CN107302544B - Certificate request method, wireless access control equipment and wireless access point device - Google Patents
Certificate request method, wireless access control equipment and wireless access point device Download PDFInfo
- Publication number
- CN107302544B CN107302544B CN201710698543.9A CN201710698543A CN107302544B CN 107302544 B CN107302544 B CN 107302544B CN 201710698543 A CN201710698543 A CN 201710698543A CN 107302544 B CN107302544 B CN 107302544B
- Authority
- CN
- China
- Prior art keywords
- wireless access
- access point
- certificate
- point device
- control equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of certificate request method of the embodiment of the present invention, wireless access control equipment and wireless access point device.The wireless access point device is after obtaining the token information for carrying out certification agency application, certification agency request message is sent to the wireless access control equipment, the wireless access control equipment inquires the certificate request situation of the wireless access point device to the equipment management center, obtains device certificate from the certificate authority according to certificate request situation.Device certificate is sent to the wireless access point device after successfully obtaining device certificate by the wireless access control equipment.In above process, the certificate request of wireless access control equipment proxy wireless access point apparatus, realize the certificate automatic deployment to large-scale wireless access point apparatus, it solves the problems, such as that wireless access point device is complicated in actual deployment and use process, be difficult to management service, simplify and save management service cost.
Description
Technical field
Field of wireless data communication of the present invention, in particular to a kind of certificate request method, wireless access control equipment
And wireless access point device.
Background technique
Wireless system for security reasons considers, all wireless access point device (Wireless in deployment
Access Point, abbreviation AP) with wireless access point control and configuration protocol (Control And Provisioning of
Wireless Access Points, abbreviation CAPWAP) data-message transmission layer security protocol (Datagram Transport
Layer Security, abbreviation DTLS) mode access wireless access control equipment (Wireless Access Controller,
Abbreviation AC), all wireless access point devices can all be required that accessing wireless access control in a manner of DTLS certificate verification sets
It is standby, it needs just to be the equipment card of its application and distribution wireless access point device in wireless access point device initial deployment thus
Book.
In the prior art, the mode for the application of large-scale wireless access point apparatus and discharge device certificate has:
1. concentrating in advance is the good device certificate of each wireless access point device application to be disposed, and imported into and wirelessly connect
Enter in point device, then distributes wireless access point device again and carry out installation and deployment.
2. carrying out certificate authority (Certificate in advance for each wireless access point device to be disposed
Authority, abbreviation CA) address, SCEP function etc. configured, and then by each wireless access point device, voluntarily access certificate is awarded
Apply for certificate in power center.
Above two mode all inevitably faces when carrying out large-scale certificate request and distribution and needs big buret
Reason and maintenance workload, limit the security deployment of wireless access point device.
Summary of the invention
In order to overcome above-mentioned deficiency in the prior art, technical problem to be solved by the invention is to provide a kind of certificate Shens
Please method, wireless access control equipment and wireless access point device, be capable of providing one kind by wireless access control equipment to nothing
The device certificate of line access point apparatus carries out the method and wireless access control equipment of agent application, can be realized large-scale wireless
The automatic deployment of the certificate of access point apparatus, without additional operation.
The purpose of first aspect present invention is a kind of certificate request method, is applied to certificate request system, the system
Including wireless access point device, wireless access control equipment, certificate authority and the equipment management communicated to connect between each other
Center, which comprises
The wireless access point device is obtained from the wireless access control equipment for carrying out certification agency application
Token information;
The wireless access point device establishes the communication with the wireless access control equipment, institute according to the token information
It states wireless access point device and sends certification agency request message to the wireless access control equipment, wherein the certification agency
Request message includes the identification information of wireless access point device, and the identification information includes: MAC Address and/or equipment Serial Number;
The wireless access control equipment is after the identification information to the wireless access point device is verified, Xiang Suoshu
Equipment management center inquires the certificate request situation of the wireless access point device, is awarded according to certificate request situation from the certificate
Power center obtains device certificate;
Device certificate is sent to the wireless access after successfully obtaining device certificate by the wireless access control equipment
Point device, and update the record information of wireless access point device described in the equipment management center.
The purpose of second aspect of the present invention is a kind of certificate request method, is applied to and wireless access point device, certificate
Authorization center and the wireless access control equipment of equipment management center communication connection, which comprises
The wireless access control equipment is sent for carrying out the token information of certification agency application to the wireless access
Point device;
It is established based on the token information and is communicated with the wireless access point device, receive the wireless access point device hair
Send certification agency request message, wherein the certification agency request message includes the identification information of wireless access point device, described
Identification information includes: MAC Address and/or equipment Serial Number;
After the identification information to the wireless access point device is verified, described in the inquiry of Xiang Suoshu equipment management center
The certificate request situation of wireless access point device obtains device certificate from the certificate authority according to certificate request situation;
After successfully obtaining device certificate, device certificate is sent to the wireless access point device, and set described in update
The record information of wireless access point device described in standby administrative center.
