[go: up one dir, main page]

CN106941405A - A kind of method and apparatus of terminal authentication in a wireless local area network - Google Patents

A kind of method and apparatus of terminal authentication in a wireless local area network Download PDF

Info

Publication number
CN106941405A
CN106941405A CN201710291865.1A CN201710291865A CN106941405A CN 106941405 A CN106941405 A CN 106941405A CN 201710291865 A CN201710291865 A CN 201710291865A CN 106941405 A CN106941405 A CN 106941405A
Authority
CN
China
Prior art keywords
key
pmk
mic
wireless terminal
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710291865.1A
Other languages
Chinese (zh)
Inventor
陈林锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201710291865.1A priority Critical patent/CN106941405A/en
Publication of CN106941405A publication Critical patent/CN106941405A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the present invention provides a kind of method of terminal authentication in a wireless local area network, applied in radio reception device, including:Generate first key corresponding with the identity of user and first pairwise master key PMK corresponding with the first key;Receive wireless terminal transmission includes access message of the wireless terminal according to the first key of the user input and first PMK corresponding with the first key first message completeness check code MIC generated;The second key and twoth PMK corresponding with second key are searched in key database;2nd MIC is generated according to twoth PMK corresponding with second key;When the first MIC is identical with the 2nd MIC, determine that the wireless terminal is successfully accessed.The embodiment of the present invention also provides a kind of device of terminal authentication in a wireless local area network.The process of embodiment of the present invention increasing terminal access network;Deployment is simple.

Description

A kind of method and apparatus of terminal authentication in a wireless local area network
Technical field
The present invention relates to data communication field, especially a kind of method and apparatus of terminal authentication in a wireless local area network.
Background technology
The popularization used with wireless network, wireless network secure increasingly attracts attention, the WEP (Wired of early stage Equivalent Privacy, Wired Equivalent Privacy) authentication mode passed into disuse due to being easy to be cracked, current industry More than comparing is PSK specified in 802.11i standards (Pre-sharedKey, wildcard) and 802.1x authentication modes, two The difference of person is the mode difference for obtaining PMK (PairwiseMasterKey, pairwise master key), and PSK is configured according to equipment end Key obtain PMK, and 802.1x is to get PMK after certification success.
PSK authentication is authenticated using wildcard, and equipment end configures a key, then tells user key, Terminal connects network using the key;Whether equipment end judges the key of connected terminal with the identical of configuration, if identical, The success of PSK access authentications;If key is different, the failure of PSK access authentications.
Because cipher key agreement process needs 4 EAPOL-KEY message interactions, so also referred to as 4 times handshake procedures.Hold for 4 times Hand process is briefly described as follows:
Step one:Wireless access point AP produces random number ANonce and is sent to terminal STA;
Step 2:STA produces random number SNonce, and calculating generation PTK, (pairwise transient key, face in pairs When key), SNonce is issued AP by STA, and carries out MIC (Message Integrity code, message integrity school to message Test code) verify, check results are stored in the MIC field of message;AP is verified after receiving message to MIC, if verification Do not pass through, then shake hands unsuccessfully for 4 times;If verification passes through, PTK is generated;
Step 3:ANonce is sent to STA by AP again, indicates whether STA temporary keys can use, and the message is carried out MIC is verified;
Step 4:If temporary key is available, STA is receiveed the response confirmations, and the message wants MIC verifications, while reinstating Xinmi City Key carries out encryption and decryption.
The PSK authentication mode of existing WLAN is most of all to use traditional PS K authentication modes, i.e., all terminals are all common A key is enjoyed, the defect that this scheme is present is if the key exposure of a legal terminal, then take the key Illegal terminal can access the network.
At other in the prior art, separate keys or dynamic key are modified on the basis of traditional PS K authentication modes Authentication mode.Although the authentication mode solves the defect of traditional PSK authentication, but too complicated, it is necessary to Radius in deployment (Remote Authentication Dial In User Service, remote customer dialing authentication system) server;Even Accessing terminal to network also needs to double probate, adds the complexity of terminal operation.
The content of the invention
In order to solve the above-mentioned technical problem, embodiments of the invention are adopted the following technical scheme that:
A kind of method of terminal authentication in a wireless local area network, applied in radio reception device, including:
Corresponding with the identity of the user first key of generation and corresponding with the first key first main close in pairs Key PMK;
Receive that wireless terminal sends comprising the wireless terminal according to the first key of the user input and with The first message completeness check code MIC of the corresponding first PMK generations of first key access message;
The second key and twoth PMK corresponding with second key are searched in key database;
2nd MIC is generated according to twoth PMK corresponding with second key;
When the first MIC is identical with the 2nd MIC, determine that the wireless terminal is successfully accessed.
Optionally, the second key and twoth PMK corresponding with second key of being searched in key database Step is specifically included:
The mark of wireless terminal according to the message is searched and institute in the message in the key database State corresponding second key of mark and twoth PMK corresponding with second key of wireless terminal.
Optionally, the second key and twoth PMK corresponding with second key of being searched in key database Step is specifically included:
Travel through the key database, using the key traversed as the second key, by with the key pair traversed The PMK answered is used as the 2nd PMK;
Methods described also includes, when the first MIC is identical with the 2nd MIC, by the mark of the wireless terminal It is saved in the corresponding relation of the 2nd MIC in the key database.
Optionally, methods described also includes:The first random number is generated, first random number is sent to the wireless end End;
What the reception wireless terminal was sent includes the wireless terminal according to the first key corresponding first The step of first MIC of PMK generations access message, specifically includes:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, First random number, the second random number, the mark of the wireless terminal and the wireless access of wireless terminal generation First MIC of the mark generation of equipment access message.
Optionally, methods described also includes:Obtain second random number;
It is described when finding second key, according to the 2nd PMK generation corresponding with second key the The step of two MIC, specifically includes:
When finding second key, according to corresponding 2nd PMK of second key, described first random The mark of several, described second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
The embodiment of the present invention further aspect is that there is provided a kind of device of terminal authentication in a wireless local area network, application In radio reception device, including:
First key generation module, for generate corresponding with the identity of user first key and with it is described first close The corresponding first pairwise master key PMK of key;
Receiver module, for receive wireless terminal transmission comprising the wireless terminal according to the user input The access message of first key and the first message completeness check code MIC of first PMK corresponding with first key generations;
Enquiry module, for searching the second key and twoth PMK corresponding with second key in key database;
Second key production module, for generating the 2nd MIC according to twoth PMK corresponding with second key;
Determining module, for when the first MIC is identical with the 2nd MIC, determining that the wireless terminal is accessed into Work(.
Optionally, the enquiry module specifically for:
The mark of wireless terminal according to the message is searched and institute in the message in the key database State corresponding second key of mark and twoth PMK corresponding with second key of wireless terminal.
Optionally, the enquiry module specifically for:
Travel through the key database, using the key traversed as the second key, by with the key pair traversed The PMK answered is used as the 2nd PMK;
Described device also includes preserving module, for when the first MIC is identical with the 2nd MIC, by the nothing The mark and the corresponding relation of the 2nd MIC of line terminal are saved in the key database.
Optionally, described device also includes:
Random number generation module, for generating the first random number;
Random number sending module, for first random number to be sent into the wireless terminal;
The receiver module specifically for:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, First random number, the second random number, the mark of the wireless terminal and the wireless access of wireless terminal generation First MIC of the mark generation of equipment access message.
Optionally, described device also includes:
Random number acquisition module, for obtaining second random number;
Second key production module specifically for:
When finding second key, according to corresponding 2nd PMK of second key, described first random The mark of several, described second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
The beneficial effect of the embodiment of the present invention is:Prevent that Key Exposure from threatening to wireless network secure, count in advance Calculate PMK, the process of increasing terminal access network;Deployment is simple, do not need Radius servers, it is possible to decrease cost;Compatible end End has connected the mode of traditional PS K networks, it is not necessary to makes and changes.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be in embodiment or description of the prior art The required accompanying drawing used is briefly described, it should be apparent that, drawings in the following description are only some realities of the present invention Example is applied, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 3 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 4 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 5 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 6 is a kind of structure drawing of device of the embodiment of the present invention;
Fig. 7 is a kind of structure drawing of device of the embodiment of the present invention;
Fig. 8 is a kind of structure drawing of device of the embodiment of the present invention;
Fig. 9 is a kind of structure drawing of device of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
First embodiment of the invention provides a kind of method of terminal authentication in a wireless local area network, is set applied to wireless access In standby, as shown in figure 1, including:
S101, generates corresponding with the identity of user first key and corresponding with the first key first paired Master key PMK;
S103, receive wireless terminal transmission includes the first key of the wireless terminal according to the user input The first message completeness check code MIC of the first PMK generations corresponding with first key access message;
S105, searches the second key and twoth PMK corresponding with second key in key database;
S107, the 2nd MIC is generated according to twoth PMK corresponding with second key;
S109, when the first MIC is identical with the 2nd MIC, determines that the wireless terminal is successfully accessed.
The beneficial effect of the embodiment of the present invention is:Prevent that Key Exposure from threatening to wireless network secure, count in advance Calculate PMK, the process of increasing terminal access network;Deployment is simple, do not need Radius servers, it is possible to decrease cost;Compatible end End has connected the mode of traditional PS K networks, it is not necessary to makes and changes.
Optionally, in step S101, generation first key and the first pairwise master key corresponding with the first key PMK operation can be carried out in web page, for example, being opened an account on web page, opened an account and referred to that the identity for inputting user (can To be user name, cell-phone number, mailbox etc.) it is used for the user that identifies first key;Opening an account can divide single open an account to be opened with batch Family:
Single open an account refers to be manually entered an identity, for the scene Added User.
It is that the identity of all users is all write into CSV (comma separated value Comma-Separated that batch, which is opened an account, Values) in file, the csv file is then imported into the radio reception device, opening an account for all users is completed.
When opening an account, according to the identity of input, for the identity generate a random, unique first key and First pairwise master key PMK corresponding with the first key.
The first key of generation and first pairwise master key PMK corresponding with first key storages are arrived into key data In storehouse, prevent from losing;After radio reception device is restarted, the key is also still suffered from.
Optionally, on the basis of first embodiment of the invention, second embodiment of the invention is as shown in Fig. 2 the step S105 is specifically included:
The mark of wireless terminal according to the message is searched and institute in the message in the key database State corresponding second key of mark and twoth PMK corresponding with second key of wireless terminal.
Optionally, on the basis of first embodiment of the invention, third embodiment of the invention is as shown in figure 3, the step S105 is specifically included:
Travel through the key database, using the key traversed as the second key, by with the key pair traversed The PMK answered is used as the 2nd PMK;
Methods described also includes step S111, when the first MIC is identical with the 2nd MIC, by the wireless end The mark and the corresponding relation of the 2nd MIC at end are saved in the key database.
Wherein, the key in the key database is traveled through, a key is often traveled through, then is counted with the corresponding PMK of the key Calculate generation PTK, then with PTK calculate MIC, judge whether with wireless terminal send MIC it is identical, if identical is then wireless Terminal is successfully accessed, and preserves the corresponding relation of Wireless terminal-MAC address and the key, otherwise wireless terminal access failure.
Optionally, on the basis of first embodiment of the invention, fourth embodiment of the invention is as shown in figure 4, methods described Also include:
S1011, generates the first random number,
S1013, the wireless terminal is sent to by first random number;
The step S103 is specifically included:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, First random number, the second random number, the mark of the wireless terminal and the wireless access of wireless terminal generation First MIC of the mark generation of equipment access message.
Optionally, on the basis of the present invention first and fourth embodiment, fifth embodiment of the invention is as shown in figure 5, institute Stating method also includes:
S1031, obtains second random number;
Step S107 is specifically included:
When finding second key, according to corresponding 2nd PMK of second key, described first random The mark of several, described second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
In one embodiment of the invention, it can also comprise the following steps:
Reclaim key:If some wireless terminal have left wireless network, the network is no longer accessed.Then can will wirelessly eventually The key used is held to return, it is only necessary to which the key can be deleted by knowing the identity of the key, close without knowing Key.
Data Migration:If it is desired to changing radio reception device, then only need to standby in web page operation on used equipment Number evidence, then operation recovery data on the web page of new equipment, it is possible to by the Data Migration of original used equipment to newly setting It is standby, save the trouble opened an account again.
It will be appreciated by those skilled in the art that:The PSK authentication illustrated in the embodiment of the present invention includes IEEE802.11i agreements Defined WPA-PSK and WPA2-PSK;The separate keys PSK authentication illustrated in the embodiment of the present invention can also be used for extending WAPI- PSK authentication mode.
The embodiment of the present invention further aspect is that there is provided a kind of device of terminal authentication in a wireless local area network, application In radio reception device, sixth embodiment of the invention as shown in fig. 6, including:
First key generation module 201, for generating corresponding with the identity of user first key and with described the The corresponding first pairwise master key PMK of one key;
Receiver module 203, for receive wireless terminal transmission comprising the wireless terminal according to the user input The access of the first key and the first message completeness check code MIC of first PMK corresponding with first key generations Message;
Enquiry module 205, for searched in key database the second key and with second key corresponding second PMK;
Second key production module 207, for according to the 2nd PMK generations second corresponding with second key MIC;
Determining module 209, for when the first MIC is identical with the 2nd MIC, determining the wireless terminal access Success.
Optionally, on the basis of sixth embodiment of the invention, in seventh embodiment of the invention, the enquiry module 205 Specifically for:
The mark of wireless terminal according to the message is searched and institute in the message in the key database State corresponding second key of mark and twoth PMK corresponding with second key of wireless terminal.
Optionally, on the basis of sixth embodiment of the invention, eighth embodiment of the invention is as shown in fig. 7, the inquiry Module 205 specifically for:
Travel through the key database, using the key traversed as the second key, by with the key pair traversed The PMK answered is used as the 2nd PMK;
Described device also includes preserving module 211, for when the first MIC is identical with the 2nd MIC, by described in The mark and the corresponding relation of the 2nd MIC of wireless terminal are saved in the key database.
Optionally, on the basis of sixth embodiment of the invention, ninth embodiment of the invention is as shown in figure 8, described device Also include:
Random number generation module 213, for generating the first random number;
Random number sending module 215, for first random number to be sent into the wireless terminal;
The receiver module 203 specifically for:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, First random number, the second random number, the mark of the wireless terminal and the wireless access of wireless terminal generation First MIC of the mark generation of equipment access message.
Optionally, on the basis of the 6th and the 9th embodiment of the invention, tenth embodiment of the invention is as shown in figure 9, institute Stating device also includes:
Random number acquisition module 217, for obtaining second random number;
Second key production module 207 specifically for:
When finding second key, according to corresponding 2nd PMK of second key, described first random The mark of several, described second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
The beneficial effect of the embodiment of the present invention is:Prevent that Key Exposure from threatening to wireless network secure, count in advance Calculate PMK, the process of increasing terminal access network;Deployment is simple, do not need Radius servers, it is possible to decrease cost;Compatible end End has connected the mode of traditional PS K networks, it is not necessary to makes and changes.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that every one stream in flow chart and/or block diagram can be realized by computer program instructions Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or to which part technical characteristic progress equivalent; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (10)

1. a kind of method of terminal authentication in a wireless local area network, applied in radio reception device, it is characterised in that including:
Generate first key corresponding with the identity of user and the first pairwise master key corresponding with the first key PMK;
Receive that wireless terminal sends comprising the wireless terminal according to the first key of the user input and with it is described The first message completeness check code MIC of the corresponding first PMK generations of first key access message;
The second key and twoth PMK corresponding with second key are searched in key database;
2nd MIC is generated according to twoth PMK corresponding with second key;
When the first MIC is identical with the 2nd MIC, determine that the wireless terminal is successfully accessed.
2. the method as described in claim 1, it is characterised in that it is described searched in key database the second key and with it is described The step of second key corresponding two PMK, specifically includes:
The mark of wireless terminal according to the message is searched and nothing described in the message in the key database Corresponding second key of mark and twoth PMK corresponding with second key of line terminal.
3. the method as described in claim 1, it is characterised in that it is described searched in key database the second key and with it is described The step of second key corresponding two PMK, specifically includes:
The key database is traveled through, will be corresponding with the key traversed using the key traversed as the second key PMK is used as the 2nd PMK;
Methods described also includes, when the first MIC is identical with the 2nd MIC, by the mark of the wireless terminal and institute The corresponding relation for stating the 2nd MIC is saved in the key database.
4. the method as described in claim 1, it is characterised in that also include:The first random number is generated, by first random number It is sent to the wireless terminal;
It is described to receive being given birth to comprising the wireless terminal according to corresponding first PMK of the first key for the wireless terminal transmission Into the first MIC access message the step of specifically include:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, described First random number, the second random number, the mark of the wireless terminal and the radio reception device of wireless terminal generation Mark generation the first MIC access message.
5. method as claimed in claim 4, it is characterised in that also include:Obtain second random number;
It is described when finding second key, the 2nd MIC is generated according to twoth PMK corresponding with second key The step of specifically include:
When finding second key, according to corresponding 2nd PMK of second key, first random number, The mark of second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
6. a kind of device of terminal authentication in a wireless local area network, applied in radio reception device, it is characterised in that including:
First key generation module, for generate corresponding with the identity of user first key and with the first key pair The the first pairwise master key PMK answered;
Receiver module, for receive wireless terminal transmission comprising the wireless terminal according to described the first of the user input The access message of key and the first message completeness check code MIC of first PMK corresponding with first key generations;
Enquiry module, for searching the second key and twoth PMK corresponding with second key in key database;
Second key production module, for generating the 2nd MIC according to twoth PMK corresponding with second key;
Determining module, for when the first MIC is identical with the 2nd MIC, determining that the wireless terminal is successfully accessed.
7. device as claimed in claim 6, it is characterised in that the enquiry module specifically for:
The mark of wireless terminal according to the message is searched and nothing described in the message in the key database Corresponding second key of mark and twoth PMK corresponding with second key of line terminal.
8. device as claimed in claim 6, it is characterised in that the enquiry module specifically for:
The key database is traveled through, will be corresponding with the key traversed using the key traversed as the second key PMK is used as the 2nd PMK;
Described device also includes preserving module, for when the first MIC is identical with the 2nd MIC, by the wireless end The mark and the corresponding relation of the 2nd MIC at end are saved in the key database.
9. device as claimed in claim 6, it is characterised in that also include:
Random number generation module, for generating the first random number;
Random number sending module, for first random number to be sent into the wireless terminal;
The receiver module specifically for:
Receive that the wireless terminal sends comprising the wireless terminal according to corresponding first PMK of the first key, described First random number, the second random number, the mark of the wireless terminal and the radio reception device of wireless terminal generation Mark generation the first MIC access message.
10. device as claimed in claim 9, it is characterised in that also include:
Random number acquisition module, for obtaining second random number;
Second key production module specifically for:
When finding second key, according to corresponding 2nd PMK of second key, first random number, The mark of second random number, the mark of the wireless terminal and the radio reception device generates the 2nd MIC.
CN201710291865.1A 2017-04-28 2017-04-28 A kind of method and apparatus of terminal authentication in a wireless local area network Pending CN106941405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710291865.1A CN106941405A (en) 2017-04-28 2017-04-28 A kind of method and apparatus of terminal authentication in a wireless local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710291865.1A CN106941405A (en) 2017-04-28 2017-04-28 A kind of method and apparatus of terminal authentication in a wireless local area network

Publications (1)

Publication Number Publication Date
CN106941405A true CN106941405A (en) 2017-07-11

Family

ID=59463862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710291865.1A Pending CN106941405A (en) 2017-04-28 2017-04-28 A kind of method and apparatus of terminal authentication in a wireless local area network

Country Status (1)

Country Link
CN (1) CN106941405A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111866881A (en) * 2020-08-12 2020-10-30 腾讯科技(深圳)有限公司 Wireless LAN authentication method and wireless LAN connection method
CN112565199A (en) * 2020-11-12 2021-03-26 腾讯科技(深圳)有限公司 Network connection method, device, network equipment and storage medium
WO2022127434A1 (en) * 2020-12-15 2022-06-23 腾讯科技(深圳)有限公司 Wireless local area network authentication method and apparatus, and electronic device and storage medium
CN115696317A (en) * 2021-07-28 2023-02-03 慧与发展有限责任合伙企业 Selective caching of pairwise master keys in streaming roaming
WO2023093277A1 (en) * 2021-11-23 2023-06-01 华为技术有限公司 Roaming method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155092A (en) * 2006-09-29 2008-04-02 西安电子科技大学 A wireless local area network access method, device and system
US20120084564A1 (en) * 2010-10-01 2012-04-05 Samsung Electronics Co. Ltd. Security operation method and system for access point
CN102843687A (en) * 2012-09-18 2012-12-26 惠州Tcl移动通信有限公司 Smartphone portable point safe access system and method
CN103313242A (en) * 2012-03-16 2013-09-18 中兴通讯股份有限公司 Secret key verification method and device
CN103684754A (en) * 2013-12-03 2014-03-26 中国电子科技集团公司第三十研究所 WPA shared key cracking system based on GPU cluster
CN103888941A (en) * 2012-12-20 2014-06-25 杭州华三通信技术有限公司 Method and device for key negotiation of wireless network
CN104486759A (en) * 2014-12-15 2015-04-01 北京极科极客科技有限公司 Method accessing wireless network without obstacle

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155092A (en) * 2006-09-29 2008-04-02 西安电子科技大学 A wireless local area network access method, device and system
US20120084564A1 (en) * 2010-10-01 2012-04-05 Samsung Electronics Co. Ltd. Security operation method and system for access point
CN103313242A (en) * 2012-03-16 2013-09-18 中兴通讯股份有限公司 Secret key verification method and device
CN102843687A (en) * 2012-09-18 2012-12-26 惠州Tcl移动通信有限公司 Smartphone portable point safe access system and method
CN103888941A (en) * 2012-12-20 2014-06-25 杭州华三通信技术有限公司 Method and device for key negotiation of wireless network
CN103684754A (en) * 2013-12-03 2014-03-26 中国电子科技集团公司第三十研究所 WPA shared key cracking system based on GPU cluster
CN104486759A (en) * 2014-12-15 2015-04-01 北京极科极客科技有限公司 Method accessing wireless network without obstacle

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111866881A (en) * 2020-08-12 2020-10-30 腾讯科技(深圳)有限公司 Wireless LAN authentication method and wireless LAN connection method
CN112565199A (en) * 2020-11-12 2021-03-26 腾讯科技(深圳)有限公司 Network connection method, device, network equipment and storage medium
CN112565199B (en) * 2020-11-12 2023-06-16 腾讯科技(深圳)有限公司 Network connection method, device, network equipment and storage medium
WO2022127434A1 (en) * 2020-12-15 2022-06-23 腾讯科技(深圳)有限公司 Wireless local area network authentication method and apparatus, and electronic device and storage medium
US12317072B2 (en) 2020-12-15 2025-05-27 Tencent Technology (Shenzhen) Company Limited Wireless local area network authentication method and apparatus, electronic device, and storage medium
CN115696317A (en) * 2021-07-28 2023-02-03 慧与发展有限责任合伙企业 Selective caching of pairwise master keys in streaming roaming
CN115696317B (en) * 2021-07-28 2024-02-13 慧与发展有限责任合伙企业 Selective caching of pairwise master keys in streamlined roaming
US12133073B2 (en) 2021-07-28 2024-10-29 Hewlett Packard Enterprise Development Lp Selective caching of pairwise master keys in streamlined roaming
WO2023093277A1 (en) * 2021-11-23 2023-06-01 华为技术有限公司 Roaming method and system

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
CN106211152B (en) A kind of wireless access authentication method and device
CN106161032B (en) A method and device for identity authentication
CN112672351B (en) Wireless local area network authentication method and device, electronic device, and storage medium
CN107454079B (en) Lightweight equipment authentication and shared key negotiation method based on Internet of things platform
CN103108327B (en) Checking terminal unit and the method for subscriber card security association, Apparatus and system
CN104092550B (en) Cipher code protection method, system and device
EP3425842B1 (en) Communication system and communication method for certificate generation
CN103401880B (en) The system and method that a kind of industrial control network logs in automatically
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
CN106941405A (en) A kind of method and apparatus of terminal authentication in a wireless local area network
CN103873454A (en) Authentication method and equipment
CN105898743B (en) A kind of method for connecting network, apparatus and system
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN103782615A (en) Method and apparatus for authenticating subscribers to long term evolution telecommunication networks or universal mobile telecommunications system
WO2016161583A1 (en) Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system
US10834063B2 (en) Facilitating provisioning of an out-of-band pseudonym over a secure communication channel
CN110798432A (en) Security authentication method, device and system, mobile terminal
CN108738015B (en) Network security protection method, device and system
CN107154916A (en) A kind of authentication information acquisition methods, offer method and device
CN108737431B (en) Confusion-based hierarchical distributed authentication method, device and system in IoT scenarios
CN105207987A (en) Fingerprint identification system based on Bluetooth mobile phone terminal
CN110830985A (en) 5G lightweight terminal access authentication method based on trust mechanism
CN108076460B (en) A method and terminal for authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170711

RJ01 Rejection of invention patent application after publication