[go: up one dir, main page]

CN113507709B - Automatic network connection method and device for medical equipment in scene of medical internet of things - Google Patents

Automatic network connection method and device for medical equipment in scene of medical internet of things Download PDF

Info

Publication number
CN113507709B
CN113507709B CN202111058561.3A CN202111058561A CN113507709B CN 113507709 B CN113507709 B CN 113507709B CN 202111058561 A CN202111058561 A CN 202111058561A CN 113507709 B CN113507709 B CN 113507709B
Authority
CN
China
Prior art keywords
ssid
distribution network
medical equipment
medical
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111058561.3A
Other languages
Chinese (zh)
Other versions
CN113507709A (en
Inventor
何昆仑
李宗任
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese PLA General Hospital
Original Assignee
Chinese PLA General Hospital
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese PLA General Hospital filed Critical Chinese PLA General Hospital
Priority to CN202111058561.3A priority Critical patent/CN113507709B/en
Publication of CN113507709A publication Critical patent/CN113507709A/en
Application granted granted Critical
Publication of CN113507709B publication Critical patent/CN113507709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/20Education
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/35Services specially adapted for particular environments, situations or purposes for the management of goods or merchandise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Educational Administration (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Educational Technology (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

本公开是关于一种医疗物联网场景下医疗设备的自动网络连接方法及设备,包括:医疗设备接收来自接入点发送的携带配网SSID标记的广播帧,并根据配网SSID标记识别配网SSID;通过接入点向身份认证服务器发送医疗设备标识,以通过身份认证服务器对医疗设备进行身份认证,在医疗设备的身份认证通过后,医疗设备接入配网SSID对应的配网SSID网络,以及从配网SSID网络中向PKI服务器申请认证证书并获取预先约定好的业务SSID,并在申请到认证证书以及获取到业务SSID后,完成首次连接,完成首次连接后,医疗设备基于认证证书连接到业务SSID对应的业务SSID网络中。本申请能够增强医疗设备首次连接医院物联网的效率,并在首次连接后可以实现医疗设备自动快速无感连接医院物联网。

Figure 202111058561

The present disclosure relates to an automatic network connection method and device for medical equipment in a medical Internet of Things scenario, including: the medical equipment receives a broadcast frame carrying a distribution network SSID tag sent from an access point, and identifies the distribution network according to the distribution network SSID tag. SSID; send the medical device identification to the identity authentication server through the access point to authenticate the medical device through the identity authentication server. After the identity authentication of the medical device is passed, the medical device is connected to the distribution network SSID network corresponding to the distribution network SSID. And apply for the authentication certificate from the PKI server from the distribution network SSID network and obtain the pre-agreed service SSID, and after applying for the authentication certificate and obtaining the service SSID, the first connection is completed. After the first connection is completed, the medical device is connected based on the authentication certificate. into the service SSID network corresponding to the service SSID. The present application can enhance the efficiency of the medical equipment connecting to the hospital Internet of Things for the first time, and after the first connection, the medical equipment can be automatically and quickly connected to the hospital Internet of Things without any sense.

Figure 202111058561

Description

Automatic network connection method and device for medical equipment in scene of medical internet of things
Technical Field
The present disclosure relates to network connection methods, and in particular, to an automatic network connection method and device for medical devices in a medical internet of things scenario.
Background
With the rapid development of the mobile interconnection technology, the application of the internet of things technology in the medical field almost extends to all links in the field, and the medical equipment internet of things constructed by various and large-scale medical equipment can enable hospitals to effectively improve the overall informatization level and service capacity.
At present, with the popularization of various network service applications, Wi-Fi has the advantages of wide application, no wiring, low cost, high bandwidth and the like, Wi-Fi connection becomes an important equipment network access mode in an internet of things system, and a large number of mobile medical equipment in a hospital gradually adopts Wi-Fi to access a medical internet of things.
However, medical equipment is abundant in type and large in quantity, and the operation required when the medical equipment is connected into the Internet of things of the hospital is complicated, so that the study and management cost of hospital personnel is greatly increased. And the problems of data security, privacy protection, network security and the like in the Internet of things in the medical field are easily caused.
In the prior art, when medical equipment is connected with the Internet of things through Wi-Fi, Wi-Fi connection parameter configuration is complex, manual configuration on a UI interface of the medical equipment is needed, or configuration through a WEB interface after the Wi-Fi of the equipment is connected through a notebook computer is needed, most of the configuration adopts a PSK authentication mode, but the configuration is time-consuming and labor-consuming, and the safety is poor after the configuration.
Disclosure of Invention
In order to overcome the problems in the related art, the present disclosure provides an automatic network connection method and device for medical devices in a medical internet of things scenario.
According to a first aspect of the embodiments of the present disclosure, there is provided an automatic network connection method for medical equipment in a scene of a medical internet of things, including:
the method comprises the steps that the medical equipment receives a broadcast frame which is sent by an access point and carries a distribution network SSID mark, and identifies the distribution network SSID according to the distribution network SSID mark;
the method comprises the steps that a medical equipment identification is sent to an identity authentication server through an access point, identity authentication is carried out on the medical equipment through the identity authentication server, after the identity authentication of the medical equipment passes, the medical equipment is accessed to a distribution network SSID network corresponding to the distribution network SSID, an authentication certificate is applied to a PKI server in the distribution network SSID network, a preset service SSID is obtained, first connection is completed after the authentication certificate is applied and the service SSID is obtained, and after the first connection is completed, the medical equipment can be connected to the service SSID network corresponding to the service SSID based on the authentication certificate.
In some embodiments of the present application, the receiving, by the medical device, a broadcast frame carrying a distribution network SSID tag sent by an access point, and identifying a distribution network SSID according to the distribution network SSID tag includes:
opening the distribution network SSID to read a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
In some embodiments of the present application, the sending, by the access point, the medical device identification to the authentication server includes:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
In some embodiments of the present application, the performing identity authentication on the medical device by the identity authentication server, after the identity authentication of the medical device passes, the medical device accesses to a distribution network SSID network corresponding to a distribution network SSID, and applies an authentication certificate to a PKI server from the distribution network SSID network and acquires a service SSID agreed in advance, and after applying the authentication certificate and acquiring the service SSID, completes a first connection, and after completing the first connection, the medical device is connected to the service SSID network corresponding to the service SSID based on the authentication certificate, including:
when the medical equipment is accessed to the distribution network SSID network, when an IP address is acquired from a DHCP server through a dynamic host configuration protocol DHCP, the DHCP server is enabled to send the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
In some embodiments of the present application, before the medical device receives a broadcast frame carrying a distribution network SSID tag sent by an access point, the method further includes: opening the distribution network SSID;
and after the authentication certificate is applied and the service SSID is obtained, closing the distribution network SSID.
According to a second aspect of embodiments of the present disclosure, there is provided a medical device comprising a networking module, the medical device being configured to:
receiving a broadcast frame carrying a distribution network SSID mark sent by an access point, and identifying the distribution network SSID according to the distribution network SSID mark;
the method comprises the steps that a medical equipment identification is sent to an identity authentication server through an access point, identity authentication is carried out on the medical equipment through the identity authentication server, after the identity authentication of the medical equipment is passed, the medical equipment is accessed to a distribution network SSID network corresponding to the distribution network SSID, an authentication certificate is applied to a PKI server in the distribution network SSID network, a preset service SSID is obtained, first connection is completed after the authentication certificate is applied and the service SSID is obtained, and after the first connection is completed, the medical equipment is connected to the service SSID network corresponding to the service SSID based on the authentication certificate.
In some embodiments, the receiving, by the medical device, a broadcast frame carrying a distribution network SSID tag sent by an access point, and identifying a distribution network SSID according to the distribution network SSID tag includes:
after the distribution network SSID is opened, reading a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
In some embodiments, the medical device sending a medical device identification to an authentication server through the access point, comprising:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
In some embodiments, the performing, by the identity authentication server, identity authentication on the medical device, after the identity authentication of the medical device passes, the medical device accesses to a distribution network SSID network corresponding to the distribution network SSID, and applies an authentication certificate to a PKI server from the distribution network SSID network and acquires a service SSID agreed in advance, and completes a first connection after applying the authentication certificate and acquiring the service SSID, and after completing the first connection, the medical device is connected to the service SSID network corresponding to the service SSID based on the authentication certificate, including:
when the medical equipment is accessed to the distribution network SSID network, when an IP address is acquired from a DHCP server through a dynamic host configuration protocol DHCP, the DHCP server is enabled to send the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
In some embodiments, before the medical device receives a broadcast frame carrying a distribution network SSID mark sent by an access point, the medical device opens the distribution network SSID;
and after the authentication certificate is applied and the service SSID is obtained, the distribution network SSID is closed.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the medical equipment receives a broadcast frame which is sent by the access point and carries a distribution network SSID mark, the distribution network SSID is identified according to the distribution network SSID mark, a medical equipment mark is sent to the identity authentication server through the access point, the medical equipment is authenticated through the identity authentication server, after the identity authentication of the medical equipment passes, the medical equipment is accessed to a distribution network SSID network corresponding to the distribution network SSID, an authentication certificate is applied from the distribution network SSID network, a well-agreed service SSID is obtained, and after the authentication certificate is applied and the service SSID is obtained, the medical equipment is connected to a service SSID network corresponding to the service SSID based on the authentication certificate. After the medical equipment is connected for the first time, automatic, quick and non-inductive connection of the hospital Internet of things is achieved, manual access is not needed, multi-level authentication is needed during automatic connection, potential risks caused by network password leakage are avoided, and network safety is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a flowchart illustrating an automatic network connection method for a medical device in a medical internet of things scenario according to an exemplary embodiment.
FIG. 2 is a block diagram illustrating a medical device according to an exemplary embodiment.
Figure 3 is a diagram illustrating a configure bootstrapping SSID flag procedure in accordance with an exemplary embodiment.
Fig. 4 is a diagram illustrating reporting of a Radius message to an authentication server according to an example embodiment.
FIG. 5 is a diagram illustrating a medical device networking flow according to an exemplary embodiment.
FIG. 6 is a block diagram illustrating a medical device networking architecture according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Fig. 1 is a flowchart illustrating an automatic network connection method for a medical device in a medical internet of things scenario, according to an exemplary embodiment, and as shown in fig. 1, the method includes the following steps.
In step S101, the medical device receives a broadcast frame carrying a distribution network SSID tag sent by the access point, and identifies a distribution network SSID according to the distribution network SSID tag.
Specifically, the medical device identifies the distribution network SSID of the access point by receiving a broadcast frame which is sent by the access point and carries the distribution network SSID mark and identifying whether the distribution network SSID has the mark or not if the distribution network SSID has the mark.
In some embodiments, the receiving, by the medical device, a broadcast frame carrying a distribution network SSID tag sent by an access point, and identifying a distribution network SSID according to the distribution network SSID tag includes:
opening the distribution network SSID to read a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
Specifically, the medical device can automatically receive a Beacon broadcast frame carrying a distribution network SSID mark sent by the access point by opening the distribution network SSID, wherein Beacon is a broadcast frame which is a mutual discovery mechanism before association between the medical device and the STA starts, and the Beacon broadcast frame supports an extended field through analysis of the Beacon broadcast frame, an Internet of things configuration guide SSID mark can be added in the extended field, and the medical device can select the distribution network SSID to be connected based on the mark. The configured bootstrap SSID flag is shown in fig. 3.
In step S102, a medical device identifier is sent to the identity authentication server through the access point, so as to perform identity authentication on the medical device through the identity authentication server, after the identity authentication of the medical device passes, the medical device accesses to a distribution network SSID network corresponding to the distribution network SSID, and applies an authentication certificate to the PKI server from the distribution network SSID network and obtains a service SSID agreed in advance, and after applying for the authentication certificate and obtaining the service SSID, first connection is completed, and after the first connection is completed, the medical device is connected to the service SSID network corresponding to the service SSID based on the authentication certificate.
Specifically, after the network distribution of the medical equipment is finished, the medical equipment identifier is sent to the identity authentication server through the access point, and the medical equipment identifier comprises: medical device type, manufacturer, SN, etc. And after the authentication of the medical equipment passes, the medical equipment is accessed to the distribution network SSID network corresponding to the distribution network SSID, the medical equipment applies an authentication certificate to the PKI server through the distribution network SSID network and acquires a preset service SSID, and after the authentication certificate is applied and the service SSID is acquired, the medical equipment is connected to the service SSID network corresponding to the service SSID through the authentication certificate, so that the automatic connection of the medical equipment network is realized.
In some embodiments, said sending, by said access point, a medical device identification to an authentication server comprises:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
Specifically, the Association frame or the reaction frame carries a medical device identifier, and the medical device identifier includes: medical device type, manufacturer, SN, etc. The medical device identification may be:
MID-COMPANY-VENTILATOR-01-XXXXXXXXXXXXX
the name of the manufacturer: 4~8 characters, 26 letters, case-specific, for example: COMPANY
The product name is as follows: maximum 16 characters, Arabic numerals 0-9 and 26 letters, case-differentiated, such as: VENTILATOR
Version number: identification protocol version number, scope: 1-4, such as: 01
SN: product serial number, maximum 32 characters, Arabic numerals 0-9 and 26 letters, case-specific, such as XXXXXXXXXXXXXX.
The Association and the Reassociation frames are informed to the access point through the vector Specific Element carrying the medical device identifier, for example:
Tag: Vendor Specific:xxxxxx Co.,Ltd
Tag Number: Vendor Specific(221)
Tag lenth: XX
OUI: 00:e0:xx (xxxx Co.,Ltd)
vendor Specific OUI Type: 1 (network access request)
Vendor Specific SubType: 1 (terminal mark)
Vendor Specific Len:XX
Vendor Specific Data:” MID-COMPANY-VENTILATOR-01-XXXXXXXXXXXXX”
The access point reports the identifier of the medical device carried by the Radius message to the authentication server, as shown in fig. 4.
In some embodiments, the performing, by the identity authentication server, identity authentication on the medical device, after the identity authentication of the medical device passes, the medical device accesses to a distribution network SSID network corresponding to the distribution network SSID, and applies an authentication certificate to a PKI server from the distribution network SSID network and acquires a service SSID agreed in advance, and completes a first connection after applying the authentication certificate and acquiring the service SSID, and after completing the first connection, the medical device is connected to the service SSID network corresponding to the service SSID based on the authentication certificate, including:
when the medical equipment is accessed to the distribution network SSID network, when an IP address is acquired from a DHCP server through a dynamic host configuration protocol DHCP, the DHCP server is enabled to send the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
Specifically, after the identity authentication of the medical equipment is finished, the medical equipment is accessed to a distribution network SSID network, and an IP address is obtained from a DHCP server through a dynamic host configuration protocol DHCP, so that the DHCP server sends the IP address to the medical equipment through an Option parameter configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate. After the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides an authentication certificate and a service SSID for the medical equipment after passing the verification based on the MAC + SN. And after the authentication certificate application is passed, connecting the medical equipment authentication certificate to a service SSID network corresponding to the service SSID.
In some embodiments, before the medical device receives the broadcast frame carrying the distribution network SSID tag sent by the access point, the method further includes: opening the distribution network SSID;
and after the authentication certificate is applied and the service SSID is obtained, closing the distribution network SSID.
The method specifically comprises the following steps: when the medical equipment needs to access the network, the distribution network SSID is opened, and after the medical equipment applies for the authentication certificate and obtains the service SSID, the distribution network SSID is closed, so that the safety of the Internet of things is ensured.
To further illustrate the technical idea of the present invention, the technical solution of the present invention will now be described with reference to specific application scenarios, such as a medical device networking flow diagram shown in fig. 5 and a medical device networking structure block diagram shown in fig. 6.
Firstly, the access point sends a Beacon broadcast frame carrying a distribution network SSID mark to the medical equipment.
And secondly, the medical equipment opens the distribution network SSID, reports an Association frame carrying the medical equipment identification to the access point after recognizing the Beacon broadcast frame carrying the distribution network SSID mark, and initiates first 802.1X protocol authentication, wherein the 802.1X protocol is a port-based network access control protocol (port based network access control protocol). "port-based network access control" refers to authentication and control of an accessed user equipment at the level of a port of a local area network access device. If the user equipment connected to the port can pass the authentication, the resource in the local area network can be accessed; if the authentication cannot be passed, the resources in the local area network cannot be accessed.
And thirdly, the access point reports the medical equipment identification to the authentication server through the Radius message.
And fourthly, after the medical equipment identification of the medical equipment passes, the first 802.1X protocol authentication passes, the medical equipment is accessed to a distribution network SSID network corresponding to the distribution network SSID, an authentication certificate is applied to an administrator, and a preset service SSID is obtained. The method comprises the steps that when an IP address is acquired from a DHCP server through a Dynamic Host Configuration Protocol (DHCP), the DHCP server is enabled to send to medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries a Uniform Resource Locator (URL) address of a PKI server applying for an authentication certificate, the medical equipment accesses the URL address after acquiring the URL address, so that the PKI server provides the authentication certificate and a service identifier (SSID) for the medical equipment after passing verification based on media access control (MAC + SN), wherein the PKI server is a set comprising hardware, software, personnel, strategies and procedures, and is used for achieving the functions of generating, managing, storing, distributing, canceling and the like of keys and certificates based on a public key cryptosystem and providing six security services of identity authentication, data integrity, data confidentiality, data fairness, non-repudiation and time stamps.
And fifthly, after applying for the authentication certificate and obtaining the service SSID, connecting to a service SSID network corresponding to the service SSID through authentication of the authentication certificate and the 802.1X certificate, and accessing the network when authentication is successful.
FIG. 2 is a block diagram of a medical device shown in accordance with an exemplary embodiment. Referring to fig. 2, the apparatus includes:
the system comprises an S201 networking module, a Service Set Identifier (SSID) identification module and a Service Set Identifier (SSID) identification module, wherein the networking module is used for receiving a broadcast frame which is sent by an access point and carries the SSID identification of a distribution network, and identifying the SSID of the distribution network according to the SSID identification of the distribution network;
the method comprises the steps that a medical equipment identification is sent to an identity authentication server through an access point, identity authentication is carried out on the medical equipment through the identity authentication server, after the identity authentication of the medical equipment is passed, the medical equipment is accessed to a distribution network SSID network corresponding to the distribution network SSID, an authentication certificate is applied to a PKI server in the distribution network SSID network, a preset service SSID is obtained, first connection is completed after the authentication certificate is applied and the service SSID is obtained, and after the first connection is completed, the medical equipment is connected to the service SSID network corresponding to the service SSID based on the authentication certificate.
In this embodiment of the application, the S201 networking module is further configured to:
after the distribution network SSID is opened, reading a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
In this embodiment of the application, the S201 networking module is further configured to:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
In this embodiment of the application, the S201 networking module is further configured to:
when the medical equipment is accessed to the distribution network SSID network, when an IP address is acquired from a DHCP server through a dynamic host configuration protocol DHCP, the DHCP server is enabled to send the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
In this embodiment of the application, the S201 networking module is further configured to:
before the medical equipment receives a broadcast frame which is sent by an access point and carries a distribution network SSID mark, the distribution network SSID is opened;
and after the authentication certificate is applied and the service SSID is obtained, the distribution network SSID is closed.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (8)

1. An automatic network connection method for medical equipment in a scene of a medical internet of things is characterized by comprising the following steps:
the method comprises the steps that the medical equipment receives a broadcast frame which is sent by an access point and carries a distribution network SSID mark, and identifies the distribution network SSID according to the distribution network SSID mark;
sending a medical equipment identifier to an identity authentication server through the access point so as to authenticate the identity of the medical equipment through the identity authentication server, accessing the medical equipment to a distribution network SSID network corresponding to the distribution network SSID after the identity authentication of the medical equipment passes, applying an authentication certificate to a PKI server from the distribution network SSID network and acquiring a prearranged service SSID, completing first connection after applying the authentication certificate and acquiring the service SSID, and connecting the medical equipment to the service SSID network corresponding to the service SSID based on the authentication certificate after completing the first connection;
when the medical equipment is accessed to the distribution network SSID network, an IP address is obtained from a DHCP server through a dynamic host configuration protocol DHCP, so that the DHCP server sends the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
2. The method of claim 1, wherein the step of receiving a broadcast frame from an access point, the broadcast frame carrying a distribution network SSID tag, and identifying a distribution network SSID according to the distribution network SSID tag includes:
opening the distribution network SSID to read a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
3. The method for automatically connecting the medical device to the network under the scene of the medical internet of things of claim 1, wherein the sending the medical device identifier to the identity authentication server through the access point comprises:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
4. The automatic network connection method of medical equipment under the scene of the medical Internet of things as claimed in any one of claims 1 to 3,
before the medical device receives the broadcast frame carrying the SSID mark of the distribution network sent by the access point, the method further comprises the following steps: opening the distribution network SSID;
and after the authentication certificate is applied and the service SSID is obtained, closing the distribution network SSID.
5. A medical device, comprising a networking module, the medical device configured to:
receiving a broadcast frame carrying a distribution network SSID mark sent by an access point, and identifying the distribution network SSID according to the distribution network SSID mark;
sending a medical equipment identifier to an identity authentication server through the access point so as to authenticate the identity of the medical equipment through the identity authentication server, accessing the medical equipment to a distribution network SSID network corresponding to the distribution network SSID after the identity authentication of the medical equipment passes, applying an authentication certificate to a PKI server from the distribution network SSID network and acquiring a prearranged service SSID, completing first connection after applying the authentication certificate and acquiring the service SSID, and connecting the medical equipment to the service SSID network corresponding to the service SSID based on the authentication certificate after completing the first connection;
when the medical equipment is accessed to the distribution network SSID network, an IP address is obtained from a DHCP server through a dynamic host configuration protocol DHCP, so that the DHCP server sends the IP address to the medical equipment through an Option parameter which is configured in advance, wherein the Option parameter carries the URL address of a PKI server applying for an authentication certificate;
after the medical equipment acquires the URL address, the medical equipment accesses the URL address, so that the PKI server provides the authentication certificate and the service SSID for the medical equipment after passing the verification based on MAC + SN;
and the medical equipment authentication certificate is connected to a service SSID network corresponding to the service SSID.
6. The medical device of claim 5, wherein the medical device receives a broadcast frame from an access point carrying a distribution network SSID tag and identifies a distribution network SSID from the distribution network SSID tag, comprising:
after the distribution network SSID is opened, reading a Beacon broadcast frame which is sent by the access point and carries a distribution network SSID mark;
and identifying the distribution network SSID which needs to be accessed according to the distribution network SSID mark carried by the Beacon broadcast frame.
7. The medical device of claim 5, wherein the medical device sends a medical device identification to an authentication server via the access point, comprising:
reporting an Association frame or a Reassociation frame to the access point, wherein the Association frame or the Reassociation frame carries the medical equipment identifier, so that the access point reports the medical equipment identifier to the authentication server through a Radius message, wherein the Radius message carries the medical equipment identifier.
8. The medical device of any one of claims 5-7,
before the medical equipment receives a broadcast frame which is sent by an access point and carries a distribution network SSID mark, the distribution network SSID is opened;
and after the authentication certificate is applied and the service SSID is obtained, the distribution network SSID is closed.
CN202111058561.3A 2021-09-10 2021-09-10 Automatic network connection method and device for medical equipment in scene of medical internet of things Active CN113507709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111058561.3A CN113507709B (en) 2021-09-10 2021-09-10 Automatic network connection method and device for medical equipment in scene of medical internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111058561.3A CN113507709B (en) 2021-09-10 2021-09-10 Automatic network connection method and device for medical equipment in scene of medical internet of things

Publications (2)

Publication Number Publication Date
CN113507709A CN113507709A (en) 2021-10-15
CN113507709B true CN113507709B (en) 2021-11-23

Family

ID=78017063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111058561.3A Active CN113507709B (en) 2021-09-10 2021-09-10 Automatic network connection method and device for medical equipment in scene of medical internet of things

Country Status (1)

Country Link
CN (1) CN113507709B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12107855B2 (en) * 2022-03-17 2024-10-01 Nile Global, Inc. Methods and systems for network security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931954A (en) * 2009-06-22 2010-12-29 南京中兴软件有限责任公司 Method for improving quality of service (QoS) of real-time service in wireless local area network based on service differentiation
CN108377500A (en) * 2016-11-09 2018-08-07 阿里巴巴集团控股有限公司 A kind of wifi network connection method, device and equipment
CN109327915A (en) * 2018-09-29 2019-02-12 Oppo广东移动通信有限公司 Connection method, device and terminal
CN110611913A (en) * 2019-09-24 2019-12-24 中广核工程有限公司 Wireless network access method, system management platform and access system for nuclear power plant
CN112291100A (en) * 2020-11-03 2021-01-29 北京小米移动软件有限公司 Network distribution method, network distribution device and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302415A (en) * 2016-08-03 2017-01-04 杭州晟元数据安全技术股份有限公司 A kind of method verifying equipment validity and distribution automatic to legitimate device
US11552995B2 (en) * 2019-03-06 2023-01-10 Carefusion 303, Inc. Automatic network provisioning of a medical device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931954A (en) * 2009-06-22 2010-12-29 南京中兴软件有限责任公司 Method for improving quality of service (QoS) of real-time service in wireless local area network based on service differentiation
CN108377500A (en) * 2016-11-09 2018-08-07 阿里巴巴集团控股有限公司 A kind of wifi network connection method, device and equipment
CN109327915A (en) * 2018-09-29 2019-02-12 Oppo广东移动通信有限公司 Connection method, device and terminal
CN110611913A (en) * 2019-09-24 2019-12-24 中广核工程有限公司 Wireless network access method, system management platform and access system for nuclear power plant
CN112291100A (en) * 2020-11-03 2021-01-29 北京小米移动软件有限公司 Network distribution method, network distribution device and storage medium

Also Published As

Publication number Publication date
CN113507709A (en) 2021-10-15

Similar Documents

Publication Publication Date Title
RU2414086C2 (en) Application authentication
KR101438243B1 (en) SIM based authentication method
JP4673364B2 (en) Method for verifying first ID and second ID of entity
TW480864B (en) Method and apparatus for efficiently initializing secure communications among wireless devices
US8392712B1 (en) System and method for provisioning a unique device credential
US20080060061A1 (en) System and method for automatic network logon over a wireless network
CN108512862A (en) Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques
EP1713289A1 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
US20130239189A1 (en) Bootstrap Authentication Framework
CN113556227B (en) Network connection management method, device, computer readable medium and electronic equipment
GB2418819A (en) System which transmits security settings in authentication response message
CN106102062B (en) Public wireless network access method and device
JP2005184835A5 (en)
CA2647684A1 (en) Secure wireless guest access
CN101039181B (en) Method for Preventing Service Functional Entities in Universal Authentication Framework from Attacking
WO2016106560A1 (en) Remote access implementation method, device and system
KR20130109322A (en) Apparatus and method to enable a user authentication in a communication system
CN108011873B (en) Illegal connection judgment method based on set coverage
CN113507709B (en) Automatic network connection method and device for medical equipment in scene of medical internet of things
CN116527733B (en) Differentiated control method, device, equipment and storage for user terminal
CN109561431A (en) The WLAN access control system and method identified based on more password identity
CN100512111C (en) The method for realizing WAPI-based WLAN operation via the classified terminal certificate
US7624428B2 (en) Apparatus and method for platform-independent identity manageability
JP6153622B2 (en) Method and apparatus for accessing network of internet protocol multimedia subsystem terminal
WO2024021580A1 (en) Security authentication method for user terminal to access network, apparatus, and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant