CN114697966A - Wireless network security access method and communication system - Google Patents

Abstract

The application provides a wireless network security access method and a communication system, wherein a terminal verifies the authority of a wireless network accessed to a target base station by sending a probe request frame to the target base station, and when a network management platform determines that the terminal has the access authority, a probe response frame response containing the SSID of the target base station and a specified field is sent to the terminal through the target base station, so that the terminal can simultaneously generate an access password by using the MAC address of the terminal, the SSID of the target base station and the specified field to access the wireless network of the target base station. In the application, the MAC address of the terminal has uniqueness, and the designated field is also sent by the network management platform according to the request of the terminal, so that the terminal also has uniqueness, thereby effectively avoiding illegal connection of other terminals, and improving the security of the terminal accessing a wireless network.

Description

A wireless network security access method and communication system

technical field

The present application relates to the field of enterprise Internet technologies, and in particular, to a wireless network security access method and communication system.

Background technique

Enterprise Internet connects people, data and machines through the network, so as to realize mutual control and data sharing between people and machines and between machines. Accessing a terminal to a wireless network means that the terminal is connected to the base station, and the terminal uploads and downloads data in the corresponding wireless network by sending and receiving signals with the base station.

When the terminal accesses the wireless network, it usually sends an access request to the corresponding base station, and writes the access password corresponding to the SSID of the wireless network in the access request. For example, if the SSID is "beijing01", the corresponding access password It is usually an artificially set password, such as "12345678". In this way, if the terminal accesses the wireless network "beijing01", if the access request sent contains the access password "12345678", it can successfully connect. Usually, the access passwords used by different terminals to access the same wireless network are the same. In this way, it is easy to see that as long as the access password corresponding to the wireless network is known, any terminal can access. Once an illegal terminal accesses The network will cause security hazards to the wireless network and other terminals connected to the wireless network at the same time.

SUMMARY OF THE INVENTION

The present application provides a wireless network security access method and communication system, so as to improve the security of a terminal accessing a wireless network.

In a first aspect, the present application provides a wireless network security access method, which is applied to a terminal. The method includes: sending a probe request frame probe request to a target base station to verify that the terminal accesses the target on a network management platform The authority of the wireless network of the base station; receive the probe response frame probe response fed back by the target base station when the terminal has the authority to access the wireless network of the target base station, the probe response includes the SSID of the target base station and the specified field; generate an access password according to the MAC address of the terminal, the SSID of the target base station and the specified field; use the access password to access the wireless network of the target base station.

In a second aspect, the present application provides a wireless network security access method, which is applied to a base station. The method includes: receiving a probe request frame probe request sent by a terminal; sending the probe request to a network management platform to The network management platform verifies the right of the terminal to access the wireless network of the target base station; receives the verification result of the network management platform; if the verification result is that the terminal has the right to access the wireless network of the target base station , then generate a probe response frame probe response, and the probe response includes the SSID of the target base station and the specified field; send the probe response to the terminal, so that the terminal can use the SSID of the target base station and the specified field for the terminal. field to access the wireless network of the target base station.

In a third aspect, the present application provides a wireless network security access method, which is applied to a network management platform. The method includes: receiving a probe request frame probe request sent by a target base station; obtaining terminal information from the probe request; The terminal information verifies whether the terminal has the right to access the wireless network of the target base station, and generates a verification result, wherein, if the verification result is that the terminal has the right to access the wireless network of the target base station, Then the verification result includes the SSID of the target base station and the specified field, so that the terminal can access the wireless network of the target base station according to the SSID of the target base station and the specified field; The verification result is described.

In a fourth aspect, the present application provides a communication system, the communication system includes a terminal, a target base station corresponding to the terminal, and a network management platform, wherein the terminal, the target base station and the network management platform use for implementing the wireless network security access method as described above.

It can be seen from the above technical solutions that after determining the target base station to be accessed, the terminal sends a probe request frame probe request to the target base station to verify the right to access the wireless network of the target base station, and the network management platform determines that the terminal has the access right. When the target base station sends a probe response frame probe response containing the SSID of the target base station and the specified field to the terminal, the terminal can use the MAC address of the terminal, the SSID of the target base station and the specified field to generate an access password at the same time to access the The wireless network of the target base station. In this application, the MAC address of the terminal is unique, and the specified field is also sent by the network management platform for the terminal's request. Therefore, it is also unique for the terminal, which can effectively avoid illegal connections of other terminals, thereby improving the efficiency of the terminal. Access to wireless network security.

Description of drawings

In order to illustrate the technical solutions of the present application more clearly, the accompanying drawings that need to be used in the embodiments will be briefly introduced below. Other drawings can also be obtained from these drawings.

FIG. 1 is a flowchart of a wireless network security access method provided by an embodiment of the present application;

FIG. 2 is a schematic structural diagram of a communication system provided by an embodiment of the present application;

3 is a schematic diagram of a wireless network communication signal coverage provided by an embodiment of the present application;

FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of the present application;

FIG. 5 is a schematic structural diagram of a target base station according to an embodiment of the present application;

FIG. 6 is a schematic structural diagram of a network management platform according to an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

When the terminal accesses the wireless network, it will send an access request to the corresponding base station, and carry a fixed access password in the access request. Since the access password can be known or stolen by any terminal, once the illegal terminal obtains the access password Then, the security of the wireless network and the terminals accessing the wireless network will be threatened. In order to solve the above problems, the present application provides a wireless network security access method, which is as follows:

FIG. 1 is a flowchart of a wireless network security access method provided by an embodiment of the present application. As shown in FIG. 1 , the method includes:

S1. The base station radiates wireless network communication signals to the surroundings.

FIG. 2 is a schematic structural diagram of a communication system according to an embodiment of the present application. As shown in FIG. 2 , the communication system includes a terminal 1 , a base station 2 and a network management platform 3 , wherein the terminal 1 and the network management platform 3 communicate with each other through the base station 2 Data interaction. The base station 2 radiates wireless network communication signals to the surroundings, so that each terminal can find a base station that can be used.

S2. The terminal receives the wireless network communication signal.

In this embodiment of the present application, the terminal may be a mobile phone, a PC, a tablet computer, or other electronic devices that can access base stations. After the terminal starts a wireless network search, it can receive wireless network communication signals sent by surrounding base stations to discover accessible base stations. .

The network management platform provided by the embodiment of the present application is used to supervise the work of the terminal and the base station, and is mainly used to record the authority of the terminal to access the wireless network and the connection information of the wireless network. Therefore, the terminal needs to register the terminal information to the network management platform in advance, so as to announce the network management platform to record the terminal information, and to generate the access authority of the wireless network corresponding to the recorded terminal. details as follows:

S101. The terminal registers terminal information on a network management platform, so as to store the authentication information of the terminal accessing the wireless network of each base station on the network management platform, so as to verify the access authority of the terminal.

The terminal information can be information with a unique identification function such as the device ID of the terminal, the MAC address of the terminal, etc., and can also contain information about the wireless network that the terminal restricts or specifies to access. The corresponding terminal permissions. The wireless network information is pre-stored in the network management platform. The wireless network information may be the SSID, BSSID, etc. of the base station, and may also include wireless network restrictions or terminal information designated for access. The network management platform combines terminal information and wireless network information to generate terminal permissions according to certain rules. The generation rules can be that the terminal restricts access to the wireless network corresponding to certain SSIDs or BSSIDs, and the wireless network restricts access to the wireless network corresponding to some SSID or BSSID, and the wireless network does not specify the terminal ID or MAC address of the terminal. Access restriction, for example, terminal A restricts access to the wireless network with SSID "beijing03", the network management platform generates the corresponding terminal authority according to terminal A's terminal information as restricted access "beijing03". It should be noted that, compared to these restricted wireless networks, the unrestricted wireless network, that is, the wireless network that has the right to access, can be called the authorized wireless network of the terminal, for example, the SSID is "beijing01" wireless network.

When the terminal is only within the coverage of the wireless network communication signal of one base station, the base station is the target base station. When the terminal is simultaneously located within the coverage of wireless network communication signals of multiple base stations, the terminal needs to select a target base station that needs to perform wireless network communication from these base stations. For example, FIG. 3 is a schematic diagram of wireless network communication signal coverage provided by an embodiment of the application. As shown in FIG. 3 , terminal 1 is located within the coverage of wireless network communication signals of base station A, base station B, and base station C, and terminal 1 receives When the wireless network communication signals sent by base stations A, B, and C are sent, the base station to be connected can be selected from them. For example, the target base station to be accessed can be selected according to the network status of the wireless network corresponding to the base station, such as signal strength, signal quality, etc. An indicator is selected, wherein the signal strength is, for example, a path loss (Path loss), etc.; the signal quality is, for example, a received signal strength indication (Received signal strength indication, RSSI) and the like. The terminal will select a wireless network with the highest signal strength and the best signal quality to connect to, for example, if base station A is selected, then base station A is the target base station.

S3. The terminal sends a probe request frame probe requset to the target base station.

After determining the target base station, the terminal needs to further obtain the connection information of the wireless network accessing the target base station. At this time, the terminal generates a probe request frame probe request, the probe request includes terminal information, such as the terminal's MAC address, device ID, etc., and sends to the target base station to request connection information for the wireless network.

S4. The target base station receives the probe request sent by the terminal.

S5. The target base station sends the probe request to the network management platform.

The target base station plays the role of forwarding. After receiving the probe request sent by the terminal, it needs to forward it to the network management platform for processing.

S6. The network management platform receives the probe request sent by the target base station.

S7. The network management platform verifies the right of the terminal to access the wireless network of the target base station according to the probe request, and generates a verification result.

S8. The network management platform sends the verification result to the target base station.

S9. The target base station receives the verification result.

In order to improve the security of the terminal connecting to the wireless network, the access authority of the terminal needs to be verified. Terminals cannot access any wireless network. Due to restrictions on operators and work areas, terminals will limit the wireless networks they can use. At the same time, wireless networks will also limit the terminals that can be accessed. Combining the above two limitations, terminals have A wireless network to which the terminal has the right to access may be called an authorized wireless network, and a wireless network to which a terminal has no right to access may be called an unauthorised wireless network.

As described above, the network management platform is used to manage various information of terminals and base stations. The network management platform is used to store the authorized wireless network information corresponding to the terminal. After the terminal is registered on the network management platform, the network management platform will generate a The corresponding authorized wireless network information, and the network management platform also stores the access conditions of each base station. In this way, the network management platform can determine whether the terminal has an access target according to the authorized wireless network information corresponding to the terminal and the access conditions of the base station. The permissions of the base station's wireless network.

As long as the terminal registers the terminal information in the network management platform, the terminal information of the terminal and the corresponding terminal authority will be recorded in the network management platform. For example, the terminal information recorded in the network management platform is the MAC address of the terminal, or the terminal information that can uniquely identify the terminal, such as the device ID. After the network management platform receives the probe request forwarded by the target base station, it can query the terminal authority corresponding to the terminal according to the terminal information carried in the probe request. For example, the terminal information stored in the network management platform of terminal 1 is MAC Address a, the terminal authority is the right to access the wireless network with SSID A. If terminal 1 sends a probe request to the target base station, the probe request will carry the MAC address a. The network management platform can query the corresponding terminal 1 according to the MAC address a. The terminal authority "has the right to access the wireless network with SSID A".

In an implementation manner, the network management platform can also learn the SSID of the target base station. If the SSID of the target base station is A, the network management platform can directly determine that the terminal has the right to access the wireless network of the target base station; If it is not A, the network management platform can directly determine that the terminal does not have the right to access the wireless network of the target base station. The network management platform generates a verification result according to the above judgment. In this case, the verification result is that the verification passes or the verification fails.

Wherein, if the verification fails, the network management platform may not send any data to the target base station. If the verification is passed, the network management platform needs to add the SSID of the target base station and the specified field to the verification result at the same time as the connection parameters of the wireless network. Restriction information such as connection valid time can also be added to invalidate the above wireless network connection information when the terminal does not access the target base station for a long time, so as to ensure the security of wireless network communication. The specified field may be a field randomly generated by the network management platform, or a field extracted from a specific database saved by the network management platform. The cipher factor selected in , wherein the cipher base consists of multiple cipher pairs, and the cipher pair consists of one cipher and one cipher factor correspondingly.

In another implementation manner, the network management platform does not directly determine whether the terminal has the right to access the wireless network of the target base station, but sends the queried terminal authority as a verification result to the target base station, and the target base station will verify the terminal according to the verification result. As a result, it is further judged whether the terminal has access authority. If the terminal has the access authority, the target base station generates a wireless network access information acquisition request, or the target base station sends the access judgment result to the terminal, and receives the terminal's wireless network access information acquisition request, and the target base station then sends the wireless network access information to the terminal. The network access information acquisition request is sent to the network management platform, and the network management platform generates the corresponding wireless network access information, including the SSID and specified fields of the target base station; if the terminal does not have the access authority, the target base station generates an unauthorized access information is fed back to the terminal, or the target base station no longer sends any data to the terminal.

It can be seen that through the above process, the network management platform can effectively prevent illegal terminals that have not been registered, or terminals that do not have corresponding access rights from accessing the wireless network, thereby ensuring the security of the wireless network. sex.

S10. The target base station generates a probe response frame probe response according to the verification result.

If the terminal passes the verification, that is, the terminal has the right to access the wireless network of the target base station, at this time, the target base station needs to generate a probe response frame probe response to send the access information of the wireless network to the terminal, such as the SSID of the target base station and the specified field .

In the embodiment of the present application, in order to ensure the security of data transmission and prevent the leakage of the SSID of the target base station and the specified field, the probe request and the probe response are generated based on the same set of data interaction identification rules. For example, the key index information is written into the BSSID field in the probe response, and the SSID information of the target base station is written into the SSID field in the probe response. As can be seen from the above, in order to protect the security of the wireless network, it is necessary to use a private protocol to define the SSID field, in this embodiment, the SSID field after the protocol is obtained after the SSID field is defined by the private protocol, which is composed of the SSID field of the target base station and the private header information corresponding to the private protocol.

In order to further improve the confidentiality of the SSID field of the target base station, invisible processing can be performed on the SSID field of the target base station, for example, a preset logical operation processing is performed on the SSID field of the target base station. is a visible character in the ascii table. Once an illegal terminal steals the SSID field of the target base station, it can directly discover the wireless network corresponding to the target base station. After processing the SSID field of the target base station, for example, perform logical operations such as addition, subtraction, multiplication, and division on each character in the SSID field. If the original character is ascii, and the default logical operation is -30, then after processing The SSID field is ascii-30, because it does not conform to the usual format of the SSID field, and non-specific terminals cannot identify the processed SSID field, that is, the wireless network corresponding to the target base station cannot be found. ) can identify the invisible processed SSID field and use it as a normal SSID field, thereby avoiding the discovery and access of the wireless network of the target base station by illegal terminals, and improving the access security of the wireless network.

S11. The target base station sends the probe response to the terminal.

S12. The terminal receives the probe response sent by the target base station.

S13, the terminal generates an access password according to the probe response.

Specifically, the terminal parses the probe response to obtain the SSID of the target base station and the specified field, and the terminal generates an access password according to the SSID of the target base station and the specified field. If the specified field is a password factor, in one case, in order to further ensure the terminal access The security of the wireless network also requires the terminal to find the corresponding password according to the password factor, and use the password as a real designated field to generate the access password. Since the terminal has been registered in the network management platform, the password database used by the terminal is associated with the password database used by the platform. If the two use the same password factor, the password queried in the respective password database should be identical.

After the terminal determines the SSID and specified fields of the target base station, it can generate an access password, as follows:

According to the 6 bytes of the MAC address of the terminal and the first three bytes of the corresponding BSSID in the SSID of the target base station, through the encryption method of psk2+ccmp, an access password with a length of 12 bytes is obtained. Specifically, an example is given, where F(num)=the even-numbered bytes of the 6-byte MAC address of the terminal are correspondingly added to the first three bytes in the BSSID to obtain the first 6 bytes of the access password , the 6-byte odd bytes of the terminal's MAC address are correspondingly added to the first three bytes in the BSSID to obtain the last 6 bytes of the access password, and finally the specified 12 bytes are added respectively. field to get the access code. For example, the access password obtained through the above algorithm is:

stamac[0]+bssid[0]+num, stamac[1]+num, stamac[2]+bssid[1]+num, stamac[3]+num, stamac[4]+bssid[2]+num, stamac[5]+num, stamac[0]+num, stamac[1]+bssid[0]+num, stamac[2]+num, stamac[3]+bssid[1]+num, stamac[4]+ num, stamac[5]+bssid[2]+num.

Among them, stamac represents the MAC address of the terminal, [] represents bytes, and num represents the specified field.

Usually, the first three bytes of the BSSID of the target base station can be defined in the range of 0-255, which corresponds to 256 different access password algorithms. Of course, other algorithms can also be used, for example, using the SSID name of the target base station for calculation, adding a specified field after a specified byte, or subtracting a specified field after a specified byte, etc. It can be seen that the access password can be calculated according to various operation logics, which also ensures the non-uniqueness of the access password, increases the difficulty of cracking the access password, and improves the security of the terminal accessing the wireless network. At the same time, it can be seen from the above that the access password corresponding to the terminal has a unique correspondence with the terminal itself, that is to say, the access passwords used by different terminals to connect to the same wireless network are different, which can also avoid the access passwords in different Multiplexing between terminals.

S14. The terminal accesses the wireless network of the target base station according to the access password.

The terminal sends the access code to the target base station to connect to the wireless network. After the target base station receives the access password, it needs to verify the access password. Specifically, the target base station also needs to generate a verification password according to the SSID and specified fields of the target base station according to the preset generation rules, and compare the verification password with the access password to determine whether the terminal can access the wireless network. If the login password is the same, the terminal can access the wireless network; if the verification password is inconsistent with the access password, the terminal cannot access the wireless network.

The target base station can generate the verification password after receiving the access password sent by the terminal. However, in order to improve the access speed of the terminal, the target base station can generate the verification password immediately after sending the probe response to the terminal. It can be known from the various password generation rules disclosed above that if other terminals want to access the wireless network, they cannot know the MAC address of the terminal that can access the wireless network, the SSID of the wireless network, the specified fields, and more. If the calculation method of the access password cannot be known, it is difficult to access the wireless network, thereby effectively ensuring the security of the wireless network.

It can be seen that the above processes of generating access passwords, verifying passwords and access verification are all processes of automatic calculation by terminals, base stations, and network management platforms, and operations such as human input are not required, so the intervention of human and other external forces can be reduced, thereby enhancing the security of passwords to reduce the risk of password leakage.

In order to avoid password leakage, the network management platform needs to update the specified fields periodically. In this way, the same terminal uses different access passwords in different periods, making it more difficult for illegal terminals to crack the access password. After the specified field is updated, the terminal will disconnect from the target base station and re-generate the access password according to the specified field to connect again.

FIG. 4 is a schematic structural diagram of a terminal provided by an embodiment of the present application. As shown in FIG. 4 , the terminal includes: a receiver 11, a processor 12, and a transmitter 13;

The transmitter 13 is configured to send a probe request frame probe request to the target base station, so as to verify the authority of the terminal to access the wireless network of the target base station on the network management platform;

The receiver 11 is configured to receive a probe response frame probe response fed back by the target base station when the terminal has the right to access the wireless network of the target base station, where the probe response includes the SSID of the target base station and the specified field;

The processor 12 is configured to generate an access password according to the MAC address of the terminal, the SSID of the target base station and the specified field;

The transmitter 13 is further configured to use the access code to access the wireless network of the target base station.

FIG. 5 is a schematic structural diagram of a target base station provided by an embodiment of the present application. As shown in FIG. 5 , the target base station includes: a receiver 21, a processor 22, and a transmitter 23;

The receiver 21 is configured to receive the probe request frame probe request sent by the terminal;

The transmitter 23 is configured to send the probe request to the network management platform, so as to verify the right of the terminal to access the wireless network of the target base station on the network management platform;

The receiver 21 is further configured to receive the verification result of the network management platform;

The processor 22 is configured to generate a probe response frame probe response if the verification result is that the terminal has the right to access the wireless network of the target base station, and the probe response includes the SSID of the target base station and the specified field;

The transmitter 23 is further configured to send the probe response to the terminal, so that the terminal can access the wireless network of the target base station according to the SSID of the target base station and the specified field.

FIG. 6 is a schematic structural diagram of a network management platform provided by an embodiment of the present application. As shown in FIG. 6 , the network management platform includes: a receiver 31, a processor 32, and a transmitter 33;

The receiver 31 is configured to receive the probe request frame probe request sent by the target base station;

The processor 32 is configured to obtain terminal information from the probe request;

The processor 32 is further configured to verify, according to the terminal information, whether the terminal has the right to access the wireless network of the target base station, and generate a verification result, wherein if the verification result is that the terminal has access to the wireless network. the authority of the wireless network of the target base station, the verification result includes the SSID of the target base station and a specified field, so that the terminal can access the wireless network of the target base station according to the SSID of the target base station and the specified field network;

The transmitter 33 is further configured to send the verification result to the target base station.

It can be seen from the above technical solutions that after determining the target base station to be accessed, the terminal sends a probe request frame probe request to the target base station to verify the right to access the wireless network of the target base station, and the network management platform determines that the terminal has the access right. When the target base station sends a probe response frame probe response containing the SSID of the target base station and the specified field to the terminal, the terminal can use the MAC address of the terminal, the SSID of the target base station and the specified field to generate an access password at the same time to access the The wireless network of the target base station. In this application, the MAC address of the terminal is unique, and the specified field is also sent by the network management platform for the terminal's request. Therefore, it is also unique for the terminal, which can effectively avoid illegal connections of other terminals, thereby improving the efficiency of the terminal. Access to wireless network security.

Those skilled in the art can clearly understand that the technology in the embodiments of the present invention can be implemented by means of software plus a necessary general hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products may be stored in a storage medium, such as ROM/RAM , magnetic disk, optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present invention.

Other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses or adaptations of the invention which follow the general principles of the invention and which include common knowledge or conventional techniques in the art not disclosed by the invention . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the invention being indicated by the following claims.

It is to be understood that the present application is not limited to the precise structures described above and shown in the accompanying drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A wireless network security access method, applied to a terminal, wherein the method comprises: sending a probe request frame probe request to the target base station to verify the authority of the terminal to access the wireless network of the target base station on the network management platform; Receive a probe response frame probe response fed back by the target base station when the terminal has the right to access the wireless network of the target base station, where the probe response includes the SSID of the target base station and a specified field; generating an access password according to the MAC address of the terminal, the SSID of the target base station and the specified field; Access the wireless network of the target base station using the access code. 2. The method according to claim 1, further comprising: before sending the probe request frame proberequest to the target base station: The terminal information is registered on the network management platform, so as to store the authentication information of the terminal accessing the wireless network of each base station on the network management platform. 3. The method according to claim 1, further comprising: before sending the probe request frame proberequest to the target base station: Receive wireless network communication signals sent by surrounding base stations; A target base station is determined among the surrounding base stations according to the wireless network communication signal. The method according to claim 1, wherein the probe request and the proberesponse are generated based on the same set of data interaction identification rules. 5. The method according to claim 1, wherein the generating an access password according to the MAC address of the terminal, the SSID of the target base station and the specified field comprises: The access password is obtained by concatenating the MAC address of the terminal and the specified byte and the specified field in the SSID of the wireless network corresponding to the available base station according to a preset logical operation. 6. The method according to claim 1, wherein the specified field changes periodically. 7. The method of claim 1, wherein the method further comprises: If the probe response frame probe response fed back by the target base station is not received within a preset time period, the probe request is sent to the target base station according to a preset period until the probe response fed back by the target base station is received. 8. A wireless network security access method, applied to a target base station, wherein the method comprises: Receive the probe request frame probe request sent by the terminal; sending the probe request to the network management platform to verify the authority of the terminal to access the wireless network of the target base station on the network management platform; receiving the verification result sent by the network management platform; If the verification result is that the terminal has the right to access the wireless network of the target base station, a probe response frame probe response is generated, and the probe response includes the SSID of the target base station and a specified field; Send the probe response to the terminal, so that the terminal can access the wireless network of the target base station according to the SSID of the target base station and the specified field. 9. A wireless network security access method, applied to a network management platform, wherein the method comprises: Receive the probe request frame probe request sent by the target base station; Obtain terminal information from the probe request; Verify whether the terminal has the right to access the wireless network of the target base station according to the terminal information, and generate a verification result, wherein if the verification result is that the terminal has the right to access the wireless network of the target base station , then the verification result includes the SSID of the target base station and a specified field, so that the terminal can access the wireless network of the target base station according to the SSID of the target base station and the specified field; Send the verification result to the target base station. 10 . A communication system, characterized in that the communication system comprises a terminal, a target base station corresponding to the terminal, and a network management platform, wherein the terminal is configured to execute the method according to any one of claims 1-7 , the target base station is configured to execute the method of claim 8 , and the network management platform is configured to execute the method of claim 9 .

Images