CN103079200A - Wireless access authentication method, system and wireless router - Google Patents
Wireless access authentication method, system and wireless router Download PDFInfo
- Publication number
- CN103079200A CN103079200A CN2011103292099A CN201110329209A CN103079200A CN 103079200 A CN103079200 A CN 103079200A CN 2011103292099 A CN2011103292099 A CN 2011103292099A CN 201110329209 A CN201110329209 A CN 201110329209A CN 103079200 A CN103079200 A CN 103079200A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- access terminal
- wireless access
- wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a wireless access authentication method, a wireless access authentication system and a wireless router. The method comprises the following steps that to-be-authenticated information transmitted by a wireless access terminal is authenticated by the wireless router, and after authentication passes, the wireless access terminal is permitted to access. The wireless router comprises a first information receiving and transmitting module, an authentication module and an access module, wherein the first information receiving and transmitting module is used for receiving the to-be-authenticated information transmitted by the wireless access terminal, the authentication module is used for authenticating the to-be-authenticated information received by the first information receiving and transmitting module, and the access module is used for permitting the wireless access terminal to access after authentication passes. The system comprises the wireless router and at least one wireless access terminal, wherein the wireless access terminal is used for transmitting the to-be-authenticated information to the wireless router, and the wireless router is used for authenticating the to-be-authenticated information transmitted by the wireless access terminal and permitting the wireless access terminal to access after authentication passes. According to the method, the system and the wireless router, through the technical scheme, the safety problem of wireless networks is solved.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to an authentication method for wireless access, a wireless router, and an authentication system for wireless access.
Background
The use of wireless networks is more and more common, and the emergence of wireless networks brings new information security problems to the IT industry. Because the existing anti-attack technology cannot be effectively applied to wireless networks, such as the boundary prevention devices of firewall and proxy server used in the traditional wired network, the wireless network has difficulty in controlling the access of users through the boundary prevention devices. Generally, a wireless access point is open to all users inside the wireless access point, and an intruder can easily access the wireless network to access various resources. With the increasing technical level of hacker intrusion and the increasing scale of attack, the security problem of wireless network has gradually become a key problem in the communication field.
Disclosure of Invention
The invention provides a wireless access authentication method, a wireless router and a wireless access authentication system, which solve the security problem of a wireless network.
In order to solve the technical problems, the invention adopts the following technical scheme:
a method of authentication for wireless access, comprising:
the wireless router verifies the information to be verified sent by the wireless access terminal;
and after the verification is passed, allowing the wireless access terminal to access.
Before the wireless router verifies the information to be verified sent by the wireless access terminal, the method further comprises the following steps: the wireless router and the wireless access terminal negotiate a symmetric key; the wireless router decrypts the information to be verified which is sent by the wireless access terminal and encrypted by using the symmetric key; the verification of the wireless router on the information to be verified sent by the wireless access terminal specifically comprises the following steps: and verifying the decrypted information to be verified.
The information to be verified is signature information obtained by the wireless access terminal signing a message digest generated by terminal feature information by using a PIK (Platform Identity Key) certificate or a PEK (Platform Encryption Key) certificate; after the signature information passes the verification, allowing the wireless access terminal to access; or,
the information to be verified comprises MAC address information and signature information obtained by the wireless access terminal by using a PIK certificate or a PEK certificate to sign a message digest generated by terminal characteristic information; and after the MAC address information and the signature information are verified, allowing the wireless access terminal to access.
The process of verifying the signature information by the wireless router comprises the following steps:
the wireless router receives the characteristic information sent by the wireless access terminal;
and the wireless router acquires the PIK certificate or the PEK certificate of the wireless access terminal from a preset PIK certificate or PEK certificate list allowing the access terminal according to the characteristic information, and verifies the signature information by using the PIK certificate or the PEK certificate.
The process of verifying the MAC address information by the wireless router comprises the following steps: the wireless router judges whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; and if the MAC address information exists, the MAC address information is verified to be passed.
A wireless router comprises a first information transceiver module, an authentication module and an access module, wherein,
the first information transceiver module is used for receiving information to be verified sent by the wireless access terminal;
the verification module is used for verifying the information to be verified received by the first information transceiver module;
and the access module is used for allowing the wireless access terminal to access after the verification is passed.
Also included are a first trusted computing module and a decryption module, wherein,
the first trusted computing module is used for generating a symmetric key negotiated with the wireless access terminal;
the first information transceiver module is specifically configured to receive information to be verified, which is sent by the wireless access terminal and encrypted by using the symmetric key;
the decryption module is used for decrypting the encrypted information to be verified received by the first information transceiver module by using the symmetric key generated by the first trusted computing module;
the verification module is specifically used for verifying the information to be verified after the decryption module decrypts the information.
The first information transceiver module is specifically configured to receive signature information sent by a wireless access terminal, or the first information transceiver module is specifically configured to receive MAC address information and the signature information sent by the wireless access terminal;
the verification module is specifically configured to verify the signature information, or the verification module is specifically configured to verify the MAC address information and the signature information;
the access module is specifically used for allowing the wireless access terminal to access after the signature information passes verification, or the access module is specifically used for allowing the wireless access terminal to access after the MAC address information and the signature information pass verification;
the signature information is obtained by the wireless access terminal by using a PIK certificate or a PEK certificate to sign a message digest generated by the terminal characteristic information.
The process of the verification module for verifying the signature information comprises the following steps: and acquiring the PIK certificate or PEK certificate of the wireless access terminal from a preset PIK certificate or PEK certificate list allowing the access terminal according to the characteristic information sent by the wireless access terminal and received by the first information transceiver module, and verifying the signature information by using the PIK certificate or PEK certificate.
The process of the verification module for verifying the MAC address information includes: judging whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; and if the MAC address information exists, the MAC address information is verified to be passed.
An authentication system for wireless access, comprising a wireless router and at least one wireless access terminal, wherein,
the wireless access terminal is used for sending information to be verified to the wireless router;
the wireless router is used for verifying the information to be verified sent by the wireless access terminal and allowing the wireless access terminal to access after the verification is passed.
The wireless router comprises a first trusted computing module, a first information transceiver module, a decryption module, a verification module and an access module, the wireless access terminal comprises a second trusted computing module, an encryption module and a second information transceiver module, wherein,
the second trusted computing module is used for generating a symmetric key negotiated with the first trusted computing module;
the encryption module is used for encrypting the information to be verified sent to the first information transceiver module by using the symmetric key generated by the second trusted computing module;
the second information transceiver module is used for sending the information to be verified encrypted by the encryption module to the first information transceiver module;
the first trusted computing module is configured to generate the symmetric key negotiated with the second trusted computing module;
the first information transceiver module is used for receiving the information to be verified which is sent by the second information transceiver module and encrypted by the encryption module;
the decryption module is used for decrypting the encrypted information to be verified received by the first information transceiver module by using the symmetric key generated by the first trusted computing module;
the verification module is used for verifying the information to be verified after the decryption module decrypts the information to be verified;
and the access module is used for allowing the wireless access terminal to access after the verification is passed.
The information to be verified is signature information obtained by the wireless access terminal by signing a message digest generated by the terminal characteristic information by using a PIK certificate or a PEK certificate, or the information to be verified comprises MAC address information and signature information obtained by the wireless access terminal by signing a message digest generated by the terminal characteristic information by using the PIK certificate or the PEK certificate; the access module is specifically used for allowing the wireless access terminal to access after the signature information passes verification; or the access module is specifically configured to allow the wireless access terminal to access after the MAC address information and the signature information are both verified.
The invention provides a wireless access authentication method, a wireless router and a wireless access authentication system, which solve the safety problem of a wireless network through the authentication process between the wireless router and a wireless access terminal.
Drawings
Fig. 1 is a flowchart of an authentication method for wireless access according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an authentication method for wireless access according to another embodiment of the present invention;
fig. 3 is a flowchart illustrating an authentication method for wireless access according to another embodiment of the present invention;
fig. 4 is a block diagram of a wireless router according to an embodiment of the present invention;
fig. 5 is a block diagram of an authentication system for wireless access according to an embodiment of the present invention.
Detailed Description
Fig. 1 is a flowchart of an authentication method for wireless access according to an embodiment of the present invention, please refer to fig. 1:
s11, the wireless router verifies the information to be verified sent by the wireless access terminal;
and S12, after the verification is passed, allowing the wireless access terminal to access.
And when the verification fails, the wireless access terminal is refused to access, the times of authentication failure can be further counted, and when the times reach a preset value, the wireless access terminal is logged into a malicious access blacklist.
The information to be verified, which is verified by the wireless router, includes various types, and can be signature information of the wireless access terminal, wherein the signature information can be signature information obtained by the wireless access terminal by using a PIK (packet authentication key) certificate or a PEK (public authentication key) certificate to sign a message digest generated by terminal characteristic information; and may also be MAC address information of the wireless access terminal and the signature information. In order to further ensure the security of wireless access, the information to be verified, which is verified by the wireless router, may be the verification information which is encrypted by the wireless access terminal and decrypted by the wireless router.
The present invention will be described in further detail with reference to the accompanying drawings by taking the information to be verified as the signature information of the wireless access terminal as an example.
Fig. 2 is a flowchart illustrating a process of an authentication method for wireless access according to another embodiment of the present invention, please refer to fig. 2:
s21, the wireless router and the wireless access terminal negotiate a symmetric key;
s22, the wireless access terminal obtains terminal characteristic information, such as information of a terminal name, a user name, current time and the like, a trusted computing chip of the wireless access terminal hashes the characteristic information to generate summary information, signs the summary information by using a PIK (personal authentication key) certificate or a PEK (personal authentication key) certificate of the wireless access terminal to obtain signature information, encrypts the terminal characteristic information and the signature information by using a negotiated symmetric key, and sends the encrypted information to the wireless router;
s23, the wireless router decrypts the encrypted information by using the negotiated symmetric key to obtain the decrypted characteristic information and signature information of the wireless access terminal;
s24, the wireless router verifies the signature information, if the signature information passes the verification, the step S25 is carried out, otherwise, the step S26 is carried out;
the method for verifying the signature information may be: and the wireless router acquires the PIK certificate or the PEK certificate of the wireless access terminal from a preset P IK certificate or PEK certificate list of the allowed access terminal according to the characteristic information, and verifies the signature information by using the PIK certificate or the PEK certificate.
And S25, allowing the access of the wireless access terminal, and the access is successful.
S26, rejecting the access of the wireless access terminal, meanwhile accumulating the times of failing to pass the verification, and when the times reaches a preset value, logging the wireless access terminal into a malicious access blacklist.
Taking the information to be verified as the MAC address information and the signature information of the wireless access terminal as an example, fig. 3 is a flowchart of a flow of an authentication method for wireless access according to another embodiment of the present invention, please refer to fig. 3:
s31, the wireless router and the wireless access terminal negotiate a symmetric key;
s32, the wireless access terminal acquires terminal characteristic information, such as information of a terminal name, a user name, current time and the like, a trusted computing chip of the wireless access terminal hashes the characteristic information to generate summary information, signs the summary information by using a PIK (personal authentication key) certificate or a PEK (personal authentication key) certificate of the wireless access terminal to obtain signature information, encrypts the terminal characteristic information, the signature information and MAC (media access control) address information by using a negotiated symmetric key, and sends the encrypted information to the wireless router;
s33, the wireless router decrypts the encrypted information by using the negotiated symmetric key to obtain the decrypted characteristic information, signature information and MAC address information of the wireless access terminal;
s34, the wireless router verifies the signature information and the MAC address information, if the signature information and the MAC address information are verified to pass, the step S35 is carried out, otherwise, the step S36 is carried out;
the method of verifying the signature information may include: the wireless router acquires the PIK certificate or the PEK certificate of the wireless access terminal from a preset PIK certificate or PEK certificate list allowing the access terminal according to the characteristic information, and verifies the signature information by using the PIK certificate or the PEK certificate; the method of verifying the MAC address information may include: the wireless router judges whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; if the MAC address information exists, the MAC address information passes the verification, otherwise, the MAC address information fails the verification.
The verification of the signature information and the MAC address information can be carried out simultaneously, or the MAC address information can be verified firstly, when the MAC address information is not verified, the access is refused, and the signature information is verified under the condition that the MAC address information is verified; or the signature information can be verified firstly, when the signature information is not verified, the access is refused, and the MAC address information is verified under the condition that the signature information is verified;
and S35, allowing the access of the wireless access terminal, and the access is successful.
S36, refusing the access of the wireless access terminal, meanwhile accumulating the times of non-authentication failure, when the times reaches a preset value, recording the wireless access terminal into a malicious access blacklist.
The invention also comprises a wireless router which comprises a first information transceiver module, a verification module and an access module, wherein the first information transceiver module is used for receiving the information to be verified, which is sent by the wireless access terminal; the verification module is used for verifying the information to be verified received by the first information transceiver module; and the access module is used for allowing the wireless access terminal to access after the verification is passed.
Fig. 4 is a block diagram of a wireless router according to an embodiment of the present invention, please refer to fig. 4:
a wireless router comprises a first information transceiver module 41, a first trusted computing module 42, a decryption module 43, an authentication module 44 and an access module 45, wherein the first trusted computing module 42 is used for generating a symmetric key negotiated with a wireless access terminal; the first information transceiver module 41 is configured to receive information to be verified, which is sent by the wireless access terminal and encrypted by using the negotiated symmetric key; the decryption module 43 is configured to decrypt, by using the symmetric key generated by the first trusted computing module 42, the encrypted to-be-verified information received by the first information transceiver module 41; the verification module 44 is configured to verify the information to be verified after being decrypted by the decryption module 43; the access module 45 is used for allowing the wireless access terminal to access after the authentication of the authentication module 44 is passed.
Further, the information to be verified is signature information sent by the wireless access terminal, or MAC address information and signature information sent by the wireless access terminal, and the signature information is obtained by the wireless access terminal by signing a message digest generated by the terminal characteristic information by using a PIK certificate or a PEK certificate; the first information transceiver module 41 is specifically configured to receive signature information sent by a wireless access terminal, or receive MAC address information and signature information sent by the wireless access terminal; the verification module 44 is specifically configured to verify the signature information, or verify both the MAC address information and the signature information; the access module is specifically used for allowing the wireless access terminal to access after the signature information passes verification, or allowing the wireless access terminal to access after the MAC address information and the signature information pass verification;
further, the process of the verification module 44 for verifying the signature information includes: according to the feature information sent by the wireless access terminal received by the first information transceiver module 41, the PIK certificate or the PEK certificate of the wireless access terminal is obtained from a preset PIK certificate or a PEK certificate list allowing the access terminal to access, and the PIK certificate or the PEK certificate is used to verify the signature information. The process that the verification module is used for verifying the MAC address information comprises the following steps: judging whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; if the MAC address information exists, the MAC address information passes the verification, otherwise, the MAC address information fails to verify.
The invention also comprises a wireless access authentication system, which comprises a wireless router and at least one wireless access terminal, wherein the wireless access terminal is used for sending information to be verified to the wireless router; the wireless router is used for verifying the information to be verified sent by the wireless access terminal and allowing the wireless access terminal to access after the verification is passed.
Taking a wireless router and a wireless access terminal as examples, fig. 5 is a block diagram of an authentication system for wireless access according to an embodiment of the present invention, please refer to fig. 5:
a wireless access authentication system comprises a wireless router and a wireless access terminal, wherein the wireless access terminal comprises a second trusted computing module 51, an encryption module 52 and a second information transceiver module 53, the wireless router comprises a first information transceiver module 41, a first trusted computing module 42, a decryption module 43, a verification module 44 and an access module 45, and the second trusted computing module 51 is used for generating a symmetric key negotiated with the first trusted computing module 42; the encryption module 52 is configured to encrypt, by using the symmetric key generated by the second trusted computing module 51, the information to be verified that is sent to the first information transceiver module 41; the second information transceiver module 53 is configured to send the information to be verified encrypted by the encryption module 52 to the first information transceiver module 41; the first trusted computing module 42 is configured to generate the symmetric key negotiated with the second trusted computing module 51; the first information transceiver module 41 is configured to receive the to-be-verified information encrypted by the encryption module 52 and sent by the second information transceiver module 53; the decryption module 43 is configured to decrypt, by using the symmetric key generated by the first trusted computing module 42, the encrypted to-be-verified information received by the first information transceiver module 41; the verification module 44 is configured to verify the information to be verified after being decrypted by the decryption module 43; the access module 45 is used for allowing the wireless access terminal to access after the authentication is passed.
Further, the information to be verified is signature information obtained by the wireless access terminal signing the message digest generated by the terminal characteristic information by using a PIK certificate or a PEK certificate, or the information to be verified comprises MAC address information and signature information obtained by the wireless access terminal signing the message digest generated by the terminal characteristic information by using the PIK certificate or the PEK certificate; the encryption module 52 is configured to encrypt the signature information sent to the first information transceiver module 41, or encrypt the MAC address information and the signature information sent to the first information transceiver module 41, using the symmetric key generated by the second trusted computing module 51; the second information transceiver module 53 is configured to send the signature information encrypted by the encryption module 52 to the first information transceiver module 41, or send the MAC address information and the signature information encrypted by the encryption module 52 to the first information transceiver module 41; the decryption module 43 is configured to decrypt, by using the symmetric key generated by the first trusted computing module 42, the encrypted signature information received by the first information transceiver module 41, or decrypt, by using the encrypted MAC address information and the encrypted signature information received by the first information transceiver module 41; the verification module 44 is configured to verify the signature information decrypted by the decryption module 43, or verify the MAC address information and the signature information decrypted by the decryption module 43; the access module 45 is used for allowing the wireless access terminal to access after the signature information passes the verification; or the access module 45 is used for allowing the wireless access terminal to access after the MAC address information and the signature information are verified.
Because the trusted computing module has high security in the aspects of data encryption and decryption, data secure storage and the like, the invention can enhance the security of wireless access by utilizing the trusted computing module and prevent the data of the wireless router from being intercepted, cracked, attacked by replay and the like. In order to further improve the security of the wireless network, the invention can also store the symmetric key in the nonvolatile storage space of the trusted computing chip, so as to prevent the loss of the key; and PIK (personal identification number) certificates or PEK (personal identification number) certificate lists of the allowed access terminals and MAC (media access control) address information lists of the allowed access terminals can be stored in a nonvolatile storage space of a trusted computing chip of the wireless router, so that illegal tampering is prevented.
The foregoing is a more detailed description of the present invention that is presented in conjunction with specific embodiments, and the practice of the invention is not to be considered limited to those descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (13)
1. A method for authenticating wireless access, comprising:
the wireless router verifies the information to be verified sent by the wireless access terminal;
and after the verification is passed, allowing the wireless access terminal to access.
2. The method of claim 1, wherein before the wireless router verifies the information to be verified sent by the wireless access terminal, the method further comprises: the wireless router and the wireless access terminal negotiate a symmetric key; the wireless router decrypts the information to be verified which is sent by the wireless access terminal and encrypted by using the symmetric key; the verification of the wireless router on the information to be verified sent by the wireless access terminal specifically comprises the following steps: and verifying the decrypted information to be verified.
3. The method of claim 1 or 2, wherein the information to be verified is signature information obtained by the wireless access terminal signing a message digest generated by terminal feature information using a PIK certificate or a PEK certificate; after the signature information passes the verification, allowing the wireless access terminal to access; or,
the information to be verified comprises MAC address information and signature information obtained by the wireless access terminal by using a PIK certificate or a PEK certificate to sign a message digest generated by terminal characteristic information; and after the MAC address information and the signature information are verified, allowing the wireless access terminal to access.
4. The method of claim 3, wherein the process of the wireless router verifying the signature information comprises:
the wireless router receives the characteristic information sent by the wireless access terminal;
and the wireless router acquires the PIK certificate or the PEK certificate of the wireless access terminal from a preset PIK certificate or PEK certificate list allowing the access terminal according to the characteristic information, and verifies the signature information by using the PIK certificate or the PEK certificate.
5. The method of claim 3, wherein the process of the wireless router verifying the MAC address information comprises: the wireless router judges whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; and if the MAC address information exists, the MAC address information is verified to be passed.
6. A wireless router is characterized by comprising a first information transceiving module, an authentication module and an access module, wherein,
the first information transceiver module is used for receiving information to be verified sent by the wireless access terminal;
the verification module is used for verifying the information to be verified received by the first information transceiver module;
and the access module is used for allowing the wireless access terminal to access after the verification is passed.
7. The wireless router of claim 6, further comprising a first trusted computing module and a decryption module, wherein,
the first trusted computing module is used for generating a symmetric key negotiated with the wireless access terminal;
the first information transceiver module is specifically configured to receive information to be verified, which is sent by the wireless access terminal and encrypted by using the symmetric key;
the decryption module is used for decrypting the encrypted information to be verified received by the first information transceiver module by using the symmetric key generated by the first trusted computing module;
the verification module is specifically used for verifying the information to be verified after the decryption module decrypts the information.
8. The wireless router according to claim 6 or 7, wherein the first information transceiver module is specifically configured to receive signature information sent by a wireless access terminal, or the first information transceiver module is specifically configured to receive MAC address information and the signature information sent by a wireless access terminal;
the verification module is specifically configured to verify the signature information, or the verification module is specifically configured to verify the MAC address information and the signature information;
the access module is specifically used for allowing the wireless access terminal to access after the signature information passes verification, or the access module is specifically used for allowing the wireless access terminal to access after the MAC address information and the signature information pass verification;
the signature information is obtained by the wireless access terminal by using a PIK certificate or a PEK certificate to sign a message digest generated by the terminal characteristic information.
9. The wireless router of claim 8, wherein the process for verifying the signature information by the verification module comprises: and acquiring the PIK certificate or PEK certificate of the wireless access terminal from a preset PIK certificate or PEK certificate list allowing the access terminal according to the characteristic information sent by the wireless access terminal and received by the first information transceiver module, and verifying the signature information by using the PIK certificate or PEK certificate.
10. The wireless router of claim 8, wherein the process for verifying the MAC address information by the verification module comprises: judging whether the MAC address information sent by the wireless access terminal exists in a preset MAC address information list allowing access or not; and if the MAC address information exists, the MAC address information is verified to be passed.
11. An authentication system for wireless access, comprising a wireless router and at least one wireless access terminal, wherein,
the wireless access terminal is used for sending information to be verified to the wireless router;
the wireless router is used for verifying the information to be verified sent by the wireless access terminal and allowing the wireless access terminal to access after the verification is passed.
12. The system of claim 11, wherein the wireless router comprises a first trusted computing module, a first messaging module, a decryption module, an authentication module, and an access module, and the wireless access terminal comprises a second trusted computing module, an encryption module, and a second messaging module, wherein,
the second trusted computing module is used for generating a symmetric key negotiated with the first trusted computing module;
the encryption module is used for encrypting the information to be verified sent to the first information transceiver module by using the symmetric key generated by the second trusted computing module;
the second information transceiver module is used for sending the information to be verified encrypted by the encryption module to the first information transceiver module;
the first trusted computing module is configured to generate the symmetric key negotiated with the second trusted computing module;
the first information transceiver module is used for receiving the information to be verified which is sent by the second information transceiver module and encrypted by the encryption module;
the decryption module is used for decrypting the encrypted information to be verified received by the first information transceiver module by using the symmetric key generated by the first trusted computing module;
the verification module is used for verifying the information to be verified after the decryption module decrypts the information to be verified;
and the access module is used for allowing the wireless access terminal to access after the verification is passed.
13. The system according to claim 11 or 12, wherein the information to be verified is signature information obtained by the wireless access terminal signing a message digest generated by the terminal characteristic information using a PIK certificate or a PEK certificate, or the information to be verified includes MAC address information and signature information obtained by the wireless access terminal signing a message digest generated by the terminal characteristic information using a PIK certificate or a PEK certificate; the access module is specifically used for allowing the wireless access terminal to access after the signature information passes verification; or the access module is specifically configured to allow the wireless access terminal to access after the MAC address information and the signature information are both verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110329209.9A CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110329209.9A CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103079200A true CN103079200A (en) | 2013-05-01 |
| CN103079200B CN103079200B (en) | 2016-08-03 |
Family
ID=48155584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110329209.9A Active CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103079200B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415016A (en) * | 2013-07-05 | 2013-11-27 | 惠州Tcl移动通信有限公司 | Mobile WIFI hotspot connection processing method and system |
| CN103475505A (en) * | 2013-08-27 | 2013-12-25 | 北京智谷睿拓技术服务有限公司 | Mobile equipment and method for setting external network service through mobile equipment |
| CN104270759A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Equipment for detecting wireless network invasion |
| CN104320781A (en) * | 2014-11-27 | 2015-01-28 | 上海斐讯数据通信技术有限公司 | Verifying method and system for mobile terminal |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| CN104836785A (en) * | 2014-02-07 | 2015-08-12 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN105007579A (en) * | 2014-04-24 | 2015-10-28 | 中国移动通信集团广东有限公司 | Wireless local area network access authentication method and terminal |
| WO2016045359A1 (en) * | 2014-09-26 | 2016-03-31 | 中兴通讯股份有限公司 | Authentication method, wireless router and computer storage medium |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| WO2016184208A1 (en) * | 2015-11-10 | 2016-11-24 | 中兴通讯股份有限公司 | Limited terminal identification and processing method, apparatus, and wireless access point device |
| CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
| CN106451629A (en) * | 2016-10-31 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Method for router wireless charging with specified MAC address and router device |
| CN108471613A (en) * | 2018-03-28 | 2018-08-31 | 湖南东方华龙信息科技有限公司 | The verification method of wireless router |
| CN108900306A (en) * | 2018-07-02 | 2018-11-27 | 四川斐讯信息技术有限公司 | A kind of production method and system of wireless router digital certificate |
| CN111010371A (en) * | 2019-11-15 | 2020-04-14 | 广东电力信息科技有限公司 | Method for realizing stable terminal access based on ipv6 automatic configuration |
| CN112468356A (en) * | 2019-09-09 | 2021-03-09 | 北京奇虎科技有限公司 | Router interface testing method and device, electronic equipment and storage medium |
| CN112637128A (en) * | 2020-11-25 | 2021-04-09 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN113630405A (en) * | 2021-07-30 | 2021-11-09 | 北京达佳互联信息技术有限公司 | Network access authentication method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101455025A (en) * | 2006-05-26 | 2009-06-10 | 卢森特技术有限公司 | Encryption method for secure packet transmission |
| CN201498001U (en) * | 2009-09-04 | 2010-06-02 | 瑞达信息安全产业股份有限公司 | Credible calculation platform based on symmetrical key codes |
| CN101867929A (en) * | 2010-05-25 | 2010-10-20 | 北京星网锐捷网络技术有限公司 | Authentication method, system, authentication server and terminal device |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
-
2011
- 2011-10-26 CN CN201110329209.9A patent/CN103079200B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101455025A (en) * | 2006-05-26 | 2009-06-10 | 卢森特技术有限公司 | Encryption method for secure packet transmission |
| CN201498001U (en) * | 2009-09-04 | 2010-06-02 | 瑞达信息安全产业股份有限公司 | Credible calculation platform based on symmetrical key codes |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN101867929A (en) * | 2010-05-25 | 2010-10-20 | 北京星网锐捷网络技术有限公司 | Authentication method, system, authentication server and terminal device |
| CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415016A (en) * | 2013-07-05 | 2013-11-27 | 惠州Tcl移动通信有限公司 | Mobile WIFI hotspot connection processing method and system |
| CN103475505A (en) * | 2013-08-27 | 2013-12-25 | 北京智谷睿拓技术服务有限公司 | Mobile equipment and method for setting external network service through mobile equipment |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| CN104836785A (en) * | 2014-02-07 | 2015-08-12 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN104836785B (en) * | 2014-02-07 | 2019-09-27 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN105007579A (en) * | 2014-04-24 | 2015-10-28 | 中国移动通信集团广东有限公司 | Wireless local area network access authentication method and terminal |
| CN105007579B (en) * | 2014-04-24 | 2019-03-15 | 中国移动通信集团广东有限公司 | A wireless local area network access authentication method and terminal |
| WO2016045359A1 (en) * | 2014-09-26 | 2016-03-31 | 中兴通讯股份有限公司 | Authentication method, wireless router and computer storage medium |
| CN104270759A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Equipment for detecting wireless network invasion |
| CN104320781A (en) * | 2014-11-27 | 2015-01-28 | 上海斐讯数据通信技术有限公司 | Verifying method and system for mobile terminal |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| CN106686590A (en) * | 2015-11-10 | 2017-05-17 | 中兴通讯股份有限公司 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
| WO2016184208A1 (en) * | 2015-11-10 | 2016-11-24 | 中兴通讯股份有限公司 | Limited terminal identification and processing method, apparatus, and wireless access point device |
| CN106451629A (en) * | 2016-10-31 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Method for router wireless charging with specified MAC address and router device |
| CN106451629B (en) * | 2016-10-31 | 2019-10-25 | 上海斐讯数据通信技术有限公司 | The method and router apparatus of the router wireless charging of specified MAC Address |
| CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
| CN108471613A (en) * | 2018-03-28 | 2018-08-31 | 湖南东方华龙信息科技有限公司 | The verification method of wireless router |
| CN108900306A (en) * | 2018-07-02 | 2018-11-27 | 四川斐讯信息技术有限公司 | A kind of production method and system of wireless router digital certificate |
| CN112468356A (en) * | 2019-09-09 | 2021-03-09 | 北京奇虎科技有限公司 | Router interface testing method and device, electronic equipment and storage medium |
| CN112468356B (en) * | 2019-09-09 | 2023-11-03 | 北京奇虎科技有限公司 | Router interface test methods, devices, electronic equipment and storage media |
| CN111010371A (en) * | 2019-11-15 | 2020-04-14 | 广东电力信息科技有限公司 | Method for realizing stable terminal access based on ipv6 automatic configuration |
| CN112637128A (en) * | 2020-11-25 | 2021-04-09 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN112637128B (en) * | 2020-11-25 | 2022-07-08 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN113630405A (en) * | 2021-07-30 | 2021-11-09 | 北京达佳互联信息技术有限公司 | Network access authentication method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103079200B (en) | 2016-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103079200B (en) | The authentication method of a kind of wireless access, system and wireless router | |
| CN101189827B (en) | Method for comprehensively authenticating and managing service provider, terminal and user identity module, and system and terminal using the method | |
| CN103595530B (en) | Software secret key updating method and device | |
| CN103532713B (en) | Sensor authentication and shared key production method and system and sensor | |
| CN105828332B (en) | improved method of wireless local area network authentication mechanism | |
| US10594479B2 (en) | Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device | |
| CN109495445A (en) | Identity identifying method, device, terminal, server and medium based on Internet of Things | |
| KR102219086B1 (en) | HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems | |
| WO2014158736A1 (en) | Provisioning sensitive data into third party network-enabled devices | |
| KR101675332B1 (en) | Data commincaiton method for vehicle, Electronic Control Unit and system thereof | |
| CN101588245A (en) | A kind of method of authentication, system and memory device | |
| CN111163470B (en) | Core network element communication method and device, computer storage medium and electronic equipment | |
| KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
| KR101531662B1 (en) | Method and system for mutual authentication between client and server | |
| CN101296083A (en) | An encrypted data transmission method and system | |
| CN110545252A (en) | A method for authentication and information protection, a terminal, a control function entity, and an application server | |
| CN106027251A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system | |
| CN112487380A (en) | Data interaction method, device, equipment and medium | |
| CN104243452A (en) | Method and system for cloud computing access control | |
| KR101979157B1 (en) | Non-address network equipment and communication security system using it | |
| CN108712364A (en) | A kind of safety defense system and method for SDN network | |
| WO2015180399A1 (en) | Authentication method, device, and system | |
| KR20170032210A (en) | Data commincaiton method for vehicle, Electronic Control Unit and system thereof | |
| CN108400967B (en) | A kind of authentication method and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |