1271961 九、發明說明: 【發明所屬之技術領域】 本發明係揭露—種無_路系統之自較定方法 別疋指-種可以自動認證且進行 = 傳輸的裝置及其設定方法。 i線£域網路 【先前技術】 、無線網路使用者只要在無線電波的涵蓋範圍内,就可 以連上網路。儘管無_路具有免佈_方便性,在部 無線網路時仍需要考量無線魏的安全性,而安全性中包 ί兩個最重要的因素:丨.連線控制;2.資料保密。連線控制 在^確保機密性資料只能由被授權的使用者存取;而資料 保选則關喊過無線網路傳遞的資料^能娜定使 收與解讀。 目前業界廣泛使用的無線網路協定8〇211標準在連線 控制方面,制定了兩種無線網路客戶端認證機制,包含開 放式與共旱金鑰式。除此之外,尚有兩種機制也常被採用, 即為服務識別碼(Service Set Identifier,SSID)和媒介存取控 制層(Media Access Contrd,MAC)位址認證。對不熟悉無 線網路設定的使用者來說,要更改SSID設定具有二 困難度,因為當無線基地台的SSID更改時,使用該SSID 的無線網卡也要跟著修改,此一過程對許多不熟悉網卡設 疋的使用者是一門檻。這使得一個無線網路的第一個基礎 防護關卡無法作用,則無線區域網路容易被網路駭客入侵。1271961 IX. Description of the Invention: [Technical Field of the Invention] The present invention discloses a self-determining method for a non-road system. A device that can be automatically authenticated and transmitted = and a setting method thereof. I-line domain network [Prior Art], wireless network users can connect to the network as long as they are covered by radio waves. Although there is no way to facilitate the convenience of the wireless network, it is still necessary to consider the security of the wireless Wei, and the two most important factors in the security: 丨. connection control; 2. data confidentiality. Connection Control In ^ ensure that confidential information can only be accessed by authorized users; and data security is called off the information transmitted by the wireless network ^ can be determined to receive and interpret. At present, the widely used wireless network protocol 8〇211 standard has two wireless network client authentication mechanisms in terms of connection control, including open and co-dry key. In addition, there are two mechanisms that are commonly used, namely Service Set Identifier (SSID) and Media Access Contrd (MAC) address authentication. For users who are not familiar with the wireless network settings, it is difficult to change the SSID setting, because when the SSID of the wireless base station changes, the wireless network card using the SSID is also modified, and this process is unfamiliar to many. The user of the network card is a threshold. This makes the first basic protection level of a wireless network ineffective, and the wireless local area network is easily invaded by network hackers.
S 至於貧料保密的設計’ 8〇2.n標準則制 Equivalent privacy)演算法來保護無線基地台與客戶端之間 的資料安全’其域方式常見的有&位元或m位元長^ 的金鍮,透過RC4演紐對資料進行加密。其⑽加资 演算法極可能透露了幾個麵削、Μ,而未經授權的二 用者便可細這些片段,獲得—支存取無_路所必須的 金鑰(WEP Key),使網路傳輸中的數據被竊取到後很容易 被破解’安全性大大降低’是現存的鱗網路傳輸中加密 口此本供—種簡單且安全之無線網路設定方 法,於傳輸的任何資料都加以保密,崎低#料遭竊取的 風險。 【發明内容】 〜本發明之目的在供-_單且安全之無限網路設 定裝置。 一種可自動認證且進行加密安全之無線區域網路 傳輸之設定方法,該方法至少包含町挪:執行一無線 基地台上之-設定按鍵;於―使用者端執行—對應麟定 按鍵之-連線設定程式;該無線基地台及該使用者端進入 -自動設定·;該使时端及該麟基地㈡在媒介存 取控制層設置-娜金鑰;該錢者端傳送—要求封包至 無線基地台,要摘需之—服務朗碼及—加祕匙該 無線基地台接收_縣封包並赶練務綱^與該加 密錄匙;練基地台將該服務識觸與該加密餘匙置入 -回覆封包傳送至該使崎端;以及滅財端接受該回 覆封包内之該服顧別碼與該域鍮匙,即完成無線網路 系統之自動設定。 一種使用於無線區域網路之傳輸裝置,至少包括有: -使用者端,該使用者端包含_第—連線模組;以及一無 線基地台,該無線基地台包含一第二連線模組,其中該第 一連線模、、且包g對應於該第一連線模組之一自動設定選 項;其中啟雜第-連線模組以及該第二連線模組中之該 自動設賴項可使該伽者端及該無絲地㈣進入一自 動設定過程。 藉由所揭露之裝置與方法,可達到快速、方便且安全 之無限區域網路設定,增加使用者之便利,並確保其資料 傳輸之隱密。 【實施方式】 請參閱圖-所示,係為本發明一較佳實施例無線區域 網路系統架構圖。無線區域網路系統丨至少包括一使用者 端(Terminai)io具有一第一連線模組(圖中未顯示)、一無線 基地台14(Access Point)具有一第二連線模組(圖中未顯示) 與一 EASY-CONFIG設定按鍵141、一數據機12、一分歧 裔、以及一電話電路線16(CommunicationUne)經過電路服 務業者連接至網際網路(Internet)或區域網路。 其中,使用者端10(如桌上型電腦或筆記型電腦)與無 線基地台14間,藉由按壓此EASY-CONFIG設定按鍵141 1271961 與執行第-連線模組中之連線設定程式,使無線基地台14 與使用者端1G進人-自動設定過程。待連線設定完成後, 其貧料傳輸可經由無線基地台14透過數據機12、分歧器、 電話電路線16傳至網際網路。 /月參閱第2圖’第2圖所示為本發明—實施例無線網 路系統認證之流程圖。首先,在步驟2〇〇中,按下盔 地台14之EASY-C0NFIG設定按鍵141,此時,在步驟 S205中,無線基地台14會將接收訊號之接收訊號強度指 f (Received Signal Strength Intensity,RSSI)的臨界值提 高;在步驟S100中,於使用者端10中進入設定程式中執 行一 EASY-CONFIG之選項,在步驟S105中,程式會驅 動使用者端第二連線馳運作,並放大輸出峨值,使該 輸出訊號之值高於無線基地台14^RSSI臨界值,如此一 來’由於無線基地台的RSSI g篇界值提高了,則只有在有 效距離内的使用者才可和無線基地台進行交握 (handshaking),以防止遠端有人竊聽,則使用者端1〇與無 線基地口 14進入自動设定過程,開始執行⑽2·ι 1標準之 連線程序。 μ 在步驟S110中’使用者端10搜尋無絲地台14,並 發送一探索要求(Probe Request)之封包,其中包含了一 組預設之朗碼,以取代原本需先以手動輸人ssid,使後 縯設定繼續進行;在步驟S21G中,無線基地台14接收探 索要求之封包,並顧封包_設之糊碼為正確的,再 1271961 回傳一探索回覆(Probe Response)之封包至使用者端ι〇 ;在 步驟S120中,使用者端10會繼續傳送一連結要求 (AssociationRequest)至無線基地台14,以嘗試建立連結; 在步驟S220中,無線基地台μ會傳送一連結回覆 (AssociationResponse)至使用者端 1〇;在步驟 S125 和 S225 中,待連線建立時,使用者端10及無線基地台14皆在 MAC層設置一網路金鑰(WEPKey),以加密後續要傳送的 資料,而金鑰的產生是根據MAC位址而產生。 在步驟S130中,使用者端10傳送一設定要求 (Configure Request)封包至無線基地台14,要求所需之 SSID及加密鑰匙(encrypti〇nkey),且以用戶資訊協定uDp 廣播(User Datagram Protocol Broadcast)形式編排,以及先 進加密標準(Advanced Enciyption Standard,AES)演算法加 密,而整個封包將以802J1鮮舰卩演算法加密傳送; 在步驟S230中,當無線基地台14接收到並加以正確的解 碼判靖後,將以雜湊演算法MD5(Message-Digest Algorithm 5)產生SSID與加密鑰匙,而無線基地台14接受所產生的 SSID與加密输匙,然後將其資訊置入設定回覆(c〇啦㈣ Response)封包傳送至使用者端,同樣以與聰p演 异法加贿送;使用者端1G接受從絲基地台14產生實 際的SSID值與授權之输起,即完成無線網路系統之自動 設定。 當^成無線網路系統之自動設定後,先前於步驟2〇5 中所提兩之RSSI臨界值,即回復為原先一般之值。 如以上所述’本發明只需在無線基地台及使用者端中 分別按壓謂Y_〇)NFIG 域執機線設定程 式’即可使兩個裝置進人-自動設定過程,鱗立連線。 較習知技術中省略許多繁複的程序,且由於需要壓下 EASY-CONFIG的設定按紐才可開始自動設定過程,可有 效防止非法使用者於遠端嘗試侵人。並且,本發明於無線 傳輸時,不僅包含以原有之802.U標準之職卩渾算&加 密,更使用了 AES演算法加密,增加封包被破解的難度。 另外,無線基地台與使用者端之間封包的傳遞,透過 娜雜凑運算(娜视邶取得—次性授權錢,無須進 仃用戶名與密碼的加密。安全性大於原有賴定網路金 錄。且於奴過財其_合法使財仍可正常使用無線 網路,而不被干擾。 A以上所述僅為本㈣之健實施飾已,並非用以限 請翻朗;因歧其未脫縣發明所揭示 j神下所完成之等效改魏修飾,均應包含在下述之 5月專利範圍内。 【圖式簡單說明】 施例無線區域網路系統架構 圖一為本發明一較佳實 圖;以及 圖二為本發明—較佳實酬無線區域網路系統認證之 1271961 流程圖。 【主要元件符號說明】 1無線網路系統 12數據機 141 EASY-CONFIG 按鍵 10使用者端 14無線基地台 16電話電路線S As for the poor design of the poor material '8〇2.n standard Equivalent privacy' algorithm to protect the data security between the wireless base station and the client's domain is common with & bit or m bit long ^ Jin Hao, encrypts the data through the RC4. The (10) replenishment algorithm is likely to reveal several flaws and flaws, and unauthorized users can fine-tune these fragments and obtain the necessary key (WEP Key) for accessing the non-road. After the data in the network transmission is stolen, it is easy to be cracked. 'Security is greatly reduced' is the existing encryption network in the scale network transmission. This is a simple and secure wireless network setting method. All are kept secret, and the risk of being stolen. SUMMARY OF THE INVENTION The object of the present invention is to provide a single and secure unlimited network setting device. A method for automatically authenticating and encrypting a secure wireless local area network transmission, the method comprising at least a move: executing a setting button on a wireless base station; executing at the user end - corresponding to a Linding button Line setting program; the wireless base station and the user end enter-automatic setting; the time-making end and the lining base (2) are set in the medium access control layer-na key; the money terminal transmits - request packet to wireless The base station, to pick up the need - service Lang code and - add the key to the wireless base station to receive the _ county packet and rush to practice the program ^ and the encrypted key; the base station to identify the service and the encryption key The in-return packet is transmitted to the so-called Kawasaki; and the anti-finance terminal accepts the service code and the domain key in the reply packet, that is, the automatic setting of the wireless network system is completed. A transmission device for a wireless local area network includes at least: a user end, the user end includes a _first connection module; and a wireless base station, the wireless base station includes a second connection mode a group, wherein the first connection module, and the package g corresponds to an automatic setting option of the first connection module; wherein the automatic connection module and the second connection module automatically The set item allows the gamma end and the non-wired ground (4) to enter an automatic setting process. With the disclosed device and method, an instant, convenient and secure unlimited area network setting can be achieved, which increases user convenience and ensures the confidentiality of data transmission. [Embodiment] Please refer to the accompanying drawings, which is a structural diagram of a wireless area network system according to a preferred embodiment of the present invention. The wireless local area network system includes at least one user terminal (Terminai) io having a first connection module (not shown) and a wireless base station 14 (Access Point) having a second connection module (Fig. Not shown) an EASY-CONFIG setting button 141, a data machine 12, a divergent, and a telephone circuit line 16 (CommunicationUne) are connected to the Internet or a regional network via a circuit service provider. Wherein, between the user terminal 10 (such as a desktop computer or a notebook computer) and the wireless base station 14, by pressing the EASY-CONFIG setting button 141 1271961 and executing the connection setting program in the first connection module, The wireless base station 14 and the user terminal 1G are brought into the person-automatic setting process. After the connection setting is completed, the poor material transmission can be transmitted to the Internet via the data base 12, the splitter, and the telephone circuit line 16 via the wireless base station 14. Referring to Fig. 2, Fig. 2 is a flow chart showing the authentication of the wireless network system of the present invention. First, in step 2, the EASY-CONFIG setting button 141 of the helmet platform 14 is pressed. At this time, in step S205, the radio base station 14 will receive the received signal strength index f (Received Signal Strength Intensity). The threshold value of the RSSI is increased; in step S100, an option of EASY-CONFIG is executed in the setting program in the user terminal 10, and in step S105, the program drives the second connection operation of the user terminal, and Amplify the output 峨 value so that the value of the output signal is higher than the 14^RSSI threshold of the wireless base station, so that since the RSSI g boundary value of the wireless base station is increased, only the user within the effective distance can Handshaking with the wireless base station to prevent remote eavesdropping, the user terminal 1 and the wireless base port 14 enter an automatic setting process, and start the connection procedure of the (10) 2·1 standard. μ In step S110, the user terminal 10 searches for the silkless platform 14 and sends a packet request request (Probe Request), which contains a set of preset lang codes, instead of manually inputting the ssid manually. The post-performance setting is continued; in step S21G, the radio base station 14 receives the packet of the search request, and the packet is set to be correct according to the packet, and then 1271961 returns a packet of the probe response to use. In step S120, the user terminal 10 continues to transmit an association request (AssociationRequest) to the wireless base station 14 to attempt to establish a connection; in step S220, the wireless base station μ transmits a link reply (AssociationResponse) ) to the user terminal 1; in steps S125 and S225, when the connection is to be established, the user terminal 10 and the wireless base station 14 both set a network key (WEPKey) at the MAC layer to encrypt the subsequent transmission. Data, and the key is generated based on the MAC address. In step S130, the UE 10 transmits a Configure Request packet to the radio base station 14, requests the required SSID and encryption key (encrypti〇nkey), and broadcasts the user information protocol uDp (User Datagram Protocol Broadcast). Formal arrangement, and Advanced Encryption Standard (AES) algorithm encryption, and the entire packet will be encrypted and transmitted by the 802J1 fresh ship 卩 algorithm; in step S230, when the wireless base station 14 receives and correctly decodes After the judgment, the SSID and the encryption key will be generated by the hash algorithm MD5 (Message-Digest Algorithm 5), and the wireless base station 14 accepts the generated SSID and the encryption key, and then puts the information into the setting reply (c〇 (4) Response) The packet is transmitted to the user end, and the bribe is sent in the same way as the Congp. The user terminal 1G accepts the actual SSID value and authorization from the silk base station 14 to complete the wireless network system. Automatic setting. After the automatic setting of the wireless network system, the RSSI thresholds previously mentioned in step 2〇5 are restored to the original general values. As described above, the present invention only needs to press the Y_〇NFIG domain execution line setting program in the wireless base station and the user end to enable the two devices to enter the human-automatic setting process. . Many complicated procedures are omitted from the prior art, and the automatic setting process can be started because the setting button of the EASY-CONFIG needs to be pressed, which effectively prevents the illegal user from attempting to invade at the remote end. Moreover, in the wireless transmission, the present invention not only includes the encryption and encryption of the original 802.U standard, but also uses the AES algorithm encryption to increase the difficulty of cracking the packet. In addition, the transmission of the packet between the wireless base station and the user end is carried out through the nano-complex operation (the quality of the sub-license is not required to encrypt the user name and password. The security is greater than the original Lai Ding network gold. Recorded. And in the slaves, the _ legal make money can still use the wireless network normally, without being disturbed. A. The above is only the implementation of this (4) health, not limited to please lang; The equivalent modification of Wei, which was completed by the Unexisting Institute of Inventions, should be included in the following May patent. [Simplified Schematic] The wireless local area network system architecture of the present invention is shown in Figure 1. Figure 2 is a flow chart of the 1271961 for the authentication of the preferred wireless local area network system. [Main component symbol description] 1 wireless network system 12 data machine 141 EASY-CONFIG button 10 user terminal 14 wireless base station 16 telephone circuit line