Third aspect present invention is designed to provide a kind of wireless access control equipment, the wireless access control equipment
It is communicated to connect with wireless access point device, certificate authority and equipment management center, the wireless access control equipment includes:
Sending module, for sending the token information for carrying out certification agency application to the wireless access point device;
Secure communication module, for logical based on token information foundation and the secure communication of the wireless access point device
Road receives the wireless access point device and sends certification agency request message, wherein the certification agency request message includes nothing
The identification information of line access point apparatus, the identification information include: MAC Address and/or equipment Serial Number;
Certificate acquisition module, for being set to described after the identification information to the wireless access point device is verified
The certificate request situation of the wireless access point device is inquired by standby administrative center, according to certificate request situation from the certificate granting
Center obtains device certificate;
The secure communication module is also used to after successfully obtaining device certificate, device certificate is sent to described wireless
Access point apparatus;
The certificate acquisition module is also used to after successfully obtaining device certificate, updates institute in the equipment management center
State the record information of wireless access point device.
Fourth aspect present invention is designed to provide a kind of wireless access point device, the wireless access point device and nothing
The communication connection of line access control equipment, the wireless access point device include:
Sending module, for sending request message to the wireless access control equipment, so that the wireless access control
Equipment decides whether after receiving the request message according to preset decision strategy as wireless access point device progress
Certification agency application, wherein include the identification information of wireless access point device, the identification information packet in the request message
It includes: MAC Address and/or equipment Serial Number;
Receiving module is demonstrate,proved for receiving the wireless access control equipment being determined as the wireless access point device
The response message sent when book agent application includes the token information for carrying out certification agency application in the response message;
Secure communication module, for establishing the secure communication with the wireless access control equipment according to the token information
Channel sends certification agency request message to the wireless access control equipment by the secured communication channel, wherein described
Certification agency request message includes the identification information of wireless access point device, and the identification information includes: MAC Address and/or sets
Standby sequence number;
The secure communication module is also used to receive the wireless access control equipment generation by the secured communication channel
Manage the device certificate of application.
In terms of existing technologies, the invention has the following advantages:
The present invention provides a kind of certificate request method, wireless access control equipment and wireless access point device.It is described wireless
Access point apparatus sends certification agency request message to the nothing after obtaining the token information for carrying out certification agency application
Line access control equipment, the wireless access control equipment inquire the wireless access point device to the equipment management center
Certificate request situation obtains device certificate from the certificate authority according to certificate request situation.The wireless access control
Device certificate is sent to the wireless access point device after successfully obtaining device certificate by equipment.In above process, wirelessly
The certificate request of access control equipment proxy wireless access point apparatus is realized automatic to the certificate of large-scale wireless access point apparatus
Deployment solves the problems, such as that wireless access point device is complicated in actual deployment and use process, is difficult to management service, simplify and
Save management service cost.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of structural block diagram of certificate request system provided in an embodiment of the present invention.
Fig. 2 is a kind of flow chart of steps for the certificate request method that first embodiment of the invention provides.
Fig. 3 is the sub-step flow chart of S110 in step in Fig. 2.
Fig. 4 is another flow chart of steps for the certificate request method that first embodiment of the invention provides.
Fig. 5 is the step flow chart for the certificate request method that second embodiment of the invention provides.
Fig. 6 is the wireless access control equipment functional block diagram that third embodiment of the invention provides.
Fig. 7 is the wireless access point device functional block diagram that fourth embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiments of the present invention, this field is common
Technical staff's every other embodiment obtained without creative efforts belongs to the model that the present invention protects
It encloses.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Fig. 1 is please referred to, Fig. 1 is the structural block diagram for the certificate request system that present pre-ferred embodiments provide, the certificate
Application system includes: wireless access point device 100, wireless access control equipment 300, certificate authority 500 and equipment management
Center 400.The wireless access point device 100 is connected as user with the wireless access control equipment 300 and provides wireless access
Service.
The wireless access control equipment 300 is responsible for carrying out wireless access point device 100 access control and management, carries out
The processing of specific wireless traffic.
The certificate authority 500, which provides, inquires the device certificate information of wireless access point device 100, and to nothing
The device certificate of line access point apparatus 100 is signed and issued etc., the certificate authority 500 and the wireless access control equipment
300 communication connections, the certificate authority 500 can voluntarily be built by user, can also be provided by third party.
The equipment management center 400 is communicated to connect with wireless access control equipment 300, the equipment management center 400
Record the MAC Address of each wireless access point device 100, equipment Serial Number SN, management service state, wireless access point device
Certificate use state and wireless access point device 100 can access the information such as the list of wireless access control equipment 300.
First embodiment
Referring to figure 2., Fig. 2 is a kind of flow chart of steps for the certificate request method that present pre-ferred embodiments provide.Institute
Method is stated applied to certificate request system, specific description is done to the step of certificate application method below.
Step S110, wireless access point device 100 are obtained from the wireless access control equipment 300 for carrying out certificate
The token information of agent application.
Referring to figure 3., Fig. 3 is a kind of flow diagram for realizing step S110, and optionally, the step S110 can wrap
Enclosed tool step S111, sub-step S112 and sub-step S113.
Sub-step S111, wireless access point device 100 send request message to the wireless access control equipment 300, institute
State the identification information in request message including wireless access point device 100.
In the present embodiment, optionally, wireless access point device 100 passes through static state according to existing network deployment way
The modes such as configuration, DHCP OFFER or DISCOVERY broadcast send request message to wireless access control equipment 300.Wherein,
It include the identification information of wireless access point device 100 in the request message, the identification information includes MAC Address and/or sets
Standby sequence number.That is the identification information may include the MAC Address or wireless access point device of wireless access point device 100
100 equipment Serial Number can also include the MAC Address and wireless access point device 100 of wireless access point device 100 simultaneously
Equipment Serial Number.The identification information is (wireless for state of a control of the wireless access control equipment 300 to wireless access point device 100
Whether access point apparatus 100 belongs to 300 range of management of wireless access control equipment etc.) and certificate request state looked into
It askes.It can also include current certificates serial number in the request message, judge that current certificates are for wireless access control equipment 300
It is no via the application of this equipment and the current certificates to wireless access point device 100 whether to be needed to be updated.Optionally, this hair
The request message in bright embodiment is the DISCOVERY REQUEST message after extension.
Sub-step S112, the wireless access control equipment 300 are determined after receiving the request message according to preset
Whether plan strategy decision is that the wireless access point device 100 carries out certification agency application.
In the present embodiment, optionally, the sub-step S112 may include:
If the certificate verification mode of the wireless access control equipment 300 is not gated on, determine without being described wireless
Access point apparatus 100 carries out certification agency application.
If the wireless access control equipment 300 inquires the wireless access point in the equipment management center 400 and sets
Standby 100 be the online for the first time or described wireless access control equipment 300 according to 100 current certificates of wireless access point device
Information is then determined as described wireless when the certificate status that the equipment management center 400 inquires is failure or neighbouring failure
Access point apparatus 100 carries out certification agency application.Wherein, it is pre- to refer to that the effective storage life of certificate is less than for the certificate of neighbouring failure
If the certificate of time (for example, 7 days).
Sub-step S113, it is described wirelessly to connect when being determined as the progress of the wireless access point device 100 certification agency application
Enter to control equipment 300 and send response message to the wireless access point device 100, wherein the response message includes according to institute
State the token information that the identification information of wireless access point device 100 generates.
If being determined as the wireless access point device 100 according to preset decision strategy carries out certification agency application, wirelessly
Access control equipment 300 can generate token information according to identification information, random number information of wireless access point device 100 etc..And
A part of token information message in response is sent to wireless access point device 100.Optionally, in the embodiment of the present invention
The response message is the DISCOVERY RESPONSE message after extension.
Step S120, the wireless access point device 100 are established and the wireless access control according to the token information
Equipment 300 establishes secured communication channel, and the wireless access point device 100 sends certification agency request message and wirelessly connects to described
Enter to control equipment 300.
In the present embodiment, the wireless access point device 100 is with the wireless access control equipment 300 according to the order
The interaction of board information and random number information, the encryption code key for negotiating the communication channel set up secured communication channel, to logical
The content related with certification agency for crossing communication channel interaction is protected.The wireless access point device 100 passes through safety
Communication channel sends certification agency request message to the wireless access control equipment 300.The certification agency request message packet
The identification information of wireless access point device 100 is included, the identification information includes: MAC Address and/or equipment Serial Number.Namely
Say that the identification information may include the MAC Address of wireless access point device 100 or the equipment sequence of wireless access point device 100
Number, it can also simultaneously include the MAC Address of wireless access point device 100 and the equipment Serial Number of wireless access point device 100.Institute
Identification information is stated for carrying out verification verification for wireless access control installing standby 300, and certificate when as subsequent certificate application
Content information.
Step S130, the wireless access control equipment 300 are tested in the identification information to the wireless access point device 100
After card passes through, Xiang Suoshu equipment management center 400 inquires the certificate request situation of the wireless access point device 100, according to card
Book application situation obtains device certificate from the certificate authority 500.
In the present embodiment, described wirelessly to connect after the identification information to the wireless access point device 100 is verified
Enter to control the certificate request situation that equipment 300 inquires the wireless access point device 100 to the equipment management center 400.Institute
State that certificate request situation includes there are the situation of application record and there is no the situations of application record.
When the equipment management center 400 has existed certificate request record, according to the certificate request information of record from institute
It states certificate authority 500 and obtains device certificate.Optionally, equipment is obtained from the certificate authority 500 in this case
The step of certificate may include:
The wireless access control equipment 300 is asked according to the certificate request information of record, Xiang Suoshu certificate authority 500
Seek acquisition device certificate.
If the certificate authority 500 has completed certificate issuance, certificate is returned into the wireless access control
Equipment 300, and the wireless access point device 100 is handed down to by secured communication channel.
If the certificate authority 500 not yet completes certificate issuance, the wireless access control is returned result to
Equipment 300 notifies the wireless access point device 100 to be attached again after waiting preset time, until obtaining equipment card
Book.
In the present embodiment, the mode of 500 grant a certificate of certificate authority may include signing and issuing automatically or by managing
It is signed and issued after member's confirmation, when by the way of being signed and issued after administrator's confirmation, device certificate may multi-pass operation
It can obtain.
If there is no certificate request records for the equipment management center 400, card is generated for the wireless access point device 100
Book application, and device certificate is applied for the certificate authority 500 according to the certificate request information of generation.
In the present embodiment, optionally, the mode for generating certificate request for the wireless access point device 100 can be as
Under:
The public and private key of certificate is generated to information for the wireless access point device 100.
The relevant information of the wireless access point device 100 is obtained from the equipment management center 400, wherein correlation letter
Breath includes the list information and wireless access point device 100 that wireless access point device 100 can access wireless access control equipment 300
Identification information.
Certificate request is generated according to relevant information of the public and private key to information and the wireless access point device 100.
Wireless access control equipment 300 is used and is had existed with the equipment management center 400 after generating certificate request
Identical mode obtains the equipment card of wireless access point device from the certificate authority 500 under certificate request record situation
Book, specifically process is herein with regard to no longer being repeated.
Device certificate is sent to by step S140, the wireless access control equipment 300 after successfully obtaining device certificate
The wireless access point device 100, and update the record of wireless access point device 100 described in the equipment management center 400
Information.
Referring to figure 4., Fig. 4 is another certificate request method flow schematic diagram that first embodiment of the invention provides, institute
The method of stating further includes step S150.
Step S150, the wireless access point device 100 saves the device certificate of acquisition, and setting according to acquisition
Standby certificate and the wireless access control equipment 300 carry out after data-message transmission layer security protocol (DTLS) negotiates described in access
Wireless access control equipment.
In the present embodiment, the wireless access point device 100 can demonstrate,prove corresponding equipment after receiving device certificate
Letter breath is stored in the non-volatile storage space of the wireless access point device 100.In wireless access point device 100 and wirelessly
When access control equipment 300 re-establishes connection, device certificate and the nothing of the wireless access point device 100 according to acquisition
Line access control equipment 300 establishes connection after holding consultation.
Second embodiment
Referring to figure 5., Fig. 5 is the certificate request method flow schematic diagram that second embodiment of the invention provides, the certificate
Application method is applied to communicate to connect with wireless access point device 100, certificate authority 500 and equipment management center 400
Wireless access control equipment 300 does specific description to the step of certificate application method below.
Step S210, wireless access control equipment 300 are sent for carrying out the token information of certification agency application to described
Wireless access point device 100.
In the present embodiment, the step S210 may include:
It receives the wireless access point device 100 and sends request message, set in the request message including wireless access point
Standby 100 identification information.
After receiving the request message, decided whether according to preset decision strategy as the wireless access point device
100 carry out certification agency application.
In the present embodiment, decide whether to be demonstrate,proved for the wireless access point device 100 according to preset decision strategy
The specific descriptions of book agent application are referred to the sub-step S112 in first embodiment, and details are not described herein again.
When being determined as the progress of the wireless access point device 100 certification agency application, response message is sent to the nothing
Line access point apparatus 100, wherein the response message includes the order generated according to the identification information of the wireless access point device
Board information.
Step S220 is communicated based on token information foundation with the wireless access point device 100, is received described wireless
Access point apparatus 100 sends certification agency request message.
Step S230, after the identification information to the wireless access point device 100 is verified, Xiang Suoshu equipment management
The certificate request situation of the wireless access point device 100 is inquired at center 400, according to certificate request situation from the certificate granting
Center 500 obtains device certificate.
In the present embodiment, the specific of device certificate is obtained from the certificate authority 500 according to certificate request situation
The step S130 being referred in first embodiment is described, details are not described herein again.
Device certificate is sent to the wireless access point device 100 after successfully obtaining device certificate by step S240,
And update the record information of wireless access point device 100 described in the equipment management center 400.
3rd embodiment
Fig. 6 is please referred to, Fig. 6 is the functional module frame for the wireless access control equipment 300 that present pre-ferred embodiments provide
Figure, the wireless access control equipment 300 and wireless access point device 100, certificate authority 500 and equipment management center
400 communication connections, the wireless access control equipment 300 includes: sending module 310, secure communication module 320 and certificate acquisition
Module 330.
The sending module 310, for sending the token information for carrying out certification agency application to the wireless access
Point device 100.
The sending module 310 is used to execute the step S210 in Fig. 5, the specific descriptions about the sending module 310
It is referred to the description of step S210.
The secure communication module 320, for establishing the peace with the wireless access point device based on the token information
Complete 100 communication channel receives the wireless access point device 100 and sends certification agency request message, wherein the certification agency
Request message includes the identification information of wireless access point device 100, and the identification information includes: MAC Address and/or equipment sequence
Number.That is the identification information may include the MAC Address or wireless access point device 100 of wireless access point device 100
Equipment Serial Number can also include the MAC Address of wireless access point device 100 and the equipment of wireless access point device 100 simultaneously
Sequence number.
The certificate acquisition module 330, for being verified in the identification information to the wireless access point device 100
Afterwards, Xiang Suoshu equipment management center 400 inquires the certificate request situation of the wireless access point device 100, according to certificate request
Situation obtains device certificate from the certificate authority 500.
The secure communication module 320 is also used to after successfully obtaining device certificate, and device certificate is sent to the nothing
Line access point apparatus 100.
The certificate acquisition module 330 is also used to after successfully obtaining device certificate, updates the equipment management center 400
Described in wireless access point device 100 record information.
The secure communication module 320 and certificate acquisition module 330 are used to execute the corresponding steps in Fig. 5, about safety
Communication module 320 and the specific descriptions of certificate acquisition module 330 are referred to the description to step in Fig. 5.
Referring once again to Fig. 6, in the present embodiment, optionally, it can also include receiving that the wireless access control, which sets 300,
Module 340, receiving module 340 are used to receive the request message that the wireless access point device 100 is sent, in the request message
Identification information including wireless access point device 100.
Specifically, after the request message that receiving module 340 receives that the wireless access point device 100 is sent, the hair
Send module 310 for according to preset decision strategy decide whether for the wireless access point device 100 progress certification agency application;
When being determined as the progress of the wireless access point device 100 certification agency application, response message is sent to the wireless access point
Equipment 100, wherein the response message includes the token letter generated according to the identification information of the wireless access point device 100
Breath.
Fourth embodiment
Fig. 7 is please referred to, Fig. 7 is the functional block diagram for the wireless access point device 100 that present pre-ferred embodiments provide,
The wireless access point device 100 is communicated to connect with wireless access control equipment 300, and the wireless access point device 100 includes:
Sending module 110, receiving module 120 and secure communication module 130.
Sending module 110, for sending request message to the wireless access control equipment 300, so that described wirelessly connect
Enter to control equipment 300 after receiving the request message, is decided whether according to preset decision strategy as the wireless access
Point device 100 carries out certification agency application.It wherein, include the identification information of wireless access point device 100 in the request message,
The identification information includes: MAC Address and/or equipment Serial Number.
Receiving module 120 is being determined as the wireless access point device for receiving the wireless access control equipment 300
100 carry out the response message sent when certification agency application, include for carrying out certification agency application in the response message
Token information.
Secure communication module 130, for establishing the peace with the wireless access control equipment 300 according to the token information
Full communication channel sends certification agency request message to the wireless access control equipment 300 by the secured communication channel,
Wherein, the certification agency request message includes the identification information of wireless access point device 100, and the identification information includes: MAC
Address and/or equipment Serial Number.
In the present embodiment, the secure communication module 130 is also used to receive the nothing by the secured communication channel
The device certificate of 300 agent application of line access control equipment.
In conclusion the present invention provides a kind of certificate request method, wireless access control equipment and wireless access point device,
The wireless access point device sends certification agency request message after obtaining the token information for carrying out certification agency application
To the wireless access control equipment, the wireless access control equipment inquires the wireless access to the equipment management center
The certificate request situation of point device obtains device certificate from the certificate authority according to certificate request situation.It is described wireless
Device certificate is sent to the wireless access point device after successfully obtaining device certificate by access control equipment.In above-mentioned mistake
Cheng Zhong, the certificate request of wireless access control equipment proxy wireless access point apparatus are realized to large-scale wireless access point apparatus
Certificate automatic deployment, solve that wireless access point device is complicated in actual deployment and use process, is difficult to management service
Problem simplifies and saves management service cost.
In addition, each functional module in each embodiment of the present invention can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.It should also be noted that similar label and letter exist
Similar terms are indicated in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, are then not required in subsequent attached drawing
It is further defined and explained.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (13)
1. a kind of certificate request method, which is characterized in that be applied to certificate request system, the system comprises mutual communications
Wireless access point device, wireless access control equipment, certificate authority and the equipment management center of connection, the method packet
It includes:
The wireless access point device obtains the token for carrying out certification agency application from the wireless access control equipment
Information;
The wireless access point device is established the secure communication with the wireless access control equipment according to the token information and is led to
Road, the wireless access point device send certification agency request message to the wireless access control equipment, wherein the certificate
Proxy requests message includes the identification information of wireless access point device, and the identification information includes: MAC Address and/or equipment sequence
Row number;
The wireless access control equipment is after the identification information to the wireless access point device is verified, Xiang Suoshu equipment
The certificate request situation of the wireless access point device is inquired by administrative center, according to certificate request situation from the certificate granting
The heart obtains device certificate;
Device certificate is sent to the wireless access point and set by the wireless access control equipment after successfully obtaining device certificate
It is standby, and update the record information of wireless access point device described in the equipment management center.
2. the method as described in claim 1, which is characterized in that the wireless access point device is set from the wireless access control
Include: for the step of middle token information obtained for carrying out certification agency application
Wireless access point device sends request message and arrives the wireless access control equipment, including wirelessly connecing in the request message
Enter the identification information of point device;
The wireless access control equipment decides whether after receiving the request message according to preset decision strategy as institute
It states wireless access point device and carries out certification agency application;
When being determined as the wireless access point device progress certification agency application, the wireless access control equipment sends response
Message is to the wireless access point device, wherein the response message includes being believed according to the mark of the wireless access point device
Cease the token information generated.
3. method according to claim 2, which is characterized in that the wireless access control equipment is receiving the request report
Wen Hou decides whether the step of carrying out certification agency application for wireless access point device packet according to preset decision strategy
It includes:
If the certificate verification mode of the wireless access control equipment is not gated on, determine without being set for the wireless access point
It is standby to carry out certification agency application;
If the wireless access control equipment inquires the wireless access point device in the equipment management center as the first time
The online or described wireless access control equipment is according to the wireless access point device current credential information in the equipment management
When the certificate status that the heart inquires is failure or neighbouring failure, then it is determined as the wireless access point device and carries out certification agency Shen
Please.
4. the method as described in claim 1, which is characterized in that it is described according to certificate request situation from the certificate authority
The step of middle acquisition device certificate includes:
If the equipment management center has existed certificate request record, awarded according to the certificate request information of record from the certificate
Power center obtains device certificate;
If there is no certificate request records for the equipment management center, certificate request is generated for the wireless access point device, and
According to the certificate request information of generation to the certificate authority application device certificate.
5. method as claimed in claim 4, which is characterized in that if the equipment management center has existed certificate request note
It records, includes: from the step of certificate authority acquisition device certificate according to the certificate request information of record
Certificate request information of the wireless access control equipment according to record, Xiang Suoshu certificate authority request equipment
Certificate;
If the certificate authority has completed certificate issuance, certificate is returned into the wireless access control equipment, institute
It states wireless access control equipment and is handed down to the wireless access point device;
If the certificate authority not yet completes certificate issuance, the wireless access control equipment, institute are returned result to
Stating wireless access control equipment notifies the wireless access point device to be attached again after waiting preset time, until obtaining
Device certificate.
6. method as claimed in claim 4, which is characterized in that if the equipment management center there is no certificate request record,
Certificate request is generated for the wireless access point device, and according to the information of the certificate request of generation to the certificate authority
Apply device certificate the step of include:
The public and private key of certificate is generated to information for the wireless access point device;
The relevant information of the wireless access point device is obtained from the equipment management center, wherein relevant information includes wireless
Access point apparatus can access the list information of wireless access control equipment and the identification information of wireless access point device;
Certificate request is generated according to relevant information of the public and private key to information and the wireless access point device;
Device certificate is obtained from the certificate authority according to the information of the certificate request of generation.
7. a kind of certificate request method, which is characterized in that be applied to and wireless access point device, certificate authority and equipment pipe
Manage the wireless access control equipment of center to center communications connection, which comprises
The wireless access control equipment transmission is set for carrying out the token information of certification agency application to the wireless access point
It is standby;
It is established based on the token information and is communicated with the wireless access point device, received the wireless access point device and send card
Book proxy requests message, wherein the certification agency request message includes the identification information of wireless access point device, the mark
Information includes: MAC Address and/or equipment Serial Number;
After the identification information to the wireless access point device is verified, the inquiry of Xiang Suoshu equipment management center is described wireless
The certificate request situation of access point apparatus obtains device certificate from the certificate authority according to certificate request situation;
After successfully obtaining device certificate, device certificate is sent to the wireless access point device, and update the equipment pipe
The record information of wireless access point device described in reason center.
8. the method for claim 7, which is characterized in that the wireless access control equipment is sent for carrying out certificate generation
Manage the token information applied includes: to the step of wireless access point device
It receives the wireless access point device and sends request message, include the mark of wireless access point device in the request message
Information;
After receiving the request message, decided whether according to preset decision strategy as wireless access point device progress
Certification agency application;
When being determined as the wireless access point device progress certification agency application, response message is sent to the wireless access point
Equipment, wherein the response message includes the token information generated according to the identification information of the wireless access point device.
9. method according to claim 8, which is characterized in that it is described after receiving the request message, according to preset
Decision strategy decides whether that the step of carrying out certification agency application for the wireless access point device includes:
If the certificate verification mode of the wireless access control equipment is not gated on, determine without being set for the wireless access point
It is standby to carry out certification agency application;
If the wireless access control equipment inquires the wireless access point device in the equipment management center as the first time
The online or described wireless access control equipment is according to the wireless access point device current credential information in the equipment management
When the certificate status that the heart inquires is failure or neighbouring failure, then it is determined as the wireless access point device and carries out certification agency Shen
Please.
10. the method for claim 7, which is characterized in that it is described according to certificate request situation from the certificate granting
The heart obtain device certificate the step of include:
If the equipment management center has existed certificate request record, awarded according to the certificate request information of record from the certificate
Power center obtains device certificate;
If there is no certificate request records for the equipment management center, certificate request is generated for the wireless access point device, and
According to the certificate request information of generation to the certificate authority application device certificate.
11. a kind of wireless access control equipment, which is characterized in that the wireless access control equipment and wireless access point device,
Certificate authority and equipment management center communication connection, the wireless access control equipment include:
Sending module, for sending the token information for carrying out certification agency application to the wireless access point device;
Secure communication module, for establishing the secured communication channel with the wireless access point device based on the token information,
It receives the wireless access point device and sends certification agency request message, wherein the certification agency request message includes wireless
The identification information of access point apparatus, the identification information include: MAC Address and/or equipment Serial Number;
Certificate acquisition module, for after the identification information to the wireless access point device is verified, Xiang Suoshu equipment pipe
The certificate request situation of the wireless access point device is inquired at reason center, according to certificate request situation from the certificate authority
Obtain device certificate;
The secure communication module is also used to after successfully obtaining device certificate, device certificate is sent to the wireless access
Point device;
The certificate acquisition module is also used to after successfully obtaining device certificate, updates nothing described in the equipment management center
The record information of line access point apparatus.
12. wireless access control equipment as claimed in claim 11, which is characterized in that further include receiving module, for receiving
The request message that the wireless access point device is sent includes the identification information of wireless access point device in the request message;
The sending module, specifically for deciding whether to carry out certificate for the wireless access point device according to default decision strategy
Agent application;When being determined as the wireless access point device and carrying out certification agency application, send response message to it is described wirelessly
Access point apparatus, wherein the response message includes the token letter generated according to the identification information of the wireless access point device
Breath.
13. a kind of wireless access point device, which is characterized in that the wireless access point device is communicated with wireless access control equipment
Connection, the wireless access point device include:
Sending module, for sending request message to the wireless access control equipment, so that the wireless access control equipment
After receiving the request message, decided whether to carry out certificate for the wireless access point device according to preset decision strategy
Agent application, wherein include the identification information of wireless access point device in the request message, the identification information includes: MAC
Address and/or equipment Serial Number;
Receiving module is being determined as the wireless access point device progress certificate generation for receiving the wireless access control equipment
The response message sent when application is managed, includes the token information for carrying out certification agency application in the response message;
Secure communication module, for logical according to token information foundation and the secure communication of the wireless access control equipment
Road sends certification agency request message to the wireless access control equipment by the secured communication channel, wherein the card
Book proxy requests message includes the identification information of wireless access point device, and the identification information includes: MAC Address and/or equipment
Sequence number;
The secure communication module is also used to receive the wireless access control equipment by the secured communication channel and acts on behalf of Shen
Device certificate please.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710698543.9A CN107302544B (en) | 2017-08-15 | 2017-08-15 | Certificate request method, wireless access control equipment and wireless access point device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710698543.9A CN107302544B (en) | 2017-08-15 | 2017-08-15 | Certificate request method, wireless access control equipment and wireless access point device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107302544A CN107302544A (en) | 2017-10-27 |
| CN107302544B true CN107302544B (en) | 2019-09-13 |
Family
ID=60132115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710698543.9A Active CN107302544B (en) | 2017-08-15 | 2017-08-15 | Certificate request method, wireless access control equipment and wireless access point device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107302544B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11265714B2 (en) * | 2018-12-28 | 2022-03-01 | Cable Television Laboratories, Inc. | Systems and methods for subscriber certificate provisioning |
| CN111010410B (en) * | 2020-03-09 | 2020-06-16 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense system based on certificate identity authentication and certificate signing and issuing method |
| CN113872765B (en) * | 2020-06-30 | 2023-02-03 | 华为技术有限公司 | Application method for identity certificate, identity authentication method, equipment and device |
| CN111865992B (en) * | 2020-07-23 | 2021-04-02 | 亚数信息科技(上海)有限公司 | ACME centralized management system and load balancing method thereof |
| CN112202770B (en) * | 2020-09-29 | 2023-06-16 | 北京小米移动软件有限公司 | Device networking method and device, device and storage medium |
| CN113037717A (en) * | 2021-02-07 | 2021-06-25 | 深圳创维-Rgb电子有限公司 | Network access method of intelligent device, terminal and readable storage medium |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1399490A (en) * | 2002-08-15 | 2003-02-26 | 西安西电捷通无线网络通信有限公司 | Safe access method of mobile terminal to radio local area network |
| CN1444386A (en) * | 2001-12-31 | 2003-09-24 | 西安西电捷通无线网络通信有限公司 | Safe inserting method of wide-band wireless IP system mobile terminal |
| CN1697370A (en) * | 2004-05-14 | 2005-11-16 | 华为技术有限公司 | Method for mobile terminal in WLAN to apply for certificate |
| CN1700636A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method of applying certificate for wireless LAN mobile terminal and certificate management system |
| CN101309146A (en) * | 2008-06-13 | 2008-11-19 | 南京邮电大学 | A Realization Method of Grid Security System with Self-Renewable Proxy Certificate |
| CN101370012A (en) * | 2008-07-09 | 2009-02-18 | 南京邮电大学 | Construction Method of Agent-Based Peer-to-Peer Computing Trust Mechanism |
| CN101547444A (en) * | 2009-03-11 | 2009-09-30 | 西安西电捷通无线网络通信有限公司 | Method for providing special access process to different terminals in WLAN |
| CN102045716A (en) * | 2010-12-06 | 2011-05-04 | 西安西电捷通无线网络通信股份有限公司 | Method and system for safe configuration of station (STA) in wireless local area network (WLAN) |
| CN102137399A (en) * | 2011-03-07 | 2011-07-27 | 宇龙计算机通信科技(深圳)有限公司 | Certificate management method and certificate management system |
| CN102202307A (en) * | 2011-06-17 | 2011-09-28 | 刘明晶 | Mobile terminal identity authentication system and method based on digital certificate |
| CN102215488A (en) * | 2011-05-27 | 2011-10-12 | 中国联合网络通信集团有限公司 | Smart phone digital certificate application method and system |
| CN105264818A (en) * | 2014-05-08 | 2016-01-20 | 华为技术有限公司 | Certificate acquisition method and device |
| CN105284091A (en) * | 2014-05-08 | 2016-01-27 | 华为技术有限公司 | Certificate acquisition method and device |
| CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
| EP3017394A2 (en) * | 2013-07-03 | 2016-05-11 | Toro Development Limited | A moblie integrated distribution and transaction system and method for nfc services, and a mobile electronic device thereof |
| CN106921639A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | Mobile digital certificate application method and device |
| CN106936577A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of method for certificate request, terminal and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140282925A1 (en) * | 2013-03-15 | 2014-09-18 | Sypris Electronics, Llc | Personal Authentication Device and System for Securing Transactions on a Mobile Device |
-
2017
- 2017-08-15 CN CN201710698543.9A patent/CN107302544B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1444386A (en) * | 2001-12-31 | 2003-09-24 | 西安西电捷通无线网络通信有限公司 | Safe inserting method of wide-band wireless IP system mobile terminal |
| CN1399490A (en) * | 2002-08-15 | 2003-02-26 | 西安西电捷通无线网络通信有限公司 | Safe access method of mobile terminal to radio local area network |
| CN1697370A (en) * | 2004-05-14 | 2005-11-16 | 华为技术有限公司 | Method for mobile terminal in WLAN to apply for certificate |
| CN1700636A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method of applying certificate for wireless LAN mobile terminal and certificate management system |
| CN101309146A (en) * | 2008-06-13 | 2008-11-19 | 南京邮电大学 | A Realization Method of Grid Security System with Self-Renewable Proxy Certificate |
| CN101370012A (en) * | 2008-07-09 | 2009-02-18 | 南京邮电大学 | Construction Method of Agent-Based Peer-to-Peer Computing Trust Mechanism |
| CN101547444A (en) * | 2009-03-11 | 2009-09-30 | 西安西电捷通无线网络通信有限公司 | Method for providing special access process to different terminals in WLAN |
| CN102045716A (en) * | 2010-12-06 | 2011-05-04 | 西安西电捷通无线网络通信股份有限公司 | Method and system for safe configuration of station (STA) in wireless local area network (WLAN) |
| CN102137399A (en) * | 2011-03-07 | 2011-07-27 | 宇龙计算机通信科技(深圳)有限公司 | Certificate management method and certificate management system |
| CN102215488A (en) * | 2011-05-27 | 2011-10-12 | 中国联合网络通信集团有限公司 | Smart phone digital certificate application method and system |
| CN102202307A (en) * | 2011-06-17 | 2011-09-28 | 刘明晶 | Mobile terminal identity authentication system and method based on digital certificate |
| EP3017394A2 (en) * | 2013-07-03 | 2016-05-11 | Toro Development Limited | A moblie integrated distribution and transaction system and method for nfc services, and a mobile electronic device thereof |
| CN105264818A (en) * | 2014-05-08 | 2016-01-20 | 华为技术有限公司 | Certificate acquisition method and device |
| CN105284091A (en) * | 2014-05-08 | 2016-01-27 | 华为技术有限公司 | Certificate acquisition method and device |
| CN106464495A (en) * | 2014-05-08 | 2017-02-22 | 华为技术有限公司 | Certificate acquisition method and device |
| CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
| CN106921639A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | Mobile digital certificate application method and device |
| CN106936577A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of method for certificate request, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107302544A (en) | 2017-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107302544B (en) | Certificate request method, wireless access control equipment and wireless access point device | |
| CN103259837B (en) | Roadside unit cut-in method, system and device | |
| CN101208685B (en) | Method and apparatus providing policy-based revocation of network security credentials | |
| EP2413558B1 (en) | Method and system for updating and using digital certificates | |
| CN101129014B (en) | System and method for multi-session establishment | |
| US10511587B2 (en) | Authorization apparatus and method for an authorized issuing of an authentication token for a device | |
| CN108512862A (en) | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques | |
| CN108881232A (en) | Sign-on access method, apparatus, storage medium and the processor of operation system | |
| EP1993301B1 (en) | Method and apparatus of operating a wireless home area network | |
| EP1760945A2 (en) | Wireless LAN security system and method | |
| CN109688585A (en) | Vehicle-ground wireless communication encryption method and device applied to train monitoring system | |
| EP1552666A1 (en) | Configuration of enterprise gateways | |
| CN101127598B (en) | A method and system for 802.1x authentication in passive optical network | |
| CN108667609A (en) | A kind of digital certificate management method and equipment | |
| JPWO2008096825A1 (en) | Certificate authentication method, certificate issuing device, and authentication device | |
| CN102150447A (en) | System and method for provisioning flows in a WiMAX network environment | |
| CN103825901B (en) | A kind of method for network access control and equipment | |
| WO2004073237A2 (en) | Virtual wireless local area networks | |
| CN109756336A (en) | An authentication method, V2X computing system and V2X computing node | |
| CN108667781A (en) | A kind of digital certificate management method and equipment | |
| CN109640325A (en) | The method for managing security towards fleet based on expandable type contribution group cipher key negotiation | |
| CN109688111A (en) | A kind of vehicle identification Verification System and method adapting to V2X communication | |
| CN101345723B (en) | Management authentication method and system of client gateway | |
| ES2354025T3 (en) | PROCEDURE AND APPLIANCE TO LOCATE USERS OF MOBILE DEVICES IN A WIRELESS COMPUTER NETWORK. | |
| CN105337967A (en) | Method and system for achieving target server logging by user and central server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |