. When sending a message, through the address of the access point detection platform stored in the whitelist, the message can be directly transparently transmitted to the access point detection platform through HTTPS.
在本发明上述实施例中,步骤S102中利用预置私钥生成认证信息发送给所述WiFi客户端包括:In the above embodiment of the present invention, in step S102, generating authentication information using a preset private key and sending it to the WiFi client includes:
步骤S1021、生成接入点随机数Rc,采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc),所述Rc和所述EAPs(Rc)组成所述认证信息;Step S1021: Generate an access point random number Rc, encrypt the Rc with the access point private key to obtain a first encrypted random number EAPs (Rc), and the Rc and the EAPs (Rc) form the authentication information;
步骤S1022、将所述Rc和所述EAPs(Rc)发送至所述WiFi客户端,由所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用检测平台公钥加密后生成所述连接接入请求。Step S1022: Send the Rc and the EAPs (Rc) to the WiFi client, and the WiFi client obtains the registration information of the current access point and the WiFi according to the authentication information and scanning. The client random number Rs generated by the client and the corresponding digest value of each part are encrypted with the public key of the detection platform to generate the connection access request.
具体的,WiFi接入点在接收到WiFi客户端发送的连接验证请求后,利用随机数生成单元生成Rc,然后采用接入点私钥对Rc进行加密得到EAPs(Rc),将由Rc和EAPs(Rc)组成的认证信息发送至WiFi客户端。Specifically, after receiving the connection verification request sent by the WiFi client, the WiFi access point uses the random number generation unit to generate Rc, and then uses the access point private key to encrypt Rc to obtain EAPs (Rc), which will be composed of Rc and EAPs ( The authentication information composed of Rc) is sent to the WiFi client.
WiFi客户端在接收到Rc和EAPs(Rc)后生成Rs,然后根据认证信息、扫描获取的当前接入点的注册信息、Rs以及各部分相应的摘要值利用检测平台公钥加密后生成连接接入请求。The WiFi client generates Rs after receiving Rc and EAPs (Rc), and then uses the detection platform public key to encrypt the connection connection according to the authentication information, the registration information of the current access point obtained by scanning, Rs and the corresponding digest value of each part. input request.
在本发明上述实施例中,步骤S102中将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台,具体为:In the above embodiment of the present invention, in step S102, the connection access request including the authentication information sent by the WiFi client is forwarded to the access point detection platform, specifically:
将所述连接接入请求根据所述白名单列表中存储的所述接入点检测平台的地址透传至所述接入点检测平台。The connection access request is transparently transmitted to the access point detection platform according to the address of the access point detection platform stored in the whitelist.
具体的,WiFi接入点的白名单列表中存储有接入点检测平台的地址,在访问白名单列表中的地址时,不需要进行认证,可以直接进行访问。在将连接接入请求转发至接入点检测平台时,利用白名单列表中存储的接入点检测平台的地址,直接将连接接入请求通过HTTPS透传至接入点检测平台。Specifically, the address of the access point detection platform is stored in the whitelist of the WiFi access point. When accessing the address in the whitelist, no authentication is required, and the access can be performed directly. When forwarding the connection access request to the access point detection platform, the address of the access point detection platform stored in the whitelist is used to directly transparently transmit the connection access request to the access point detection platform through HTTPS.
在本发明上述实施例中,步骤S103包括:In the above-mentioned embodiment of the present invention, step S103 includes:
步骤S1031、接收所述认证成功结果通知,同时接收所述接入点检测平台发送的第二加密随机数EAPp(Rs),所述EAPp(Rs)是所述接入点检测平台利用对获得的加密后的Rs进行解密再利用接入点公钥加密后生成的;Step S1031: Receive the authentication success result notification, and simultaneously receive the second encrypted random number E APp (Rs) sent by the access point detection platform, where the E APp (Rs) is a pair of data used by the access point detection platform. The obtained encrypted Rs is decrypted and then encrypted with the access point public key;
步骤S1032、利用接入点私钥对所述EAPp(Rs)进行解密,得到所述Rs;Step S1032, decrypt the EAPp (Rs) using the access point private key to obtain the Rs;
步骤S1033、以所述Rs和所述Rc为因子使用密钥生成算法生成与所述WiFi客户端共享密钥Ks并安全存储,建立与所述WiFi客户端的连接,实现信息的传送。Step S1033 , using the Rs and the Rc as factors to generate a shared key Ks with the WiFi client using a key generation algorithm and store it securely, establish a connection with the WiFi client, and implement information transmission.
具体的,WiFi接入点在接收接入点检测平台发送的认证成功结果通知时,同时接收接入点检测平台发送的由接入点检测平台对获得的加密后的Rs进行解密再利用接入点公钥加密后生成的EAPp(Rs)。接收到EAPp(Rs),利用接入点私钥对EAPp(Rs)进行解密,得到Rs。根据得到的Rs和WiFi接入点本身生成的Rc,利用密钥生成算法生成与WiFi客户端共享密钥Ks,将计算得到的Ks进行安全存储,实现WiFi接入点与WiFi客户端之间的连接,实现信息的传送。Specifically, when the WiFi access point receives the notification of the successful authentication result sent by the access point detection platform, it also receives the encrypted Rs obtained by the access point detection platform and is sent by the access point detection platform to decrypt and reuse the access point. EAp (Rs) generated after the point of public key encryption. After receiving the EAPp (Rs), use the access point private key to decrypt the EAPp (Rs) to obtain Rs. According to the obtained Rs and the Rc generated by the WiFi access point itself, the key generation algorithm is used to generate the shared key Ks with the WiFi client, and the calculated Ks is stored securely to realize the communication between the WiFi access point and the WiFi client. connection to transfer information.
本发明实施例还提供一种WiFi接入方法,应用于一WiFi客户端,如图2所示,所述接入方法包括:An embodiment of the present invention further provides a WiFi access method, which is applied to a WiFi client. As shown in FIG. 2 , the access method includes:
步骤S201、扫描WiFi接入点列表,向所述WiFi接入点列表的第一WiFi接入点发送连接验证请求;Step S201, scan the WiFi access point list, and send a connection verification request to the first WiFi access point in the WiFi access point list;
步骤S202、当所述第一WiFi接入点为预先在接入点检测平台注册成功的接入点时,接收所述第一WiFi接入点利用私钥生成的认证信息;Step S202, when the first WiFi access point is an access point that has been successfully registered on the access point detection platform in advance, receiving authentication information generated by the first WiFi access point using a private key;
步骤S203、将包含所述认证信息的连接接入请求发送至所述接入点检测平台进行合法性认证;Step S203, sending a connection access request including the authentication information to the access point detection platform for legality authentication;
步骤S204、接收所述接入点检测平台发送的经所述第一WiFi接入点转发、且经所述接入点检测平台的私钥签名后的合法性检验结果,建立与所述第一WiFi接入点之间的连接。Step S204: Receive the validity check result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform, and establish a connection with the first WiFi access point. Connection between WiFi access points.
具体的,WiFi客户端对WiFi接入点列表进行扫描,并向第一WiFi接入点发送连接验证请求,当第一WiFi接入点为预先在接入点检测平台注册成功的接入点时,则WiFi客户端接收第一WiFi接入点利用私钥生成的认证信息;当第一WiFi接入点不是预先在接入点检测平台注册成功的接入点时,WiFi客户端终止认证流程,提示用户无法确定第一WiFi接入点的合法性,由用户决定是否继续进行连接。Specifically, the WiFi client scans the list of WiFi access points, and sends a connection verification request to the first WiFi access point. When the first WiFi access point is an access point that has been successfully registered on the access point detection platform in advance , the WiFi client receives the authentication information generated by the first WiFi access point using the private key; when the first WiFi access point is not an access point that has been successfully registered on the access point detection platform in advance, the WiFi client terminates the authentication process, The user is prompted that the legitimacy of the first WiFi access point cannot be determined, and the user decides whether to continue the connection.
当WiFi客户端接收到第一WiFi接入点利用私钥生成的认证信息后,将包含认证信息的连接接入请求发送至接入点检测平台,由接入点检测平台对第一WiFi接入点的合法性进行认证,并向WiFi客户端发送检验结果。WiFi客户端会接收接入点检测平台发送的经第一WiFi接入点转发的检验结果、且检验结果经过接入点检测平台的私钥签名,表明了检验结果的可靠真实性。在收到接入点检测平台发送经接入点检测平台的私钥签名后的检验结果后,利用接入点检测平台的公钥对检测结果进行解密,若第一WiFi接入点为合法接入点,即可建立与第一WiFi接入点之间的连接。When the WiFi client receives the authentication information generated by the first WiFi access point using the private key, it sends a connection access request including the authentication information to the access point detection platform, and the access point detection platform connects to the first WiFi The validity of the point is verified, and the verification result is sent to the WiFi client. The WiFi client will receive the inspection result sent by the access point detection platform and forwarded by the first WiFi access point, and the inspection result will be signed by the private key of the access point detection platform, indicating the reliability and authenticity of the inspection result. After receiving the inspection result sent by the access point detection platform and signed by the private key of the access point detection platform, use the public key of the access point detection platform to decrypt the detection result, if the first WiFi access point is a legitimate access point Access point, you can establish a connection with the first WiFi access point.
如果无法验证第一WiFi接入点的合法性,则提示用户无法确定第一WiFi接入点的合法性,由用户决定是否继续;如果第一WiFi接入点不合法,则提示用户该接入点非法,存在钓鱼风险,由用户决定是否继续或直接禁止用户接入。If the legality of the first WiFi access point cannot be verified, the user is prompted that the legality of the first WiFi access point cannot be determined, and the user decides whether to continue; if the first WiFi access point is not legal, the user is prompted to access the If the point is illegal, there is a risk of phishing, and it is up to the user to decide whether to continue or directly prohibit the user from accessing.
在本发明上述实施例中,所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的,所述认证信息中包含所述第一WiFi接入点生成的接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到的第一加密随机数EAPs(Rc)。In the above embodiment of the present invention, the connection access request is the WiFi client according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and The corresponding digest value of each part is generated by encrypting with the public key of the access point detection platform, and the authentication information includes the access point random number Rc generated by the first WiFi access point and the private key pair of the access point. The first encrypted random number EAPs (Rc) obtained by encrypting the Rc.
具体的,WiFi客户端在接收到第一WiFi接入点发送的认证信息后,生成Rs,然后根据认证信息、扫描获取的第一WiFi接入点的注册信息、Rs以及各部分相应的摘要值利用检测平台公钥加密后生成连接接入请求,其中WiFi接入点的注册信息至少包括:WiFi接入点的身份信息、WiFi接入点的名称SSID、媒体访问控制值MAC、认证方式、公钥。Specifically, after receiving the authentication information sent by the first WiFi access point, the WiFi client generates Rs, and then according to the authentication information, the registration information of the first WiFi access point obtained by scanning, Rs and corresponding digest values of each part The connection access request is generated after encryption with the public key of the detection platform, wherein the registration information of the WiFi access point at least includes: the identity information of the WiFi access point, the name SSID of the WiFi access point, the media access control value MAC, the authentication method, the public key.
在本发明上述实施例中,步骤S204具体为:In the above embodiment of the present invention, step S204 is specifically:
在收到所述合法性检验结果后,以接收到的所述Rc和生成的所述Rs为因子使用密钥生成算法生成与所述第一WiFi接入点共享密钥Ks并安全存储,建立与所述第一WiFi接入点的连接,实现信息的传送。After receiving the validity check result, use the received Rc and the generated Rs as factors to use a key generation algorithm to generate a shared key Ks with the first WiFi access point, store it securely, and establish The connection with the first WiFi access point realizes the transmission of information.
具体的,WiFi客户端在收到合法性检验结果后,知晓第一WiFi接入点为合法接入点,根据接收到的第一WiFi接入点发送的Rc和生成的Rs,采用密钥生成算法生成与第一WiFi接入点共享密钥Ks,将计算得到的Ks进行安全存储,实现WiFi客户端与第一WiFi接入点之间的连接,实现信息的传送。Specifically, after receiving the validity check result, the WiFi client knows that the first WiFi access point is a legitimate access point, and generates a key according to the received Rc sent by the first WiFi access point and the generated Rs. The algorithm generates a shared key Ks with the first WiFi access point, and stores the calculated Ks securely, so as to realize the connection between the WiFi client and the first WiFi access point, and realize the transmission of information.
本发明实施例还提供一种WiFi接入方法,应用于接入点检测平台,如图3所示,所述WiFi接入方法包括:An embodiment of the present invention further provides a WiFi access method, which is applied to an access point detection platform. As shown in FIG. 3 , the WiFi access method includes:
步骤S301、接收一WiFi接入点发送的注册信息,对当前WiFi接入点进行核查,在核查成功后将所述注册信息存储到合法接入点列表中,并将注册成功结果返回当前WiFi接入点,使得当前WiFi接入点利用预置私钥生成认证信息;Step S301: Receive registration information sent by a WiFi access point, check the current WiFi access point, store the registration information in a list of legal access points after the verification is successful, and return the registration success result to the current WiFi access point. Access point, so that the current WiFi access point uses the preset private key to generate authentication information;
步骤S302、接收WiFi客户端发送的包含所述认证信息的连接接入请求;Step S302, receiving a connection access request including the authentication information sent by the WiFi client;
步骤S303、根据接收到的所述连接接入请求,利用所述注册信息中的公钥对所述认证信息进行合法认证,向当前WiFi接入点发送认证成功结果通知,使得当前WiFi接入点建立与所述WiFi客户端的连接。Step S303: According to the received connection access request, use the public key in the registration information to legally authenticate the authentication information, and send a notification of the successful authentication result to the current WiFi access point, so that the current WiFi access point A connection to the WiFi client is established.
具体的,接收一WiFi接入点发送的注册信息后,核查WiFi接入点提交的注册信息,注册认证成功后,将这些信息存储到合法接入点列表中,列表记录接入点的身份信息、接入点的名称SSID、媒体访问控制值MAC、认证方式、公钥等信息。并将注册成功结果返回当前WiFi接入点,使得当前WiFi接入点利用预置私钥生成认证信息。然后接收WiFi客户端发送的经当前WiFi接入点转发的包含认证信息的连接接入请求。Specifically, after receiving the registration information sent by a WiFi access point, check the registration information submitted by the WiFi access point, and after the registration authentication is successful, store the information in the list of legal access points, and the list records the identity information of the access point , Access point name SSID, media access control value MAC, authentication method, public key and other information. The successful registration result is returned to the current WiFi access point, so that the current WiFi access point uses the preset private key to generate authentication information. Then, a connection access request including authentication information and forwarded by the current WiFi access point and sent by the WiFi client is received.
需要说明的是,接入点检测平台在向当前WiFi接入点返回注册成功结果时,同时将自身的地址配置发送至当前WiFi接入点,由当前WiFi接入点将接入点检测平台的地址存储至一白名单列表中,白名单列表中存储有多个地址,客户端在访问白名单列表中的地址时,不需要进行认证,可以直接进行访问。当前WiFi接入点向接入点检测平台发送连接接入请求时,通过白名单列表中存储的接入点检测平台的地址,可直接将连接接入请求通过HTTPS透传至接入点检测平台。It should be noted that when the access point detection platform returns the successful registration result to the current WiFi access point, it also sends its own address configuration to the current WiFi access point, and the current WiFi access point will The addresses are stored in a whitelist, and there are multiple addresses stored in the whitelist. When a client accesses an address in the whitelist, it does not need to be authenticated and can directly access. When the current WiFi access point sends a connection access request to the access point detection platform, it can directly transparently transmit the connection access request to the access point detection platform through HTTPS through the address of the access point detection platform stored in the whitelist. .
在接收到客户端发送的包含认证信息的连接接入请求后,利用注册信息中的公钥对认证信息进行合法认证,认证成功后,向当前WiFi接入点发送认证成功结果通知,使得当前WiFi接入点建立与WiFi客户端的连接。After receiving the connection access request containing the authentication information sent by the client, use the public key in the registration information to legally authenticate the authentication information. The access point establishes a connection with the WiFi client.
在本发明上述实施例中,所述认证信息包括:接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc);所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的。In the above embodiment of the present invention, the authentication information includes: the access point random number Rc and the first encrypted random number EAPs (Rc) obtained by encrypting the Rc with the access point private key; the connection access request It is that the WiFi client uses the access point detection platform according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part. Generated after public key encryption.
具体的,当前WiFi接入点生成的Rc和采用接入点私钥对Rc进行加密得到的EAPs(Rc)组成认证信息。WiFi客户端在接收到当前WiFi接入点发送的认证信息后,生成Rs,然后根据认证信息、扫描获取的当前WiFi接入点的注册信息、Rs以及各部分相应的摘要值利用检测平台公钥加密后生成连接接入请求。Specifically, the Rc generated by the current WiFi access point and the EAPs (Rc) obtained by encrypting the Rc with the private key of the access point constitute the authentication information. After receiving the authentication information sent by the current WiFi access point, the WiFi client generates Rs, and then uses the public key of the detection platform according to the authentication information, the registration information of the current WiFi access point obtained by scanning, Rs and the corresponding digest value of each part. A connection access request is generated after encryption.
在本发明上述实施例中,步骤S303包括:In the above-mentioned embodiment of the present invention, step S303 includes:
步骤S3031、利用所述接入点检测平台的私钥对所述连接接入请求进行解密,完成信息的完整性校验;Step S3031, decrypt the connection access request by using the private key of the access point detection platform to complete the integrity check of the information;
步骤S3032、通过当前WiFi接入点的注册信息搜索合法接入点列表;Step S3032, searching for a list of legitimate access points through the registration information of the current WiFi access point;
步骤S3033、若搜索到完全对应项,用当前WiFi接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同则获得认证成功结果。Step S3033: If a complete corresponding item is found, decrypt the E APs (Rc) with the public key of the current WiFi access point, compare whether the decryption result is the same as the received Rc, and if they are the same, obtain a successful authentication result.
具体的,利用接入点检测平台的私钥对连接接入请求进行解密,获得认证信息,认证信息中包含Rc和EAPs(Rc),当前WiFi接入点的注册信息和Rs及各部分的摘要值,通过当前WiFi接入点的注册信息搜索合法接入点列表:若搜索到完全对应项,用当前WiFi接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同说明接入点是合法的,获得认证成功结果。Specifically, the connection access request is decrypted by using the private key of the access point detection platform to obtain authentication information. The authentication information includes Rc and E APs (Rc), the registration information of the current WiFi access point and the Rs and each part of the authentication information. Digest value, search the list of legal access points through the registration information of the current WiFi access point: if the exact corresponding item is found, decrypt the E APs (Rc) with the public key of the current WiFi access point, and compare the decryption result with the received Rc Whether they are the same, if they are the same, the access point is valid, and the authentication success result is obtained.
在本发明上述实施例中,当当前WiFi接入点为合法接入点时,所述方法还包括:In the foregoing embodiment of the present invention, when the current WiFi access point is a legitimate access point, the method further includes:
步骤S304、将解密出的Rs用当前WiFi接入点的公钥加密得到第二加密随机数EAPp(Rs);Step S304, encrypting the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number E APp (Rs);
步骤S305、将所述EAPp(Rs)和认证成功结果通知发送至当前WiFi接入点。Step S305: Send the E APp (Rs) and the authentication success result notification to the current WiFi access point.
具体的,在确认当前WiFi接入点为合法接入点后,将获得的Rs用当前WiFi接入点的公钥加密得到EAPp(Rs),然后将EAPp(Rs)和认证成功结果通知发送至当前WiFi接入点,由当前WiFi接入点对EAPp(Rs)进行解密后,获得Rs,利用Rs和Rc生成与WiFi客户端共享密钥Ks,建立WiFi接入点与WiFi客户端之间的连接,实现信息的传送。Specifically, after confirming that the current WiFi access point is a legitimate access point, encrypt the obtained Rs with the public key of the current WiFi access point to obtain E APp (Rs), and then notify the E APp (Rs) and the successful authentication result. Send to the current WiFi access point, after the current WiFi access point decrypts E APPp (Rs), obtain Rs, use Rs and Rc to generate the shared key Ks with the WiFi client, and establish the WiFi access point and WiFi client The connection between them realizes the transmission of information.
在本发明上述实施例中,所述方法还包括:In the above-mentioned embodiment of the present invention, the method further includes:
若搜索到相应项,但解密结果与收到的Rc不相同,则获得认证失败结果;If the corresponding item is searched, but the decryption result is different from the received Rc, the authentication failure result is obtained;
若未搜索到相应项,则获得认证失败结果。If no corresponding item is found, the authentication failure result is obtained.
在通过当前WiFi接入点的注册信息搜索合法接入点列表时,若搜索到相应项,用当前WiFi接入点的公钥解密EAPs(Rc),得到解密后的Rc,比较解密后的Rc与收到的Rc是否相同,当两者不同时,则证明认证失败,若未搜索到相应项,也证明认证失败。When searching the legal access point list through the registration information of the current WiFi access point, if the corresponding item is found, decrypt the E APs (Rc) with the public key of the current WiFi access point, obtain the decrypted Rc, and compare the decrypted Whether the Rc is the same as the received Rc, if the two are different, it means that the authentication fails, and if no corresponding item is found, it also proves that the authentication fails.
如图4所示,为本发明实施例整体流程示意图:As shown in Figure 4, it is a schematic diagram of the overall flow of the embodiment of the present invention:
步骤S401、WiFi接入点将由身份信息以及WiFi接入点的名称SSID、媒体访问控制值MAC、认证方式、公钥等信息组成的注册信息,通过HTTPS发送给接入点检测平台进行注册认证。Step S401, the WiFi access point sends the registration information consisting of identity information and the name SSID of the WiFi access point, the media access control value MAC, the authentication method, the public key and other information to the access point detection platform through HTTPS for registration authentication.
步骤S402、接入点检测平台核查WiFi接入点提交的注册信息,注册认证成功后,将这些信息存储到合法接入点列表中,列表记录WiFi接入点的身份信息以及WiFi接入点的名称SSID、媒体访问控制值MAC、认证方式、公钥等信息。Step S402: The access point detection platform checks the registration information submitted by the WiFi access point. After the registration and authentication is successful, the information is stored in a list of legal access points, and the list records the identity information of the WiFi access point and the identity information of the WiFi access point. Name SSID, media access control value MAC, authentication method, public key and other information.
步骤S403、接入点检测平台将注册成功结果和接入点检测平台的地址配置告知WiFi接入点。Step S403, the access point detection platform informs the WiFi access point of the successful registration result and the address configuration of the access point detection platform.
步骤S404、WiFi接入点将接入点检测平台的地址配置到白名单列表中,用于后续放行WiFi客户端发送的连接接入请求。Step S404 , the WiFi access point configures the address of the access point detection platform into the whitelist, which is used to subsequently release the connection access request sent by the WiFi client.
步骤S405、WiFi客户端扫描WiFi接入点列表,点击其中一个接入点进行连接。Step S405, the WiFi client scans the list of WiFi access points, and clicks one of the access points to connect.
步骤S406、WiFi客户端向接入点发送连接验证请求。Step S406, the WiFi client sends a connection verification request to the access point.
步骤S407、在接入点检测平台注册过的合法接入点接收连接验证请求,生成随机数Rc,并用私钥加密EAPs(Rc)。Step S407: The legitimate access point registered on the access point detection platform receives the connection verification request, generates a random number Rc, and encrypts the E APs (Rc) with the private key.
步骤S408、在接入点检测平台注册过的合法接入点将Rc和EAPs(Rc)发送给WiFi客户端;未在接入点检测平台注册的合法接入点,无法完成后续认证过程,WiFi客户端终止接入点认证流程,提示用户无法确定接入点的合法性,由用户决定是否继续。Step S408: The legal access point registered on the access point detection platform sends the Rc and E APs (Rc) to the WiFi client; the legal access point that is not registered on the access point detection platform cannot complete the subsequent authentication process, The WiFi client terminates the access point authentication process, prompting the user that the legitimacy of the access point cannot be determined, and the user decides whether to continue.
步骤S409、WiFi客户端生成随机数Rs,搜集该接入点的SSID、MAC、认证方式及Rc、EAPs(Rc)、Rs等信息并计算这些信息的摘要值,将上述信息及其摘要值用检测平台公钥加密后组成连接接入请求。Step S409, the WiFi client generates a random number Rs, collects the SSID, MAC, authentication method, Rc, E APs (Rc), Rs and other information of the access point, and calculates the summary value of these information, and combines the above information and its summary value. The connection access request is formed after encryption with the public key of the detection platform.
步骤S410、WiFi客户端将连接接入请求通过HTTPS由接入点透传给接入点检测平台。Step S410, the WiFi client transparently transmits the connection access request from the access point to the access point detection platform through HTTPS.
步骤S411、接入点检测平台用私钥解密连接接入请求,完成信息的完整性校验后,通过接入点信息搜索合法接入点列表:若搜索到完全对应项,用合法接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同说明接入点是合法的,未被伪造,再将解密出的Rs用接入点的公钥加密得到EAPp(Rs);若搜索到相应项,但解密结果与收到的Rc不相同,说明接入点是伪造的;若未搜索到相应项,则无法验证接入点的合法性。Step S411, the access point detection platform decrypts the connection access request with the private key, and after completing the integrity check of the information, searches the list of legal access points through the access point information: if a complete corresponding item is found, use the legal access point Decrypt the E APs (Rc) with the public key of the access point, and compare whether the decryption result is the same as the received Rc. If they are the same, it means that the access point is legal and not forged, and then encrypt the decrypted Rs with the access point's public key. E APp (Rs); If the corresponding item is searched, but the decryption result is different from the received Rc, it means that the access point is forged; if the corresponding item is not searched, the legitimacy of the access point cannot be verified.
步骤S412、接入点检测平台将接入点合法性的检测结果用检测平台的私钥签名与EAPp(Rs)一起发送给接入点。Step S412 , the access point detection platform sends the access point legality detection result to the access point together with the signature of the private key of the detection platform and the EAPp (Rs).
步骤S413、接入点用自己的私钥解密EAPp(Rs)得到Rs,以Rs、Rc为因子使用密钥生成算法生成与客户端共享密钥Ks并安全存储。Step S413 , the access point decrypts the E APp (Rs) with its own private key to obtain Rs, and uses Rs and Rc as factors to generate a shared key Ks with the client using a key generation algorithm and store it securely.
步骤S414、接入点将接入点检测平台发送的接入点合法性的检测结果及签名转发给客户端。Step S414, the access point forwards the detection result and the signature of the legitimacy of the access point sent by the access point detection platform to the client.
步骤S415、WiFi客户端用检测平台的公钥解密检测平台返回的结果,根据结果进行如下操作:如果接入点合法,则以Rs、Rc为因子使用密钥生成算法生成与客户端共享密钥Ks并安全存储,启动连接该接入点的操作,发送给接入点的消息都将经过Ks加密;如果无法验证该接入点,则提示用户无法确定接入点的合法性,由用户决定是否继续;如果接入点不合法,则提示用户接入点非法,存在钓鱼风险,由用户决定是否继续或直接禁止用户接入。Step S415, the WiFi client decrypts the result returned by the detection platform with the public key of the detection platform, and performs the following operations according to the result: if the access point is valid, use the key generation algorithm to generate a shared key with the client using Rs and Rc as factors Ks and stored securely, start the operation of connecting the access point, and the messages sent to the access point will be encrypted by Ks; if the access point cannot be verified, the user will be prompted that the legitimacy of the access point cannot be determined, and the user decides Whether to continue; if the access point is illegal, it will prompt the user that the access point is illegal and there is a risk of phishing, and the user decides whether to continue or directly prohibit the user from accessing.
本发明实施例还提供一种WiFi接入装置,应用于一WiFi接入点,如图5所示,所述WiFi接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to a WiFi access point. As shown in FIG. 5 , the WiFi access device includes:
第一处理模块10,用于向一接入点检测平台发送注册信息进行接入点注册,并接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果;其中所述注册信息包括接入认证相关信息及公钥;The
第二处理模块20,用于接收WiFi客户端发送的连接验证请求,利用预置私钥生成认证信息发送给所述WiFi客户端,将所述WiFi客户端发送的包含所述认证信息的连接接入请求转发至所述接入点检测平台;The
第三处理模块30,用于接收接入点检测平台利用所述注册信息中的公钥对所述认证信息进行合法认证后反馈的认证成功结果通知,与所述WiFi客户端之间建立WiFi连接。The
在本发明上述实施例中,所述WiFi接入装置还包括:In the foregoing embodiment of the present invention, the WiFi access device further includes:
接收存储模块40,用于所述第一处理模块10接收所述接入点检测平台对所述注册信息核查后返回的注册成功结果时,同时接收所述接入点检测平台的地址配置,将所述接入点检测平台的地址存储至一白名单列表中。The receiving storage module 40 is used for the
在本发明上述实施例中,所述第二处理模块20包括:In the foregoing embodiment of the present invention, the
生成子模块21,用于生成接入点随机数Rc,采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc),所述Rc和所述EAPs(Rc)组成所述认证信息;The generating sub-module 21 is used for generating the random number Rc of the access point, and encrypting the Rc with the private key of the access point to obtain the first encrypted random number EAPs (Rc), and the Rc and the EAPs (Rc) are composed of the authentication information;
第一发送子模块22,用于将所述Rc和所述EAPs(Rc)发送至所述WiFi客户端,由所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用检测平台公钥加密后生成所述连接接入请求。The first sending sub-module 22 is configured to send the Rc and the EAPs (Rc) to the WiFi client, and the WiFi client scans and obtains the current access point according to the authentication information. The registration information, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part are encrypted with the public key of the detection platform to generate the connection access request.
在本发明上述实施例中,所述第二处理模块20进一步用于:In the above embodiment of the present invention, the
将所述连接接入请求根据所述白名单列表中存储的所述接入点检测平台的地址透传至所述接入点检测平台。The connection access request is transparently transmitted to the access point detection platform according to the address of the access point detection platform stored in the whitelist.
在本发明上述实施例中,所述第三处理模块30包括:In the foregoing embodiment of the present invention, the
接收子模块31,用于接收所述认证成功结果通知时,同时接收所述接入点检测平台发送的第二加密随机数EAPp(Rs),所述EAPp(Rs)是所述接入点检测平台利用对获得的加密后的Rs进行解密再利用接入点公钥加密后生成的;The receiving sub-module 31 is configured to receive the second encrypted random number E APp (Rs) sent by the access point detection platform when receiving the authentication success result notification, and the E APp (Rs) is the access point detection platform. The point detection platform decrypts the obtained encrypted Rs and encrypts it with the access point public key;
第一解密子模块32,用于利用接入点私钥对所述EAPp(Rs)进行解密,得到所述Rs;The first decryption submodule 32 is used for decrypting the EAPp (Rs) using the access point private key to obtain the Rs;
连接子模块33,用于以所述Rs和所述Rc为因子使用密钥生成算法生成与所述WiFi客户端共享密钥Ks并安全存储,建立与所述WiFi客户端的连接,实现信息的传送。The connection sub-module 33 is used to use the Rs and the Rc as factors to generate a shared key Ks with the WiFi client using a key generation algorithm and store it securely, establish a connection with the WiFi client, and realize the transmission of information .
本发明实施例还提供一种WiFi接入装置,应用于一WiFi客户端,所述接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to a WiFi client, and the access device includes:
扫描发送模块40,用于扫描WiFi接入点列表,向所述WiFi接入点列表的第一WiFi接入点发送连接验证请求;The scanning and sending module 40 is configured to scan the WiFi access point list, and send a connection verification request to the first WiFi access point in the WiFi access point list;
第一接收模块50,用于当所述第一WiFi接入点为预先在接入点检测平台注册成功的接入点时,接收所述第一WiFi接入点利用私钥生成的认证信息;A first receiving module 50, configured to receive authentication information generated by the first WiFi access point using a private key when the first WiFi access point is an access point that has been successfully registered on the access point detection platform in advance;
第一发送模块60,用于将包含所述认证信息的连接接入请求发送至所述接入点检测平台进行合法性认证;a first sending module 60, configured to send a connection access request including the authentication information to the access point detection platform for legality authentication;
第四处理模块70,用于接收所述接入点检测平台发送的经所述第一WiFi接入点转发、且经所述接入点检测平台的私钥签名后的合法性检验结果,建立与所述第一WiFi接入点之间的连接。The fourth processing module 70 is configured to receive the validity check result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform, and establish connection to the first WiFi access point.
在本发明上述实施例中,所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的,所述认证信息中包含所述第一WiFi接入点生成的接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到的第一加密随机数EAPs(Rc)。In the above embodiment of the present invention, the connection access request is the WiFi client according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and The corresponding digest value of each part is generated by encrypting with the public key of the access point detection platform, and the authentication information includes the access point random number Rc generated by the first WiFi access point and the private key pair of the access point. The first encrypted random number EAPs (Rc) obtained by encrypting the Rc.
在本发明上述实施例中,所述第四处理模块70进一步用于:In the above embodiment of the present invention, the fourth processing module 70 is further configured to:
在收到所述合法性检验结果后,以接收到的所述Rc和生成的所述Rs为因子使用密钥生成算法生成与所述第一WiFi接入点共享密钥Ks并安全存储,建立与所述第一WiFi接入点的连接,实现信息的传送。After receiving the validity check result, use the received Rc and the generated Rs as factors to use a key generation algorithm to generate a shared key Ks with the first WiFi access point, store it securely, and establish The connection with the first WiFi access point realizes the transmission of information.
在本发明上述实施例中,所述装置还包括:In the above-mentioned embodiment of the present invention, described device also comprises:
终止模块80,用于当所述第一WiFi接入点不是预先在所述接入点检测平台注册成功的接入点时,终止认证流程,提示用户无法确定所述第一WiFi接入点的合法性。The termination module 80 is configured to terminate the authentication process when the first WiFi access point is not an access point successfully registered on the access point detection platform in advance, and prompt the user that the first WiFi access point cannot be determined. legality.
本发明实施例还提供一种WiFi接入装置,应用于接入点检测平台,所述WiFi接入装置包括:An embodiment of the present invention further provides a WiFi access device, which is applied to an access point detection platform, and the WiFi access device includes:
第五处理模块90,用于接收一WiFi接入点发送的注册信息,对当前WiFi接入点进行核查,在核查成功后将所述注册信息存储到合法接入点列表中,并将注册成功结果返回当前WiFi接入点,使得当前WiFi接入点利用预置私钥生成认证信息;The fifth processing module 90 is configured to receive the registration information sent by a WiFi access point, check the current WiFi access point, store the registration information in the list of legal access points after the verification is successful, and register the successful registration The result is returned to the current WiFi access point, so that the current WiFi access point uses the preset private key to generate authentication information;
第二接收模块100,用于接收WiFi客户端发送的包含所述认证信息的连接接入请求;The second receiving module 100 is configured to receive a connection access request including the authentication information sent by the WiFi client;
第六处理模块110,用于根据接收到的所述连接接入请求,利用所述注册信息中的公钥对所述认证信息进行合法认证,向当前WiFi接入点发送认证成功结果通知,使得当前WiFi接入点建立与所述WiFi客户端的连接。The sixth processing module 110 is configured to use the public key in the registration information to legally authenticate the authentication information according to the received connection access request, and send a notification of a successful authentication result to the current WiFi access point, so that The current WiFi access point establishes a connection with the WiFi client.
在本发明上述实施例中,所述认证信息包括:接入点随机数Rc和采用接入点私钥对所述Rc进行加密得到第一加密随机数EAPs(Rc);所述连接接入请求是所述WiFi客户端根据所述认证信息、扫描获取的当前接入点的所述注册信息、所述WiFi客户端生成的客户端随机数Rs以及各部分相应的摘要值利用接入点检测平台公钥加密后生成的。In the above embodiment of the present invention, the authentication information includes: the access point random number Rc and the first encrypted random number EAPs (Rc) obtained by encrypting the Rc with the access point private key; the connection access request It is that the WiFi client uses the access point detection platform according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the corresponding digest values of each part. Generated after public key encryption.
在本发明上述实施例中,所述第六处理模块110包括:In the foregoing embodiment of the present invention, the sixth processing module 110 includes:
第二解密子模块111,用于利用所述接入点检测平台的私钥对所述连接接入请求进行解密,完成信息的完整性校验;The second decryption sub-module 111 is configured to decrypt the connection access request by using the private key of the access point detection platform to complete the integrity check of the information;
搜索子模块112,用于通过当前WiFi接入点的注册信息搜索合法接入点列表;A search sub-module 112, configured to search for a list of legitimate access points through the registration information of the current WiFi access point;
处理子模块113,用于若搜索到完全对应项,用当前WiFi接入点的公钥解密EAPs(Rc),比较解密结果与收到的Rc是否相同,如果相同则获得认证成功结果。The processing sub-module 113 is configured to decrypt the E APs (Rc) with the public key of the current WiFi access point if a complete corresponding item is found, and compare whether the decryption result is the same as the received Rc, and if they are the same, obtain a successful authentication result.
在本发明上述实施例中,当当前WiFi接入点为合法接入点时,所述装置还包括:In the foregoing embodiment of the present invention, when the current WiFi access point is a legitimate access point, the device further includes:
加密模块120,用于将解密出的Rs用当前WiFi接入点的公钥加密得到第二加密随机数EAPp(Rs);An encryption module 120, configured to encrypt the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number E APp (Rs);
第二发送模块130,用于将所述EAPp(Rs)和认证成功结果通知发送至当前WiFi接入点。The second sending module 130 is configured to send the E APp (Rs) and the authentication success result notification to the current WiFi access point.
在本发明上述实施例中,所述装置还包括:In the above-mentioned embodiment of the present invention, the device further includes:
第一认证模块140,用于若搜索到相应项,但解密结果与收到的Rc不相同,则获得认证失败结果;The first authentication module 140 is used to obtain the authentication failure result if the corresponding item is searched, but the decryption result is different from the received Rc;
第二认证模块150,用于若未搜索到相应项,则获得认证失败结果。The second authentication module 150 is configured to obtain an authentication failure result if no corresponding item is found.
本发明实施例WiFi接入方法,通过WiFi接入点在接入点检测平台中完成注册认证后,WiFi接入点使用预置的私钥生成认证信息发送给WiFi客户端,WiFi客户端将包含认证信息的连接接入请求,经由WiFi接入点透传给接入点检测平台,接入点检测平台对WiFi接入点的合法性进行验证,确认接入点的合法身份,并将验证结果加密发送给WiFi客户端,WiFi客户端根据验证结果接入合法的接入点。可以提高WiFi验证的安全性,避免了数据信息被恶意篡改,防止接入钓鱼WiFi接入点,实现了WiFi的安全接入。In the WiFi access method according to the embodiment of the present invention, after the WiFi access point completes the registration authentication in the access point detection platform, the WiFi access point uses the preset private key to generate authentication information and sends it to the WiFi client, and the WiFi client will include The connection access request of authentication information is transparently transmitted to the access point detection platform through the WiFi access point, and the access point detection platform verifies the legitimacy of the WiFi access point, confirms the legal identity of the access point, and sends the verification result. The encryption is sent to the WiFi client, and the WiFi client accesses the legal access point according to the verification result. It can improve the security of WiFi verification, avoid malicious tampering of data information, prevent access to phishing WiFi access points, and realize secure WiFi access.
需要说明的是,本发明实施例提供的WiFi接入装置是应用上述方法的装置,则上述方法的所有实施例均适用于该装置,且均能达到相同或相似的有益效果。It should be noted that the WiFi access device provided by the embodiment of the present invention is a device applying the above method, and all the embodiments of the above method are applicable to the device, and can achieve the same or similar beneficial effects.
以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above are the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, several improvements and modifications can be made. It should be regarded as the protection scope of the present invention.
Claims (28)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510507794.5A CN106714158B (en) | 2015-08-18 | 2015-08-18 | A kind of WiFi access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510507794.5A CN106714158B (en) | 2015-08-18 | 2015-08-18 | A kind of WiFi access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106714158A CN106714158A (en) | 2017-05-24 |
| CN106714158B true CN106714158B (en) | 2020-02-18 |
Family
ID=58918570
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510507794.5A Active CN106714158B (en) | 2015-08-18 | 2015-08-18 | A kind of WiFi access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106714158B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729525A (en) * | 2017-10-31 | 2019-05-07 | 中国电信股份有限公司 | Fishing WIFI recognition methods, device, terminal device and computer readable storage medium |
| CN113543150A (en) * | 2020-04-22 | 2021-10-22 | 中兴通讯股份有限公司 | Network distribution method and device of intelligent device, electronic device and computer readable medium |
| CN116709313B (en) * | 2023-08-07 | 2023-10-17 | 江西科技学院 | WiFi sharing method, system and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1399490A (en) * | 2002-08-15 | 2003-02-26 | 西安西电捷通无线网络通信有限公司 | Safe access method of mobile terminal to radio local area network |
| CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
| CN101990206A (en) * | 2009-08-03 | 2011-03-23 | 秦志强 | Method and system capable of realizing differentiated access control of air interface of wireless local area network |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN102843682A (en) * | 2012-08-20 | 2012-12-26 | 中国联合网络通信集团有限公司 | Access point authorizing method, device and system |
| CN102883316A (en) * | 2011-07-15 | 2013-01-16 | 华为终端有限公司 | Connection establishing method, terminal and access point |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN104010310A (en) * | 2014-05-21 | 2014-08-27 | 中国人民解放军信息工程大学 | A Unified Authentication Method for Heterogeneous Networks Based on Physical Layer Security |
| CN104144163A (en) * | 2014-07-24 | 2014-11-12 | 腾讯科技(深圳)有限公司 | Identity verification method, device and system |
| CN104735052A (en) * | 2015-01-28 | 2015-06-24 | 中山大学 | WiFi hot spot safe login method and system |
-
2015
- 2015-08-18 CN CN201510507794.5A patent/CN106714158B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1399490A (en) * | 2002-08-15 | 2003-02-26 | 西安西电捷通无线网络通信有限公司 | Safe access method of mobile terminal to radio local area network |
| CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
| CN101990206A (en) * | 2009-08-03 | 2011-03-23 | 秦志强 | Method and system capable of realizing differentiated access control of air interface of wireless local area network |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN102883316A (en) * | 2011-07-15 | 2013-01-16 | 华为终端有限公司 | Connection establishing method, terminal and access point |
| CN102843682A (en) * | 2012-08-20 | 2012-12-26 | 中国联合网络通信集团有限公司 | Access point authorizing method, device and system |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN104010310A (en) * | 2014-05-21 | 2014-08-27 | 中国人民解放军信息工程大学 | A Unified Authentication Method for Heterogeneous Networks Based on Physical Layer Security |
| CN104144163A (en) * | 2014-07-24 | 2014-11-12 | 腾讯科技(深圳)有限公司 | Identity verification method, device and system |
| CN104735052A (en) * | 2015-01-28 | 2015-06-24 | 中山大学 | WiFi hot spot safe login method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106714158A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10638321B2 (en) | Wireless network connection method and apparatus, and storage medium | |
| EP2314090B1 (en) | Portable device association | |
| US8214649B2 (en) | System and method for secure communications between at least one user device and a network entity | |
| US8099761B2 (en) | Protocol for device to station association | |
| US8327143B2 (en) | Techniques to provide access point authentication for wireless network | |
| US8868909B2 (en) | Method for authenticating a communication channel between a client and a server | |
| WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
| WO2017028593A1 (en) | Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium | |
| CN112566119B (en) | Terminal authentication method, device, computer equipment and storage medium | |
| WO2016177052A1 (en) | User authentication method and apparatus | |
| CN105792194B (en) | Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy | |
| CN108512846A (en) | Mutual authentication method and device between a kind of terminal and server | |
| CN105119939A (en) | Access method and device, providing method, device and system of wireless network | |
| CN103906052B (en) | A kind of mobile terminal authentication method, Operational Visit method and apparatus | |
| WO2022100356A1 (en) | Identity authentication system, method and apparatus, device, and computer readable storage medium | |
| JP2016111660A (en) | Authentication server, terminal and authentication method | |
| CN107786515A (en) | A kind of method and apparatus of certificate verification | |
| KR102171377B1 (en) | Method of login control | |
| CN106714158B (en) | A kind of WiFi access method and device | |
| CN100499453C (en) | Method of the authentication at client end | |
| CN113316139B (en) | Wireless network access method and wireless access point | |
| TWI849942B (en) | Multi-device multi-factor dynamic strong encryption authentication method | |
| CN113316141B (en) | Wireless network access method, sharing server and wireless access point | |
| TWI514189B (en) | Network certification system and method thereof | |
| CN114567475A (en) | Multi-system login method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |