[go: up one dir, main page]

HK1227217B - Access method and access device - Google Patents

Access method and access device Download PDF

Info

Publication number
HK1227217B
HK1227217B HK17100789.6A HK17100789A HK1227217B HK 1227217 B HK1227217 B HK 1227217B HK 17100789 A HK17100789 A HK 17100789A HK 1227217 B HK1227217 B HK 1227217B
Authority
HK
Hong Kong
Prior art keywords
shared key
sta
temporary pre
mic
temporary
Prior art date
Application number
HK17100789.6A
Other languages
Chinese (zh)
Other versions
HK1227217A (en
HK1227217A1 (en
Inventor
朴云
刘智勇
姚迪狄
胡晓虎
Original Assignee
斑马智行网络(香港)有限公司
Filing date
Publication date
Application filed by 斑马智行网络(香港)有限公司 filed Critical 斑马智行网络(香港)有限公司
Publication of HK1227217A publication Critical patent/HK1227217A/en
Publication of HK1227217A1 publication Critical patent/HK1227217A1/en
Publication of HK1227217B publication Critical patent/HK1227217B/en

Links

Description

一种接入方法及装置Access method and device

技术领域Technical Field

本申请涉及网络技术领域,尤其涉及一种接入方法及装置。The present application relates to the field of network technology, and in particular to an access method and device.

背景技术Background Art

家庭无线网络中一般都使用预共享密钥(Pre-shared key,PSK)作为网络访问的密钥。这种密钥的优点是配置简单,使用方便,但由于所有访问同一家庭网络的设备使用相同的PSK,导致安全性较低。比如,当家里来了访客,需要使用无线局域网络(WirelessLocal Area Networks,WLAN)时,需要将密码告知访客,访客一旦有了共享密钥就有可能破解使用同一家庭网络的其它用户的无线传输报文,从而导致通信安全性较低。Home wireless networks typically use a pre-shared key (PSK) as the network access key. This key scheme offers advantages such as ease of configuration and ease of use. However, since all devices accessing the same home network use the same PSK, security is compromised. For example, if a visitor wishes to use the wireless local area network (WLAN), the password must be shared with the visitor. However, once the visitor has the shared key, they could potentially decrypt wireless transmissions from other users on the same home network, compromising communication security.

为了提高家庭网络密钥的安全性,业界提出了基于认证服务器的安全验证方式,但是这种方式需要架设专有的认证服务器,对于家庭或者小公司来说,架设和维护成本较高,且在无线终端也需要复杂的配置。To improve the security of home network keys, the industry has proposed a security verification method based on an authentication server. However, this method requires the establishment of a dedicated authentication server. For families or small companies, the installation and maintenance costs are high, and complex configuration is also required on wireless terminals.

综上,目前在不部署认证服务器的情况下,所有用户使用相同的PSK访问同一家庭无线网络的访问安全性较低。In summary, without deploying an authentication server, the access security of all users using the same PSK to access the same home wireless network is low.

发明内容Summary of the Invention

本申请实施例提供一种接入方法及装置,用以解决家庭网络的访问安全性较低的问题。The embodiments of the present application provide an access method and device to solve the problem of low access security of a home network.

本申请实施例提供的一种接入方法包括:An access method provided in an embodiment of the present application includes:

接入点AP接收第一无线终端STA请求接入时发送的信息完整性校验码MIC;The access point AP receives the information integrity check code MIC sent by the first wireless terminal STA when requesting access;

所述AP判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;The AP determines whether the MIC generated based on the common pre-shared key is consistent with the MIC sent by the first STA;

若不一致,则判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,允许所述第一STA接入。If they are inconsistent, it is determined whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA. After determining that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, the first STA is allowed to access.

可选地,所述AP在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,允许所述第一STA接入之前,还包括:Optionally, after the AP determines that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, before allowing the first STA to access, the AP further includes:

所述AP确定所述临时预共享密钥未被除所述第一STA之外的STA用来生成MIC。The AP determines that the temporary pre-shared key is not used by STAs other than the first STA to generate a MIC.

可选地,所述AP判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,包括:Optionally, the AP determining whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA includes:

所述AP将保存的临时预共享密钥列表中的每个临时预共享密钥依次与第一STA发送的MIC进行匹配,若查找到匹配第一STA发送的MIC的临时预共享密钥,则确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥。The AP matches each temporary pre-shared key in the stored temporary pre-shared key list with the MIC sent by the first STA in sequence. If a temporary pre-shared key matching the MIC sent by the first STA is found, it is determined that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA.

可选地,所述方法还包括:Optionally, the method further includes:

针对任一临时预共享密钥,若所述AP确定所述任一临时预共享密钥在第一有效期内未被使用,则将所述任一临时预共享密钥设为无效;和/或,若所述AP确定当前与所述任一临时预共享密钥的生成时间之间的时长超过第二有效期,则将所述任一临时预共享密钥设为无效。For any temporary pre-shared key, if the AP determines that any temporary pre-shared key has not been used within the first validity period, the any temporary pre-shared key is set to invalid; and/or, if the AP determines that the time between the current time and the generation time of any temporary pre-shared key exceeds the second validity period, the any temporary pre-shared key is set to invalid.

可选地,所述AP接收第一无线终端STA请求接入时发送的信息完整性校验码MIC之前,还包括:Optionally, before the AP receives the information integrity check code MIC sent by the first wireless terminal STA when requesting access, the method further includes:

所述AP接收采用所述通用预共享密钥接入所述AP的第二STA发送的所述临时预共享密钥。The AP receives the temporary pre-shared key sent by a second STA that uses the universal pre-shared key to access the AP.

本发明另一实施例提供一种接入方法,包括:Another embodiment of the present invention provides an access method, including:

第二无线终端STA配置临时预共享密钥;所述临时预共享密钥用于第一STA生成完整性校验码MIC,所述MIC用于接入点AP对所述第一STA进行正确性验证;The second wireless terminal STA configures a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate an integrity check code MIC, and the MIC is used by the access point AP to verify the correctness of the first STA;

所述第二STA采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给接入点AP;所述临时预共享密钥与所述通用预共享密钥不同。The second STA uses a universal pre-shared key to access the AP, and sends the configured temporary pre-shared key to the access point AP; the temporary pre-shared key is different from the universal pre-shared key.

可选地,第二无线终端STA配置临时预共享密钥,包括:Optionally, the second wireless terminal STA configures a temporary pre-shared key, including:

所述第二STA接收用户输入的临时预共享密钥;或者,所述第二STA随机生成临时预共享密钥。The second STA receives a temporary pre-shared key input by a user; or the second STA randomly generates a temporary pre-shared key.

可选地,所述方法还包括:Optionally, the method further includes:

所述第二STA将配置的所述临时预共享密钥的第一有效期和/或第二有效期发送给所述AP;所述第一有效期和/或第二有效期用于确定所述临时预共享密钥的有效性,若所述临时预共享密钥在所述第一有效期内未被使用,则被设为无效,若当前与接收到所述临时预共享密钥的时间之间的时长超过第二有效期,则所述临时预共享密钥被设为无效。The second STA sends the configured first validity period and/or second validity period of the temporary pre-shared key to the AP; the first validity period and/or the second validity period are used to determine the validity of the temporary pre-shared key. If the temporary pre-shared key is not used within the first validity period, it is set to invalid. If the duration between the current time and the time when the temporary pre-shared key is received exceeds the second validity period, the temporary pre-shared key is set to invalid.

本发明实施例提供一种接入装置,包括:An embodiment of the present invention provides an access device, including:

接收模块,用于接收第一无线终端STA请求接入时发送的信息完整性校验码MIC;A receiving module, configured to receive a message integrity check code MIC sent by a first wireless terminal STA when requesting access;

判断模块,用于判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;若不一致,则判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥;a judgment module, configured to judge whether the MIC generated based on the universal pre-shared key is consistent with the MIC sent by the first STA; if they are inconsistent, judging whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA;

接入模块,用于在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,允许所述第一STA接入。The access module is configured to allow the first STA to access after determining that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA.

本发明另一实施例提供一种接入装置,包括:Another embodiment of the present invention provides an access device, including:

配置模块,用于配置临时预共享密钥;所述临时预共享密钥用于第一STA生成完整性校验码MIC,所述MIC用于接入点AP对所述第一STA进行正确性验证;A configuration module is configured to configure a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate an integrity check code MIC, and the MIC is used by the access point AP to verify the correctness of the first STA;

发送模块,用于采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给接入点AP;所述临时预共享密钥与所述通用预共享密钥不同。The sending module is configured to access the AP using a universal pre-shared key and send the configured temporary pre-shared key to the access point AP; the temporary pre-shared key is different from the universal pre-shared key.

采用上述方法或装置,可以为临时访问家庭网络的第一STA分配临时预共享密钥,AP在基于通用预共享密钥对第一STA发送的MIC进行正确性验证不通过后,若采用临时预共享密钥对该MIC进行正确性验证通过,则可以允许该第一STA访问家庭网络,从而不必将自用的通用预共享密钥发送给第一STA,在无需部署认证服务器的前提下,提高了家庭网络的访问安全性。By using the above method or device, a temporary pre-shared key can be assigned to the first STA that temporarily accesses the home network. After the AP fails to verify the correctness of the MIC sent by the first STA based on the universal pre-shared key, if the AP verifies the correctness of the MIC using the temporary pre-shared key, the first STA can be allowed to access the home network, thereby eliminating the need to send the universal pre-shared key for its own use to the first STA. This improves the access security of the home network without deploying an authentication server.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本申请实施例一提供的接入方法流程图;FIG1 is a flow chart of an access method provided in Example 1 of the present application;

图2为本申请实施例二提供的接入方法流程图;FIG2 is a flow chart of an access method provided in Example 2 of the present application;

图3为本申请实施例三提供的接入方法流程图;FIG3 is a flow chart of an access method provided in Example 3 of the present application;

图4为本申请实施例四提供的接入装置结构示意图;FIG4 is a schematic diagram of the structure of an access device provided in Example 4 of the present application;

图5为本申请实施例五提供的接入装置结构示意图。FIG5 is a schematic diagram of the structure of the access device provided in Example 5 of the present application.

具体实施方式DETAILED DESCRIPTION

本申请实施例的基本思想是:为家庭无线网络设置通用预共享密钥和临时预共享密钥两种类型的密钥,这两类密钥都属于预共享密钥(Pre-shared key,PSK)。在保护无线接入(Wi-Fi Protected Access,WPA personal)网络中,PSK即为成对主密钥(pairwisemaster key,PMK)。比如,拥有家庭网络控制使用权的用户可以使用通用预共享密钥访问家庭网络,可以将临时预共享密钥通知给访客,访客使用该临时预共享密钥访问家庭网络。在具体实施中,接入点(Access Ponit,AP)在接收到第一无线终端(Station,STA)请求接入时发送的信息完整性校验码(Message Integrity Code,MIC)后,先采用通用预共享密钥对该MIC进行正确性验证(即判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致),若验证不通过(即确定基于通用预共享密钥生成的MIC与所述第一STA发送的MIC不一致),再判断是否存在匹配该第一STA发送的MIC的临时预共享密钥,若存在,则允许该第一STA接入。The basic idea of the embodiments of the present application is to set two types of keys for a home wireless network: a universal pre-shared key and a temporary pre-shared key. Both types of keys are pre-shared keys (PSK). In a Wi-Fi Protected Access (WPA personal) network, the PSK is a pairwise master key (PMK). For example, a user with control access rights to a home network can use a universal pre-shared key to access the home network, and can notify a guest of the temporary pre-shared key, which the guest then uses to access the home network. In a specific implementation, after receiving a message integrity code (MIC) sent by a first wireless terminal (STA) when requesting access, the access point (AP) first uses the universal pre-shared key to verify the correctness of the MIC (i.e., to determine whether the MIC generated based on the universal pre-shared key is consistent with the MIC sent by the first STA). If the verification fails (i.e., it is determined that the MIC generated based on the universal pre-shared key is inconsistent with the MIC sent by the first STA), it is then determined whether there is a temporary pre-shared key that matches the MIC sent by the first STA. If so, the first STA is allowed access.

采用本申请实施例,可以为临时访问家庭网络的第一STA分配临时预共享密钥,AP在基于通用预共享密钥对第一STA发送的MIC进行正确性验证不通过后,若采用临时预共享密钥对该MIC进行正确性验证通过,则可以允许该第一STA访问家庭网络,从而不必将自用的通用预共享密钥发送给第一STA,从而在无需部署认证服务器的前提下,提高了家庭网络的访问安全性。By using the embodiment of the present application, a temporary pre-shared key can be assigned to the first STA that temporarily accesses the home network. After the AP fails to verify the correctness of the MIC sent by the first STA based on the universal pre-shared key, if the AP verifies the correctness of the MIC using the temporary pre-shared key, the first STA can be allowed to access the home network, thereby eliminating the need to send the universal pre-shared key for its own use to the first STA, thereby improving the access security of the home network without deploying an authentication server.

下面结合说明书附图对本申请实施例作进一步详细描述。The embodiments of the present application are described in further detail below with reference to the accompanying drawings.

实施例一Example 1

如图1所示,为本申请实施例一提供的接入方法流程图,包括以下步骤:As shown in FIG1 , a flowchart of the access method provided in Example 1 of the present application includes the following steps:

S101:AP接收第一STA请求接入时发送的MIC。S101: The AP receives a MIC sent by a first STA when requesting access.

这里,第一STA在请求接入时,与AP之间执行四次握手,第一次握手时,AP向第一STA发送的报文中包括一组随机数(为AP的认证功能模块authenticator生成的随机数(ANounce))和AP的媒体接入控制(Media Access Control,MAC)地址。之后,第一STA也生成一组随机数(为STA的认证客户端supplicant生成的随机数(SNounce));此时,第一STA可以基于SNounce、ANounce、AP的MAC地址、第一STA的MAC地址和预共享密钥(Pre-shared key,PSK)生成成对临时密钥(Pairwise Transient Key,PTK),该PTK用于后续对第一STA的通信内容进行加密和进行完整性验证。When a first STA requests access, it performs a four-way handshake with the AP. During the first handshake, the AP sends a message to the first STA containing a random number (ANounce, generated by the AP's authenticator) and the AP's Media Access Control (MAC) address. The first STA then generates a random number (SNounce, generated by the STA's supplicant). Based on the SNounce, ANounce, the AP's MAC address, the first STA's MAC address, and a pre-shared key (PSK), the first STA generates a pairwise transient key (PTK). This PTK is used to encrypt and verify the integrity of the first STA's communications.

第一STA基于PSK生成保证信息传输完整性的检验码MIC。如果该第一STA并不是拥有家庭网络的控制权的用户所使用的无线终端,比如是家庭中的访客的无线终端,则该第一STA生成MIC所使用的PSK为拥有家庭网络的控制权的用户所通知的临时预共享密钥。在第二次握手时,第一STA将SNounce、自己的MAC地址以及生成的MIC发送给AP。此时,AP可以基于SNounce、ANounce、AP的MAC地址、第一STA的MAC地址和PSK生成PTK。AP使用通用预共享密钥(即拥有家庭网络的控制权的用户在需要接入网络时所使用的PSK),基于下述步骤S102,对该第一STA发送的MIC进行正确性验证。在第三次握手时,AP向第一STA发送有效性响应,在第四次握手时,第一STA向AP回复确认(Acknowledgement,ACK)信息,双方正式建立起通信连接;之后,双方基于PTK和全局加密密钥(Group Transient Key,GTK)对通信报文进行加密后传输;该GTK是由AP生成的,AP采用该GTK加密所有与它建立关联的STA的通信报文。The first STA generates a verification code MIC based on the PSK to ensure the integrity of information transmission. If the first STA is not a wireless terminal used by the user who has control over the home network, such as a wireless terminal of a visitor in the home, the PSK used by the first STA to generate the MIC is a temporary pre-shared key notified by the user who has control over the home network. During the second handshake, the first STA sends SNounce, its own MAC address and the generated MIC to the AP. At this time, the AP can generate a PTK based on SNounce, ANounce, the MAC address of the AP, the MAC address of the first STA and the PSK. The AP uses a universal pre-shared key (that is, the PSK used by the user who has control over the home network when he needs to access the network) to verify the correctness of the MIC sent by the first STA based on the following step S102. During the third handshake, the AP sends a validity response to the first STA. During the fourth handshake, the first STA replies with an Acknowledgement (ACK) message to the AP, and the two parties formally establish a communication connection. After that, the two parties encrypt the communication messages based on the PTK and the global encryption key (Group Transient Key, GTK) before transmission. The GTK is generated by the AP, and the AP uses the GTK to encrypt the communication messages of all STAs associated with it.

S102:AP判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致,如果一致,则进入S104,否则进入S103。S102: The AP determines whether the MIC generated based on the universal pre-shared key is consistent with the MIC sent by the first STA. If they are consistent, the process proceeds to S104; otherwise, the process proceeds to S103.

该步骤中,AP使用第二STA之前注册的通用预共享密钥,基于预设算法生成MIC,比较AP生成的MIC与第一STA发送的MIC是否一致,如果一致,则确认对第一STA进行正确性验证通过。In this step, the AP uses the universal pre-shared key previously registered by the second STA to generate a MIC based on a preset algorithm, and compares the MIC generated by the AP with the MIC sent by the first STA to see if they are consistent. If they are consistent, the AP confirms that the correctness verification of the first STA has passed.

S103:AP判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,若确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,则进入S104,否则,进入S105。S103: The AP determines whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA. If it is determined that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, the process proceeds to S104; otherwise, the process proceeds to S105.

该步骤中,AP将保存的临时预共享密钥(Temporary PSK,TPSK)列表中的每个TPSK依次与第一STA发送的MIC进行匹配(也即依次根据每个TPSK生成MIC,判断生成的MIC是否为第一STA发送的MIC),若查找到匹配第一STA发送的MIC的临时预共享密钥,则确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,也即确定对第一STA进行正确性验证通过,则允许该第一STA接入。In this step, the AP matches each TPSK in the saved temporary pre-shared key (Temporary PSK, TPSK) list with the MIC sent by the first STA in turn (that is, generates a MIC according to each TPSK in turn, and determines whether the generated MIC is the MIC sent by the first STA). If a temporary pre-shared key that matches the MIC sent by the first STA is found, it is determined that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, that is, it is determined that the correctness verification of the first STA is passed, and the first STA is allowed to access.

这里,AP中保存的临时预共享密钥可以是由用户主动配置的,也可以是由无线终端或AP随机生成的。优选地,AP接收采用所述通用预共享密钥接入该AP的第二STA发送的临时预共享密钥;也即,拥有家庭网络控制权的用户采用没有使用限制的通用预共享密钥接入AP后,将用户配置的或随机生成的临时预共享密钥发送给AP。Here, the temporary pre-shared key stored in the AP can be actively configured by the user or randomly generated by the wireless terminal or the AP. Preferably, the AP receives the temporary pre-shared key sent by a second STA that accesses the AP using the universal pre-shared key; that is, after a user with control rights to the home network accesses the AP using the universal pre-shared key without usage restrictions, the user-configured or randomly generated temporary pre-shared key is sent to the AP.

S104:允许所述第一STA接入;S104: Allow the first STA to access;

S105:拒绝所述第一STA接入。S105: Deny access to the first STA.

可选地,所述AP在确定存在能够用于生成第一STA发送的MIC的临时预共享密钥后,允许所述第一STA接入之前,还包括:Optionally, after the AP determines that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, before allowing the first STA to access, the AP further includes:

所述AP确定所述临时预共享密钥未被除所述第一STA之外的STA用来生成MIC。The AP determines that the temporary pre-shared key is not used by STAs other than the first STA to generate a MIC.

在具体实施过程中,为了进一步保证家庭网络访问的安全性,可以设置每个TPSK只能被一个STA所使用。AP在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,可以首先判断该临时预共享密钥是否未被除第一STA之外的STA用来生成MIC,如果未被除第一STA之外的STA所使用,则允许该第一STA接入,并将该TPSK与该第一STA进行绑定,后续第一STA可以继续使用该TPSK访问网络,而其它STA不能再使用该TPSK。具体地,将该TPSK与该第一STA进行绑定可以是在临时预共享密钥列表中添加与该TPSK对应的第一STA的MAC地址,后续通过比较MAC地址判断该TPSK是否已被绑定。During implementation, to further ensure the security of home network access, each TPSK can be set to be used by only one STA. After determining the existence of a temporary pre-shared key that can be used to generate the MIC sent by the first STA, the AP can first determine whether the temporary pre-shared key has not been used by STAs other than the first STA to generate the MIC. If it has not been used by STAs other than the first STA, the first STA is allowed access and the TPSK is bound to the first STA. Subsequently, the first STA can continue to use the TPSK to access the network, while other STAs can no longer use the TPSK. Specifically, binding the TPSK to the first STA can include adding the MAC address of the first STA corresponding to the TPSK to the temporary pre-shared key list, and then determining whether the TPSK has been bound by comparing the MAC addresses.

可选地,所述方法还包括:Optionally, the method further includes:

针对任一临时预共享密钥,若所述AP确定所述任一临时预共享密钥在第一有效期内未被使用,则将所述任一临时预共享密钥设为无效;和/或,若所述AP确定当前与所述任一临时预共享密钥的生成时间之间的时长超过第二有效期,则将所述任一临时预共享密钥设为无效。For any temporary pre-shared key, if the AP determines that any temporary pre-shared key has not been used within the first validity period, the any temporary pre-shared key is set to invalid; and/or, if the AP determines that the time between the current time and the generation time of any temporary pre-shared key exceeds the second validity period, the any temporary pre-shared key is set to invalid.

在具体实施过程中,为了进一步保证家庭网络访问的安全性,可以设置每个TPSK使用的第一有效期和第二有效期,若临时预共享密钥在第一有效期内未被使用,则将该临时预共享密钥视为无效,将其从TPSK列表中删除,以避免该TPSK被非法利用,在超过第二有效期后,不管该临时预共享密钥是否被使用,都将被设为无效。During the specific implementation process, in order to further ensure the security of home network access, the first validity period and second validity period can be set for each TPSK. If the temporary pre-shared key is not used within the first validity period, the temporary pre-shared key will be deemed invalid and deleted from the TPSK list to prevent the TPSK from being illegally used. After the second validity period, regardless of whether the temporary pre-shared key is used, it will be set to invalid.

实施例二Example 2

本申请实施例二与上述实施例一中的一种可选的实施方式对应。Embodiment 2 of the present application corresponds to an optional implementation manner in the above-mentioned embodiment 1.

如图2所示,为本申请实施例二提供的接入方法流程图,包括以下步骤:As shown in FIG2 , the access method flow chart provided in the second embodiment of the present application includes the following steps:

S201:第二STA配置临时预共享密钥;所述临时预共享密钥用于第一STA生成MIC,所述MIC用于AP对第一STA进行正确性验证。S201: The second STA configures a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate a MIC, and the MIC is used by the AP to verify the correctness of the first STA.

该步骤中,第二STA可以接收用户输入的临时预共享密钥TPSK;或者,随机生成TPSK,比如基于预设的规则(如限定8~63个美国信息交换标准代码ASCII字符)生成TPSK。In this step, the second STA may receive a temporary pre-shared key TPSK input by the user; or randomly generate the TPSK, for example, based on a preset rule (such as limiting the TPSK to 8 to 63 ASCII characters).

在具体实施过程中,为了进一步保证家庭网络的安全性,第二STA可以配置TPSK的第一有效期和/或第二有效期,具体地,第二STA可以接收用户输入的TPSK的第一有效期和/或第二有效期,并将用户设置的TPSK的第一有效期和/或第二有效期发送给所述AP;这里,第一有效期和/或第二有效期用于确定所述TPSK的有效性,若所述TPSK在所述第一有效期内(比如设为60秒)未被使用,则被设为无效,若当前与接收到所述TPSK的时间之间的时长超过第二有效期(比如设为1天),则该TPSK被设为无效。During the specific implementation process, in order to further ensure the security of the home network, the second STA can configure the first validity period and/or second validity period of the TPSK. Specifically, the second STA can receive the first validity period and/or second validity period of the TPSK input by the user, and send the first validity period and/or second validity period of the TPSK set by the user to the AP; here, the first validity period and/or the second validity period are used to determine the validity of the TPSK. If the TPSK is not used within the first validity period (for example, set to 60 seconds), it is set to invalid. If the time between the current time and the time when the TPSK is received exceeds the second validity period (for example, set to 1 day), the TPSK is set to invalid.

S202:第二STA采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给AP;所述临时预共享密钥与所述通用预共享密钥不同。S202: The second STA uses a universal pre-shared key to access the AP, and sends the configured temporary pre-shared key to the AP; the temporary pre-shared key is different from the universal pre-shared key.

该步骤中,第二STA基于通用PSK生成MIC,在四次握手过程中发送给AP,AP对该MIC进行正确性验证通过后,允许该第二STA接入。第二STA在接入AP后,将用户设置的TPSK发送给AP,AP将其保存在TPSK列表中。In this step, the second STA generates a MIC based on the universal PSK and sends it to the AP during the four-way handshake. After the AP verifies the correctness of the MIC, it allows the second STA to access. After the second STA accesses the AP, it sends the user-set TPSK to the AP, which saves it in the TPSK list.

实施例三Example 3

如图3所示,为本申请实施例三提供的接入方法流程图,包括以下步骤:As shown in FIG3 , the access method flow chart provided in the third embodiment of the present application includes the following steps:

S301:第二STA采用通用预共享密钥接入AP,并将配置的临时预共享密钥,以及该临时预共享密钥的第一有效期和第二有效期发送给AP。S301: A second STA uses a universal pre-shared key to access an AP, and sends a configured temporary pre-shared key, as well as a first validity period and a second validity period of the temporary pre-shared key to the AP.

这里,所述第一有效期用于所述AP接收所述第二STA发送的临时预共享密钥后,若确定所述临时预共享密钥在所述第一有效期内未被使用,则将所述临时预共享密钥设为无效;所述第二有效期用于所述AP接收所述第二STA发送的临时预共享密钥后,若确定当前与接收到该临时预共享密钥的时间之间的时长超过第二有效期,则将所述临时预共享密钥设为无效。Here, the first validity period is used for the AP to receive the temporary pre-shared key sent by the second STA. If it is determined that the temporary pre-shared key has not been used within the first validity period, the temporary pre-shared key is set to invalid; the second validity period is used for the AP to receive the temporary pre-shared key sent by the second STA. If it is determined that the duration between the current time and the time when the temporary pre-shared key was received exceeds the second validity period, the temporary pre-shared key is set to invalid.

这里的通用预共享密钥也是由第二STA配置的。所谓采用通用预共享密钥接入AP是指基于通用预共享密钥生成MIC发送给AP,AP对其进行正确性验证通过后,允许第二STA接入。The universal pre-shared key is also configured by the second STA. Using the universal pre-shared key to access the AP means generating a MIC based on the universal pre-shared key and sending it to the AP. After the AP verifies its correctness, it allows the second STA to access.

S302:AP接收第一STA请求接入时发送的MIC。S302: The AP receives the MIC sent by the first STA when requesting access.

S303:AP判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;若一致,则进入S304,否则进入S305。S303: The AP determines whether the MIC generated based on the universal pre-shared key is consistent with the MIC sent by the first STA; if they are consistent, the process proceeds to S304; otherwise, the process proceeds to S305.

S304:AP允许第一STA接入。S304: The AP allows the first STA to access.

S305:AP判断是否存在能够用于生成第一STA发送的MIC的临时预共享密钥,若确定存在,则进入S306,否则,进入S308。S305: The AP determines whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA. If it is determined that there is, the process proceeds to S306; otherwise, the process proceeds to S308.

S306:判断所述临时预共享密钥是否被除所述第一STA之外的STA用来生成MIC,若不是,则进入S307,否则,进入S308。S306: Determine whether the temporary pre-shared key is used by a STA other than the first STA to generate a MIC. If not, proceed to S307; otherwise, proceed to S308.

S307:AP允许第一STA接入,并将该第一STA与所述临时预共享密钥进行绑定。S307: The AP allows the first STA to access, and binds the first STA with the temporary pre-shared key.

比如,查看临时预共享密钥列表中,该临时预共享密钥是否与除第一STA之外的其它STA进行了绑定,若是,则拒绝该第一STA接入,否则,可以允许该第一STA接入。所谓绑定是指该临时预共享密钥只能被该第一STA所使用。For example, the temporary pre-shared key list is checked to see if the temporary pre-shared key is bound to any STA other than the first STA. If so, the first STA is denied access; otherwise, the first STA is allowed access. Binding means that the temporary pre-shared key can only be used by the first STA.

S308:AP拒绝第一STA接入。S308: The AP rejects the access of the first STA.

基于同一发明构思,本申请实施例中还提供了一种与接入方法对应的接入装置,由于该装置解决问题的原理与本申请实施例的接入方法相似,因此该装置的实施可以参见方法的实施,重复之处不再赘述。Based on the same inventive concept, an access device corresponding to the access method is also provided in an embodiment of the present application. Since the principle of solving the problem by the device is similar to that of the access method in the embodiment of the present application, the implementation of the device can refer to the implementation of the method, and the repeated parts will not be repeated.

实施例四Example 4

如图4所示,为本申请实施例四提供的接入装置结构示意图,包括:As shown in FIG4 , a schematic diagram of the access device structure provided in the fourth embodiment of the present application includes:

接收模块41,用于接收第一无线终端STA请求接入时发送的信息完整性校验码MIC;The receiving module 41 is configured to receive a message integrity check code MIC sent by a first wireless terminal STA when requesting access;

判断模块42,用于判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;若不一致,则判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥;a determination module 42, configured to determine whether the MIC generated based on the universal pre-shared key is consistent with the MIC sent by the first STA; if not, determining whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA;

接入模块43,用于在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,允许所述第一STA接入。The access module 43 is configured to allow the first STA to access after determining that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA.

可选地,所述接入模块43具体用于:在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,若确定所述临时预共享密钥未被除所述第一STA之外的STA用来生成MIC,则允许所述第一STA接入。Optionally, the access module 43 is specifically used to: after determining that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, if it is determined that the temporary pre-shared key is not used by STA other than the first STA to generate MIC, allow the first STA to access.

可选地,所述判断模块42具体用于:Optionally, the judgment module 42 is specifically configured to:

将保存的临时预共享密钥列表中的每个临时预共享密钥依次与第一STA发送的MIC进行匹配,若查找到匹配第一STA发送的MIC的临时预共享密钥,则确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥。Each temporary pre-shared key in the saved temporary pre-shared key list is matched with the MIC sent by the first STA in turn. If a temporary pre-shared key that matches the MIC sent by the first STA is found, it is determined that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA.

可选地,所述装置还包括:Optionally, the device further comprises:

无效模块44,用于针对任一临时预共享密钥,若确定所述任一临时预共享密钥在第一有效期内未被使用,则将所述任一临时预共享密钥设为无效;和/或,若确定当前与所述任一临时预共享密钥的生成时间之间的时长超过第二有效期,则将所述任一临时预共享密钥设为无效。The invalidation module 44 is configured to invalidate any temporary pre-shared key if it is determined that the temporary pre-shared key has not been used within the first validity period; and/or invalidate any temporary pre-shared key if it is determined that the time between the current time and the generation time of the temporary pre-shared key exceeds the second validity period.

可选地,所述接收模块41还用于,在接收第一无线终端STA请求接入时发送的信息完整性校验码MIC之前,接收采用所述通用预共享密钥接入所述AP的第二STA发送的所述临时预共享密钥。Optionally, the receiving module 41 is further configured to, before receiving the information integrity check code MIC sent by the first wireless terminal STA when requesting access, receive the temporary pre-shared key sent by the second STA that uses the universal pre-shared key to access the AP.

实施例五Example 5

如图5所示,为本申请实施例五提供的接入装置结构示意图,包括:As shown in FIG5 , a schematic diagram of the access device structure provided in Example 5 of the present application includes:

配置模块51,用于配置临时预共享密钥;所述临时预共享密钥用于第一STA生成完整性校验码MIC,所述MIC用于接入点AP对所述第一STA进行正确性验证;A configuration module 51 is configured to configure a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate an integrity check code MIC, and the MIC is used by the access point AP to verify the correctness of the first STA;

发送模块52,用于采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给接入点AP;所述临时预共享密钥与所述通用预共享密钥不同。The sending module 52 is configured to access the AP using a universal pre-shared key and send the configured temporary pre-shared key to the access point AP; the temporary pre-shared key is different from the universal pre-shared key.

可选地,所述配置模块51具体用于:Optionally, the configuration module 51 is specifically configured to:

接收用户输入的临时预共享密钥;或者,随机生成临时预共享密钥。Receive a temporary pre-shared key entered by the user; or randomly generate a temporary pre-shared key.

可选地,所述发送模块52还用于:Optionally, the sending module 52 is further configured to:

将配置的所述临时预共享密钥的第一有效期和/或第二有效期发送给所述AP;所述第一有效期和/或第二有效期用于确定所述临时预共享密钥的有效性,若所述临时预共享密钥在所述第一有效期内未被使用,则被设为无效,若当前与接收到所述临时预共享密钥的时间之间的时长超过第二有效期,则所述临时预共享密钥被设为无效。The configured first validity period and/or second validity period of the temporary pre-shared key is sent to the AP; the first validity period and/or the second validity period are used to determine the validity of the temporary pre-shared key. If the temporary pre-shared key is not used within the first validity period, it is set to invalid. If the duration between the current time and the time when the temporary pre-shared key is received exceeds the second validity period, the temporary pre-shared key is set to invalid.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application can adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment in combination with software and hardware. Moreover, the present application can adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to magnetic disk storage, CD-ROM, optical storage, etc.) that contain computer-usable program code.

本申请是参照根据本申请实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to the flowchart and/or block diagram of the method, device (system), and computer program product according to the embodiment of the present application. It should be understood that each process and/or box in the flowchart and/or block diagram, and the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the function specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to operate in a specific manner, so that the instructions stored in the computer-readable memory produce a product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device so that a series of operating steps are executed on the computer or other programmable device to produce a computer-implemented process, so that the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。Although the preferred embodiments of the present application have been described, those skilled in the art may make additional changes and modifications to these embodiments once they have learned the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications that fall within the scope of the present application.

显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art may make various changes and modifications to this application without departing from the spirit and scope of this application. Thus, if these modifications and variations of this application fall within the scope of the claims of this application and their equivalents, this application is intended to include these modifications and variations.

Claims (14)

1.一种接入方法,其特征在于,该方法包括:1. An access method, characterized in that the method includes: 接入点AP接收第一无线终端STA请求接入时发送的信息完整性校验码MIC;The access point (AP) receives the information integrity check code (MIC) sent by the first wireless terminal (STA) when requesting access. 所述AP判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;The AP determines whether the MIC generated based on the general pre-shared key is consistent with the MIC sent by the first STA; 若不一致,则判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,若所述AP确定所述临时预共享密钥未被除所述第一STA之外的STA用来生成MIC,则允许所述第一STA接入。If there is a discrepancy, it is determined whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA. If it is determined that there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA, and if the AP determines that the temporary pre-shared key has not been used by any STA other than the first STA to generate the MIC, then the first STA is allowed to access. 2.如权利要求1所述的方法,其特征在于,所述AP判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥,包括:2. The method as described in claim 1, wherein the AP determines whether a temporary pre-shared key exists that can be used to generate the MIC sent by the first STA, comprising: 所述AP将保存的临时预共享密钥列表中的每个临时预共享密钥依次与第一STA发送的MIC进行匹配,若查找到匹配第一STA发送的MIC的临时预共享密钥,则确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥。The AP will sequentially match each temporary pre-shared key in the saved temporary pre-shared key list with the MIC sent by the first STA. If a temporary pre-shared key matching the MIC sent by the first STA is found, it is determined that there exists a temporary pre-shared key that can be used to generate the MIC sent by the first STA. 3.如权利要求1所述的方法,其特征在于,所述方法还包括:3. The method as described in claim 1, characterized in that the method further comprises: 针对任一临时预共享密钥,若所述AP确定所述任一临时预共享密钥在第一有效期内未被使用,则将所述任一临时预共享密钥设为无效;和/或,若所述AP确定当前与所述任一临时预共享密钥的生成时间之间的时长超过第二有效期,则将所述任一临时预共享密钥设为无效。For any temporary pre-shared key, if the AP determines that the temporary pre-shared key has not been used within the first validity period, then the temporary pre-shared key is set to invalid; and/or, if the AP determines that the time between the current time and the generation time of the temporary pre-shared key exceeds the second validity period, then the temporary pre-shared key is set to invalid. 4.如权利要求1~3任一所述的方法,其特征在于,所述AP接收第一无线终端STA请求接入时发送的信息完整性校验码MIC之前,还包括:4. The method as described in any one of claims 1 to 3, characterized in that, before the AP receives the Information Integrity Check Code (MIC) sent by the first wireless terminal STA when requesting access, it further includes: 所述AP接收采用所述通用预共享密钥接入所述AP的第二STA发送的所述临时预共享密钥。The AP receives the temporary pre-shared key sent by the second STA that accesses the AP using the general pre-shared key. 5.一种接入方法,其特征在于,该方法包括:5. An access method, characterized in that the method includes: 第二无线终端STA配置临时预共享密钥;所述临时预共享密钥用于第一STA生成完整性校验码MIC,所述MIC用于接入点AP对所述第一STA进行正确性验证;The second wireless terminal (STA) is configured with a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate an integrity check code (MIC), and the MIC is used by the access point (AP) to verify the correctness of the first STA. 所述第二STA采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给接入点AP;所述临时预共享密钥与所述通用预共享密钥不同。The second STA accesses the AP using a general pre-shared key and sends the configured temporary pre-shared key to the access point AP; the temporary pre-shared key is different from the general pre-shared key. 6.如权利要求5所述的方法,其特征在于,第二无线终端STA配置临时预共享密钥,包括:6. The method as described in claim 5, wherein configuring a temporary pre-shared key for the second wireless terminal STA includes: 所述第二STA接收用户输入的临时预共享密钥;或者,所述第二STA随机生成临时预共享密钥。The second STA receives a temporary pre-shared key input by the user; or, the second STA randomly generates a temporary pre-shared key. 7.如权利要求5或6所述的方法,其特征在于,所述方法还包括:7. The method as described in claim 5 or 6, characterized in that the method further comprises: 所述第二STA将配置的所述临时预共享密钥的第一有效期和/或第二有效期发送给所述AP;所述第一有效期和/或第二有效期用于确定所述临时预共享密钥的有效性,若所述临时预共享密钥在所述第一有效期内未被使用,则被设为无效,若当前与接收到所述临时预共享密钥的时间之间的时长超过第二有效期,则所述临时预共享密钥被设为无效。The second STA sends the configured first validity period and/or second validity period of the temporary pre-shared key to the AP; the first validity period and/or second validity period are used to determine the validity of the temporary pre-shared key. If the temporary pre-shared key is not used within the first validity period, it is set to invalid. If the time between the current time and the time when the temporary pre-shared key is received exceeds the second validity period, the temporary pre-shared key is set to invalid. 8.一种接入装置,其特征在于,该装置包括:8. An access device, characterized in that the device comprises: 接收模块,用于接收第一无线终端STA请求接入时发送的信息完整性校验码MIC;The receiving module is used to receive the information integrity check code (MIC) sent by the first wireless terminal (STA) when it requests access. 判断模块,用于判断基于通用预共享密钥生成的MIC与所述第一STA发送的MIC是否一致;若不一致,则判断是否存在能够用于生成所述第一STA发送的MIC的临时预共享密钥;The judgment module is used to determine whether the MIC generated based on the general pre-shared key is consistent with the MIC sent by the first STA; if they are inconsistent, it determines whether there is a temporary pre-shared key that can be used to generate the MIC sent by the first STA. 接入模块,用于在确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥后,若确定所述临时预共享密钥未被除所述第一STA之外的STA用来生成MIC,则允许所述第一STA接入。The access module is configured to, after determining that a temporary pre-shared key exists that can be used to generate the MIC sent by the first STA, allow the first STA to access if it is determined that the temporary pre-shared key has not been used by any STA other than the first STA to generate the MIC. 9.如权利要求8所述的装置,其特征在于,所述判断模块具体用于:9. The apparatus as described in claim 8, wherein the determining module is specifically used for: 将保存的临时预共享密钥列表中的每个临时预共享密钥依次与第一STA发送的MIC进行匹配,若查找到匹配第一STA发送的MIC的临时预共享密钥,则确定存在能够用于生成所述第一STA发送的MIC的临时预共享密钥。Each temporary pre-shared key in the saved temporary pre-shared key list is matched sequentially with the MIC sent by the first STA. If a temporary pre-shared key matching the MIC sent by the first STA is found, it is determined that there exists a temporary pre-shared key that can be used to generate the MIC sent by the first STA. 10.如权利要求8所述的装置,其特征在于,所述装置还包括:10. The apparatus of claim 8, wherein the apparatus further comprises: 无效模块,用于针对任一临时预共享密钥,若确定所述任一临时预共享密钥在第一有效期内未被使用,则将所述任一临时预共享密钥设为无效;和/或,若确定当前与所述任一临时预共享密钥的生成时间之间的时长超过第二有效期,则将所述任一临时预共享密钥设为无效。An invalidation module is configured to invalidate any temporary pre-shared key if it is determined that the temporary pre-shared key has not been used within the first validity period; and/or, if it is determined that the time between the current time and the generation time of the temporary pre-shared key exceeds the second validity period, then invalidate the temporary pre-shared key. 11.如权利要求8~10任一所述的装置,其特征在于,所述接收模块还用于,在接收第一无线终端STA请求接入时发送的信息完整性校验码MIC之前,接收采用所述通用预共享密钥接入接入点AP的第二STA发送的所述临时预共享密钥。11. The apparatus according to any one of claims 8 to 10, wherein the receiving module is further configured to receive, before receiving the information integrity check code MIC sent by the first wireless terminal STA when requesting access, the temporary pre-shared key sent by the second STA using the general pre-shared key to access the access point AP. 12.一种接入装置,其特征在于,该装置包括:12. An access device, characterized in that the device comprises: 配置模块,用于配置临时预共享密钥;所述临时预共享密钥用于第一STA生成完整性校验码MIC,所述MIC用于接入点AP对所述第一STA进行正确性验证;The configuration module is used to configure a temporary pre-shared key; the temporary pre-shared key is used by the first STA to generate an integrity check code (MIC), and the MIC is used by the access point (AP) to verify the correctness of the first STA. 发送模块,用于采用通用预共享密钥接入所述AP,并将配置的所述临时预共享密钥发送给接入点AP;所述临时预共享密钥与所述通用预共享密钥不同。The sending module is used to access the AP using a general pre-shared key and send the configured temporary pre-shared key to the access point AP; the temporary pre-shared key is different from the general pre-shared key. 13.如权利要求12所述的装置,其特征在于,所述配置模块具体用于:13. The apparatus of claim 12, wherein the configuration module is specifically used for: 接收用户输入的临时预共享密钥;或者,随机生成临时预共享密钥。Receive a temporary pre-shared key input by the user; or, randomly generate a temporary pre-shared key. 14.如权利要求12或13所述的装置,其特征在于,所述发送模块还用于:14. The apparatus of claim 12 or 13, wherein the transmitting module is further configured to: 将配置的所述临时预共享密钥的第一有效期和/或第二有效期发送给所述AP;所述第一有效期和/或第二有效期用于确定所述临时预共享密钥的有效性,若所述临时预共享密钥在所述第一有效期内未被使用,则被设为无效,若当前与接收到所述临时预共享密钥的时间之间的时长超过第二有效期,则所述临时预共享密钥被设为无效。The first validity period and/or the second validity period of the configured temporary pre-shared key are sent to the AP; the first validity period and/or the second validity period are used to determine the validity of the temporary pre-shared key. If the temporary pre-shared key is not used within the first validity period, it is set to invalid. If the time between the current time and the time when the temporary pre-shared key is received exceeds the second validity period, the temporary pre-shared key is set to invalid.
HK17100789.6A 2017-01-22 Access method and access device HK1227217B (en)

Publications (3)

Publication Number Publication Date
HK1227217A HK1227217A (en) 2017-10-13
HK1227217A1 HK1227217A1 (en) 2017-10-13
HK1227217B true HK1227217B (en) 2021-03-12

Family

ID=

Similar Documents

Publication Publication Date Title
US8694782B2 (en) Wireless authentication using beacon messages
US8607315B2 (en) Dynamic authentication in secured wireless networks
CN112566119B (en) Terminal authentication method, device, computer equipment and storage medium
KR102177794B1 (en) Distributed device authentication protocol in internet of things blockchain environment
CN106034028B (en) A terminal equipment authentication method, device and system
EP3700124B1 (en) Security authentication method, configuration method, and related device
CN108667609B (en) A digital certificate management method and device
US10104546B2 (en) Systems and methods for authentication
KR102325725B1 (en) Digital certificate management method and device
CN112449323B (en) Communication method, device and system
Noh et al. Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks
CN105578464A (en) Enhanced WLAN certificate authentication method, device and system
CN105828330B (en) Access method and device
CN105188057A (en) Method and system for enhancing network access authentication security
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
WO2014177106A1 (en) Network access control method and system
CN115761954B (en) A Bluetooth key connection method and device for a vehicle
CN106060810A (en) Method and system for establishing connection relation between mobile devices
KR100921153B1 (en) User Authentication Method over Wireless Communication Network
HK1227217B (en) Access method and access device
Gupta et al. Security mechanisms of Internet of things (IoT) for reliable communication: a comparative review
CN113194471A (en) Wireless network access method, device and terminal based on block chain network
KR101737925B1 (en) Method and system for authenticating user based on challenge-response
HK1227217A (en) Access method and access device
HK1227217A1 (en) Access method and access device