CN105721403B - For providing the method, equipment and system of wireless network resource - Google Patents
For providing the method, equipment and system of wireless network resource Download PDFInfo
- Publication number
- CN105721403B CN105721403B CN201410736264.3A CN201410736264A CN105721403B CN 105721403 B CN105721403 B CN 105721403B CN 201410736264 A CN201410736264 A CN 201410736264A CN 105721403 B CN105721403 B CN 105721403B
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- network
- resource
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The purpose of the application was to provide a kind of for providing the method and apparatus of wireless network resource.Specifically, the method includes obtaining and handle the resource registering request of the first equipment initiation;In the communication request that second equipment is initiated to first equipment, the checking request that first equipment is initiated according to the communication request is obtained;And the authentication information about first equipment and the second equipment is returned to according to the checking request.Compared with prior art, the network equipment of the application carries out uniform registration, authentication, management to the first equipment and the second equipment, to while guaranteeing network security, realize the concentration of Internet resources, improve the redundancy of Internet resources, expand network coverage face, and then improves the usage experience of user.
Description
Technical field
This application involves communication and computer field more particularly to a kind of method for providing wireless network resource, set
Standby and system.
Background technique
With the broad development of mobile device, the requirement to any wireless network services also improves increasingly.
Current any wireless network services mainly have following a few classes:
One is the movements that the mobile network that operator provides, such as WCDMA, TD-CDMA, TD-LTE, operator provide
Network is completely by operator deployment, operation and maintenance, therefore the improvement for signal dead angle, response speed are slow.And due to frame
If base station is at high cost, cause user's cost of use high, while updating to new technology (such as from TD-CDMA to TD-LTE
Differentiation) fltting speed is slow, user experience is general.
Another kind is Wi-Fi (Wireless Fidelity) network set up by operator, the Wi-Fi that operator sets up
The covering surface very little of network is charged very high.
In addition, there are also one is the Wi-Fi network voluntarily set up by personal or service provider, the Wi-Fi network voluntarily set up
Dispose scattered, and service range is restricted, and is only available to particular person use, and can be used range small.Different Wi-Fi nets
Network authentication mode is identical, account number cipher also different from, it is difficult to realize general.In addition, for using untested Wi-Fi
Internet resources, security risk are high.
Therefore, for the situation of current wireless product great development, wireless network has become the bottleneck of development.
Summary of the invention
The purpose of the application is by providing method, equipment and the system of wireless network resource, to offer Internet resources
Equipment and the equipment for using Internet resources carry out uniform registration, verifying and management, to realize collection while guaranteeing network security
Middle Internet resources reduce network resource building cost, improve the redundancy of Internet resources, expand network coverage face, and then improve
The usage experience of user.
In view of this, on the one hand according to the application, providing a kind of for providing wireless network resource at network equipment end
Method, wherein the described method includes:
Obtain and handle the resource registering request of the first equipment initiation;
In the communication request that second equipment is initiated to first equipment, first equipment is obtained according to
The checking request that communication request is initiated;And
The authentication information about first equipment and the second equipment is returned according to the checking request.
Further, it obtains and the resource registering request for handling the initiation of the first equipment includes:
Obtain the resource registering request that first equipment is initiated;
The resource information submitted according to the first equipment described in the resource registering request;And
The legitimacy of the resource information is verified, then returns to resource registering feedback information if legal.
Preferably, the resource information includes: the registration information of resource, the hardware information of first equipment and first sets
Standby key information, the registration information of the resource include the account of the first equipment, the password of the first equipment, service set money
Source name, the hardware information of first equipment include the hardware address of first equipment and network broadband, described first set
Standby key information includes the public keys of first equipment;The resource registering feedback information includes: first equipment
SSID information and the network equipment public keys, the SSID information of first equipment include: resource identification prefix, money
Source name and resource identifying code, the resource identifying code be generated by the network equipment using its private key encryption, and
Account and a string of random numbers generated by the network equipment including first equipment.
Preferably, before the communication request that second equipment is initiated to first equipment, the method also includes:
Obtain and handle the user's registration request of the second equipment initiation.
Further, it obtains and the user's registration request for handling the initiation of the second equipment includes:
Obtain the user's registration request of the second equipment initiation;
The user information submitted according to the second equipment described in the user's registration request;And
The legitimacy of the user information is verified, returns to user's registration feedback information if legal.
Preferably, the user information includes: the registration information of user, the hardware information of the second equipment and the second equipment
Key information, the registration information of the user include the account of the second equipment and the password of the second equipment, second equipment
Hardware information includes the hardware address of second equipment, and the key information of second equipment includes the public close of the second equipment
Key;
The user's registration feedback information includes: the public keys of the network equipment.
Further, obtaining first equipment according to the checking request that the communication request is initiated includes:
Obtain the ciphertext for the checking request initiated about the first equipment;And
The ciphertext of the checking request initiated about the first equipment is decrypted using the public keys of the network equipment, with
The communication request is obtained, the ciphertext of the checking request initiated about the first equipment is by the first equipment utilization network
What the public-key encryption of equipment generated, and the ciphertext of the communication request initiated about the second equipment includes: by described the
Account, password and the current time of its private cipher key pair of one equipment utilization first equipment carry out the ciphertext of encryption generation, and
The account of first equipment.
Further, it returns and includes: about the authentication information of first equipment and the second equipment
The authentication information about the first equipment is generated, and is encrypted using the public keys of second equipment,
Authentication information about the first equipment includes current time, the account of first equipment, public keys and about described
The key of encrypted tunnel between the authentication result information and the network equipment and first equipment of first equipment;
The authentication information about the second equipment is generated, and is encrypted using the public keys of first equipment,
Authentication information about the second equipment includes the account of current time and second equipment, public keys and about described
The authentication result information of second equipment, the authentication information of second equipment are to utilize described first by the network
What the public-key encryption of equipment generated, the key of encrypted tunnel is by described between the network equipment and first equipment
The random number that the network equipment generates;
The body of the authentication information of first equipment and the second equipment described in private cipher key pair using the network equipment
Part verification information carries out packaging ciphering, to generate the ciphertext about first equipment and the authentication information of the second equipment;
And
Return to the ciphertext about first equipment and the second authentication information.
On the other hand according to the application, it additionally provides a kind of for providing the side of wireless network resource in the first equipment end
Method, wherein the described method includes:
Resource registering request is initiated to the network equipment;
Obtain the communication request of the second equipment initiation;
Checking request is initiated according to the communication request, to request the network equipment to first equipment and described the
Two equipment carry out authentication;And
Obtain the authentication information about first equipment and the second equipment that the network equipment is returned, and root
The communication request is handled according to the authentication information.
Further, initiating resource registering request to the network equipment includes:
Generate resource registering certificate;
Resource information is submitted to the network equipment;And
Obtain the resource registering feedback information that the network equipment is returned.
Preferably, it includes the account of the first equipment, the first equipment that the resource information, which includes: the registration information of the resource,
Password, service set resource name, the hardware information of first equipment include first equipment hardware address and
Network broadband, first equipment key information include the public keys of first equipment;The resource registering feedback letter
Breath includes: the SSID information of first equipment and the public keys of the network equipment, the SSID information of first equipment
It include: resource identification prefix, resource name and resource identifying code, the resource identifying code is private using it by the network equipment
There is key encryption to generate, account and a string of random numbers generated by the network equipment including first equipment.
Further, obtaining the communication request that the second equipment is initiated includes:
Obtain that second equipment sends about communication request ciphertext;And
The ciphertext about the communication request is decrypted using the public keys of the network equipment, is asked with obtaining the communication
Ask, the ciphertext about the communication request be generated by the public-key encryption of the second equipment utilization network equipment, and
The ciphertext about the communication request includes: by the account of described its private cipher key pair of second equipment utilization second equipment
Number, password and current time carry out the ciphertext of encryption generation and the account of second equipment.
Further, initiating checking request according to the communication request includes:
The ciphertext about the checking request is generated using the public-key encryption of the network equipment, it is described about verifying
The ciphertext of request includes: by account, password and the current time of described its private cipher key pair of first equipment utilization first equipment
Carry out the ciphertext of encryption generation and the account of first equipment;And it is sent to the network equipment described about verifying
The ciphertext of request.
Preferably, handling the communication request according to the authentication information includes:
Obtain the ciphertext about first equipment and the authentication information of the second equipment;
The authentication information is decrypted using the public keys of the network equipment, to obtain about second equipment
Authentication information;
If the authentication information of second equipment be it is illegal, interrupt communication;
If the authentication information of second equipment be it is legal, first equipment sends logical to second equipment
Believe feedback information.
Further, the communications feedback information is raw by the public-key encryption of second equipment of the first equipment utilization
At, and the communications feedback information includes:
The authentication information of first equipment and by first equipment generate first equipment set with described second
The key of encrypted tunnel between standby.
According to the application in another aspect, additionally providing a kind of for providing the network equipment of wireless network resource, wherein institute
Stating the network equipment includes:
First device, for obtaining and handling the resource registering request of the first equipment initiation;And
4th device when communication request for initiating in from second equipment to first equipment, obtains described the
The checking request that one equipment is initiated according to the communication request, and according to the checking request to first equipment and second
Equipment carries out authentication;And
7th device, for returning to the authentication information about first equipment and the second equipment.
Further, the first device obtain and handle the first equipment initiation resource registering request include:
Obtain the resource registering request that first equipment is initiated;
The resource information submitted according to the first equipment described in the resource registering request;And
The legitimacy of the resource information is verified, then returns to resource registering feedback information if legal.
Preferably, it includes the account of the first equipment, the first equipment that the resource information, which includes: the registration information of the resource,
Password, service set resource name, the hardware information of first equipment include first equipment hardware address and
Network broadband, first equipment key information include the public keys of first equipment;The resource registering feedback letter
Breath includes: the SSID information of first equipment and the public keys of the network equipment, the SSID information of first equipment
It include: resource identification prefix, resource name and resource identifying code, the resource identifying code is private using it by the first device
There is key encryption to generate, and the account including first equipment and a string of random numbers generated by the network equipment.
Optionally, the network equipment further include: the tenth device, for obtaining and handling user's note of the second equipment initiation
Volume request.
Further, the user's registration that the tenth device obtains that the second equipment is initiated is requested
Obtain the user's registration request of the second equipment initiation;
The user information submitted according to the second equipment described in the user's registration request;And
The legitimacy of the user information is verified, returns to user's registration feedback information if legal.
Preferably, the user information includes: the registration information of user, the hardware information of the second equipment and the second equipment
Key information, the registration information of the user include the account of the second equipment and the password of the second equipment, second equipment
Hardware information includes the hardware address of second equipment, and the key information of second equipment includes the public close of the second equipment
Key;
The user's registration feedback information includes: the public keys of the network equipment.
Further, the 4th device obtains the checking request that first equipment is initiated according to the communication request
Include:
Obtain the ciphertext for the checking request initiated about the first equipment;And
The ciphertext of the checking request initiated about the first equipment is decrypted using the public keys of the network equipment, with
The communication request is obtained, the ciphertext of the checking request initiated about the first equipment is by the first equipment utilization network
What the public-key encryption of equipment generated, and the ciphertext of the communication request initiated about the second equipment includes: by described the
Account, password and the current time of its private cipher key pair of one equipment utilization first equipment carry out the ciphertext of encryption generation, and
The account of first equipment.
Preferably, the 7th device is returned includes: about the authentication information of first equipment and the second equipment
The authentication information about the first equipment is generated, and is encrypted using the public keys of second equipment,
Authentication information about the first equipment includes current time, the account of first equipment, public keys and about described
The key of encrypted tunnel between the authentication result information and the network equipment and first equipment of first equipment;
The authentication information about the second equipment is generated, and is encrypted using the public keys of first equipment,
Authentication information about the second equipment includes the account of current time and second equipment, public keys and about described
The authentication result information of second equipment, the authentication information of second equipment are to utilize described first by the network
What the public-key encryption of equipment generated, the key of encrypted tunnel is by described between the network equipment and first equipment
The random number that 7th device generates;
The body of the authentication information of first equipment and the second equipment described in private cipher key pair using the network equipment
Part verification information carries out packaging ciphering, to generate the ciphertext about first equipment and the authentication information of the second equipment;
And
Return to the ciphertext about first equipment and the second authentication information.
According to the application in another aspect, additionally providing a kind of for providing the first equipment of wireless network resource, wherein institute
Stating the first equipment includes:
Second device, the resource registering request for being initiated to the network equipment;
5th device for obtaining the communication request of the second equipment initiation, and is initiated verifying according to the communication request and is asked
It asks to request the network equipment to carry out authentication to first equipment and second equipment;
8th device, the identity about first equipment and the second equipment returned for obtaining the network equipment
Verification information, and the communication request is handled according to the authentication information.
Further, the second device includes: to network equipment initiation resource registering request
Generate resource registering certificate;
Resource information is submitted to the network equipment;And
Obtain the resource registering feedback information that the network equipment is returned.
Preferably, it includes the account of the first equipment, the first equipment that the resource information, which includes: the registration information of the resource,
Password, service set resource name, the hardware information of first equipment include first equipment hardware address and
Network broadband, first equipment key information include the public keys of first equipment;
The resource registering feedback information include: first equipment SSID information and the network equipment it is public close
Key, the SSID information of first equipment include: resource identification prefix, resource name and resource identifying code, the resource verifying
Code is the account generated by the network equipment using its private key encryption, including first equipment and a string by described
The random number that the network equipment generates.
Further, the communication request of the 5th device acquisition the second equipment initiation includes:
Obtain that second equipment sends about communication request ciphertext;And
The ciphertext about the communication request is decrypted using the public keys of the network equipment, is asked with obtaining the communication
Ask, the ciphertext about the communication request be generated by the public-key encryption of the second equipment utilization network equipment, and
The ciphertext about the communication request includes: by the account of described its private cipher key pair of second equipment utilization second equipment
Number, password and current time carry out the ciphertext of encryption generation and the account of second equipment.
Preferably, the 5th device includes: according to communication request initiation checking request
The ciphertext about the checking request is generated using the public-key encryption of the network equipment, it is described about verifying
The ciphertext of request include: by the 5th device using the account of the private cipher key pair of first equipment first equipment, password and
Current time carries out the ciphertext of encryption generation and the account of first equipment;And
The ciphertext about checking request is sent to the network equipment.
Further, the 8th device includes: according to the authentication information processing communication request
Obtain the ciphertext about first equipment and the authentication information of the second equipment;
The authentication information is decrypted using the public keys of the network equipment, to obtain about second equipment
Authentication information;
If the authentication information of second equipment be it is illegal, interrupt communication;
If the authentication information of second equipment be it is legal, first equipment sends logical to second equipment
Believe feedback information.
Preferably, the communications feedback information is generated by the public-key encryption of second equipment of the first equipment utilization
, and the communications feedback information includes:
The authentication information of first equipment and by first equipment generate first equipment set with described second
The key of encrypted tunnel between standby.
According to the application in another aspect, present invention also provides a kind of for providing the system of wireless network resource, wherein
The system comprises:
The network equipment of wireless network resource is on the one hand provided according to the application, on the one hand the application provides wireless network money
First equipment and the second equipment in source, second equipment are used to initiate communication request to first equipment with request
The Internet resources of first equipment.
Compared with prior art, in one embodiment of the application the first equipment by uniting to the equipment of Internet resources
One registration, and when the second equipment initiates communication request to the first equipment, request the network equipment to the first equipment and the second equipment
Authentication is carried out, and is returned about the authentication information of the first equipment and the second equipment to the first equipment.Hereafter, it first sets
It is standby to obtain authentication information, and the communication request is handled according to the authentication information, and in the body to the second equipment
The legal backward corresponding first equipment open network resource of part verifying, to realize Internet resources while guaranteeing network security
Concentration, improve the redundancy of Internet resources, expand network coverage face, and then improve the usage experience of user.
Further, the network equipment generates network credentials, first equipment generates resource registering certificate, and described the
Two equipment generate user's registration certificate, and the network equipment, the first equipment and the second equipment are in communication request and authentication rank
The data of section transmission are all decrypted by corresponding public keys and private cipher key and respective encrypted, guarantee the first equipment and the
Two equipment safely, can be transmitted securely in communication request and authenticating phase data, and then provide the net of a safety
Network resource environment.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is shown to be shown according to a kind of equipment for providing the network equipment of wireless network resource of the application one aspect
It is intended to;
Fig. 2 shows according to a kind of for providing the network equipment of wireless network resource of one preferred embodiment of the application
Equipment schematic diagram;
Fig. 3 is shown according to a kind of for providing the equipment of the first equipment of wireless network resource of the application another aspect
Schematic diagram;
Fig. 4 show according to a kind of network equipment for providing wireless network resource of one preferred embodiment of the application and
The equipment schematic diagram of first equipment;
Fig. 5 is shown according to a kind of for providing the first equipment of wireless network resource of the application another preferred embodiment
With the equipment schematic diagram of the second equipment;
Fig. 6 shows the method flow that offer wireless network resource is realized according to the network equipment of the application another aspect
Figure;
Fig. 7 shows the method flow that offer wireless network resource is realized according to the first equipment of the application other side
Figure;
Fig. 8, which is shown, to be realized according to the network equipment of one preferred embodiment of the application and the cooperation of the first equipment and provides wireless network
The method flow diagram of network resource;
Fig. 9, which is shown, to be realized according to first equipment of one preferred embodiment of the application and the cooperation of the second equipment and provides wireless network
The method flow diagram of network resource.
The same or similar appended drawing reference represents the same or similar component in attached drawing.
Specific embodiment
In a typical configuration of this application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices or
Any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, computer
Readable medium does not include non-temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
The core concept of the application is, by being provided for the method, apparatus and system of wireless network resource, to mentioning
Equipment for Internet resources and equipment progress uniform registration, verifying and the management using Internet resources, to guarantee network security
While, it realizes the concentration of Internet resources, improves the redundancy of Internet resources, expand network coverage face, and then improve user's
Usage experience.
In conjunction with above-mentioned core concept, Fig. 1 is shown according to one kind of the application one aspect for providing wireless network resource
The network equipment 3 equipment schematic diagram, wherein the network equipment 3 include first device 31, the 4th device 32 and the 7th device
33.Specifically, the first device 31 is used to obtain and handle the resource registering request of the first equipment initiation;4th device
32 in the communication request that second equipment is initiated to first equipment, obtaining first equipment according to described logical
Letter requests initiated checking request, and the 7th device 33 is used to return to the identity about first equipment and the second equipment
Verification information.
Here, the network equipment 3 described herein can be by network host, single network server, multiple network services
The cloud etc. that device collection or multiple servers are constituted is realized.The cloud is a large amount of masters by being based on cloud computing (Cloud Computing)
What machine or network server were constituted, wherein cloud computing is one kind of distributed computing, by the computer set group of a group loose couplings
At a super virtual computer.Those skilled in the art will be understood that the above-mentioned network equipment 3 is only for example, other are existing
Or the network equipment 3 being likely to occur from now on is such as applicable to the application, should also be included within the application protection scope, and herein
It is incorporated herein by reference.In addition, the network equipment 3 include it is a kind of can according to the instruction for being previously set or store, oneself
The dynamic electronic equipment for carrying out numerical value calculating and information processing, hardware includes but is not limited to microprocessor, specific integrated circuit
(ASIC), programmable gate array (FPGA), digital processing unit (DSP), embedded device etc..
Specifically, the first device 31 obtains the resource registering request that first equipment is initiated, and according to the money
The resource information that first equipment described in Login request is submitted.Wherein, the resource information that first equipment is submitted can wrap
Include the registration information for the resource filled in by resource provider, the hardware information of the first equipment and key information of the first equipment etc..
In the particular embodiment, the registration information of the resource may include the account of the first equipment, the first equipment it is close
Code and service set resource name etc., the hardware information of first equipment may include hardware address (address mac) and network
Bandwidth etc., the key information of first equipment may include the public keys of first equipment, the public keys of the first equipment
It is the public keys of the resource registering certificate generated by first equipment, the resource registering certificate that first equipment generates is also
Including private cipher key corresponding with its public keys.
Specifically, the resource registering certificate that first equipment generates can be the digital certificate using public key system.?
This, digital certificate is encrypted using the key that a pair matches each other, is decrypted, including public keys (public key) and private cipher key
(private key).Each equipment generates setting one being specifically only private cipher key (private key) known to itself, is carried out with private cipher key
Decryption and signature;It concurrently sets a public keys (public key) and is one group for encrypting and verifying signature by itself disclosure and set
It is standby to share.It can only be decrypted with private key using the content of public key encryption, corresponding public key solution can only be used using the content of private key encryption
It is close, it can guarantee that information can arrive at the destination safe and punctually.
Here, the resource registering certificate for the first equipment that the network credentials and the application of the network equipment refer to and
The user resources certificate of registry of two equipment all can equally use digital certificate mode, i.e. the network equipment, the first equipment and second sets
It is standby to all have corresponding public keys and private cipher key, pass through public keys and private cipher key cooperation encryption, decryption communications
Data, to guarantee that can only be designated equipment decryption in communication data obtains, to guarantee the network equipment, the first equipment and second set
Communication data between standby can safe transmission reach, and then ensure the safety of wireless network resource environment.
Certainly, those skilled in the art will be understood that the network credentials that the network equipment is realized in the way of digital certificate and
The description of the user resources certificate of registry of the resource registering certificate and the second equipment for the first equipment that the application refers to is only to lift
Example, other modes that communication between devices data are safely transmitted that can be realized that are existing or being likely to occur from now on are such as applicable to
The application should also be included within the application protection scope, and be incorporated herein by reference.
Then, the first device 31 verifies the legitimacy of the resource information, then returns to resource registering feedback if legal
Information, the resource registering feedback information may include first equipment SSID information (Service Set Identifier,
Service set) and the network equipment public keys.Here, the public keys of the network equipment is set by the network
The public keys of standby 3 network credentials generated, the network credentials that the network equipment 3 generates further include corresponding with public keys
Private cipher key.
In the preferred embodiment, the SSID information of first equipment includes: resource identification prefix, resource name and money
Source identifying code.Here, the SSID information of first equipment can find resource provider, the money convenient for resource user
Source mark prefix can be such as, but not limited to: " Openwifi ";The resource name can be the resource of resource provider registration
Account is also possible to other identifier;Unique identifier area can be used between resource identification prefix, resource name and resource identifying code
Point, the unique identifier can such as, but not limited to " _ ";The resource identifying code is private using it by the first device 31
There is key encryption to generate, and the account including first equipment and a string of random numbers generated by the first device 31.
Then, first equipment obtains the resource registering feedback information that the network equipment is returned, and is set according to network
The SSID information of standby the first equipment returned modifies update to original SSID name, and saves the public close of the network equipment
Key;So far, first equipment is completed to carry out the work of resource registering in the network equipment.
Therefore, the network equipment 3 provides resource registering platform, and the net that will be provided described in the first equipment for the first equipment
It is supplied to resource user in network resource set, Internet resources covering surface can be expanded, improves network redundancy, improves resource and uses
The Web vector graphic experience of side.
Pass through here, the resource provider can be trade company, individual or other offers Internet resources person, resource provider
First equipment provides Internet resources, and the resource user can be the user that wish uses Internet resources, resource user
Internet resources are obtained by the second equipment.
After completing registration, the link of all Internets of the second equipment of resource user is still still closed
's.It connects link to need to initiate communication request to the first equipment of resource provider by the second equipment, and by the second equipment root
According to communication request, after going the request network equipment to carry out authentication to the first equipment and the second equipment, the second equipment can be connect
Open network, the Internet resources that resource user could use resource provider to provide.
In the particular embodiment, it includes: second equipment by that second equipment, which initiates the process of communication request,
The private key encryption of second equipment such as account, password and current time of two equipment generates ciphertext cryptograph_
User_nick_password can ensure that the ciphertext can only have current second equipment using the private key encryption of the second equipment
It generates;Then, second equipment is again by the account of the second equipment and ciphertext cryptograph_user_nick_password
It is stitched together and is encrypted using the public keys of the network equipment, the ciphertext send_packet_from_client of generation;It utilizes
The public-key encryption of the network equipment is all secrecy, the only network equipment to ensure encrypted content in whole network communication
Ciphertext send_packet_from_client can be decrypted.
Specific implementation code is such as, but not limited to:
send_packet_from_client
=encrypt (encrypt (user_nick+user_password) user_private_key
+user_nick)wifi_server_public_key
Then, the 4th device 32 obtains the checking request that first equipment is initiated.In the preferred embodiment,
4th device 32 obtains the ciphertext for the checking request initiated about the first equipment first, then utilizes the network equipment
The ciphertext of the public keys decryption checking request initiated about the first equipment, to obtain the communication request, it is described about
The ciphertext for the checking request that first equipment is initiated is generated by the public-key encryption of the first equipment utilization network equipment,
And the ciphertext of the communication request initiated about the second equipment include: by described its private cipher key pair of first equipment utilization this
Account, password and the current time of one equipment carry out the ciphertext of encryption generation and the account of first equipment.
In the particular embodiment, after first equipment receives the communication request that the second equipment is initiated, verifying is initiated
The step of request includes: to be set the account of the first equipment, password and current time with second using the private cipher key of the first equipment
Standby private cipher key is encrypted, and ciphertext cryptograph_router_nick_password is generated, by ciphertext
The account of cryptograph_router_nick_password and the first equipment, and the leading to about the second equipment received
The ciphertext send_packet_from_client of letter request is packaged and is encrypted with the public keys of the network equipment, will be packaged
Encrypted ciphertext is sent to the network equipment as the checking request of the first equipment.
Specific implementation code is such as, but not limited to:
send_packet_from_router
=encrypt (router_nick+encrypt (router_nick+router_password)
router_private_key+send_packet_from_client)wifi_server_public_key
Then, the 4th device 32 returns to the authentication information about first equipment and the second equipment.Specifically
Ground, the 4th device 32 firstly generate the authentication information of authentication information and the second equipment about the first equipment.
Wherein, the authentication information about the first equipment includes current time, the account of first equipment, public close
It key and authentication result information and the network equipment about first equipment and is encrypted between first equipment
The key in channel;Authentication information about the second equipment includes the account, public close of current time and second equipment
Key and authentication result information about second equipment, the authentication information of second equipment is by the network
It is generated using the public-key encryption of first equipment, encrypted tunnel between the network equipment and first equipment
Key is the random number generated by the 4th device 32.
Authentication information about the first equipment will be decrypted by the second equipment to be obtained, therefore is to utilize second equipment
Public keys encrypted;And it generates to be decrypted by first equipment about the authentication information of the second equipment and obtain
It takes, therefore is that the public keys of first equipment is encrypted.Thereafter, the 4th device 32 utilizes the network equipment
Private cipher key pair described in the authentication information of the first equipment and the authentication information of the second equipment carry out packaging ciphering, it is raw
At about the ciphertext of first equipment and the authentication information of the second equipment and the ciphertext is returned, the network equipment is utilized
Private cipher key be packaged ciphertext and can be avoided illegal resource user or resource provider and obtain first equipment and the
The ciphertext of the authentication information of two equipment, it is ensured that the safety of communication data, and then guarantee the peace of wireless network resource environment
Quan Xing.
In the particular embodiment, after the 4th device 32 receives the checking request that the first equipment is sent, to verifying
The processing of request includes:
1) be first decrypted with the private cipher key of the network equipment, to corresponding ciphertext by the public keys of the second equipment and
The public keys of first equipment and the public keys of the second equipment are decrypted, to confirm that corresponding data are by the two main bodys
It generates, there is no the possibility of forgery.2) extraction relevant request information, account, password including the second equipment, the first equipment
Account, password and specific application time.3) confirm whether this application is currently mentioned by user by the verification information of application time
It rises.4) information for passing through account and password, verifies the user validation of the second equipment and the resource legitimacy of the first equipment.5)
By the account of the second equipment, current time, the second authentication information (value of information is TRUE or FAULSE) using currently
The public keys of second equipment carries out packaging ciphering using the public keys of " wifi router ", to generate ciphertext
Cryptograph_user_pass, ciphertext cryptograph_user_pass are to notify the second equipment, to the first equipment
Authentication whether be it is legal, if legal then by the second authentication information indicating be TRUE, if it is illegal succeed then will
Second authentication information indicating is TRUE.6) account of the first equipment, current time, the first authentication are believed
Breath (value of information is TRUE or FAULSE), the public keys of the first equipment, message segment session_server_key utilize second
The public keys of equipment carries out packaging ciphering, generates ciphertext cryptograph_router_pass, ciphertext cryptograph_
Router_pass is to notify whether the second equipment succeeds to the authentication of first equipment, if is one legal
First equipment of access network device.Wherein message segment session_server_key is the random number of a generation, for making
The key of encrypted tunnel between the first equipment and network.7) by ciphertext cryptograph_user_pass and ciphertext
After cryptograph_router_pass splicing, packaging ciphering is carried out using the private cipher key of the network equipment, ciphertext will be packaged and made
For the ciphertext about first equipment and the authentication information of the second equipment.
Then, the 7th device 33 is returned specifically wraps about the authentication information of first equipment and the second equipment
It includes and the ciphertext about first equipment and the authentication information of the second equipment is returned into corresponding second equipment.
Hereafter, first equipment is obtained first about the close of the authentication information of first equipment and the second equipment
Text, and the authentication information is decrypted using the public keys of the network equipment, to obtain about second equipment
Authentication information.
In a preferred embodiment, the second equipment of the network equipment 3 or resource user provide user's note
Volume request, convenient for the second equipment of unified managing resource user, safeguards the safety of the first equipment of resource provider.Fig. 2
It shows according to a kind of for providing the equipment schematic diagram of the network equipment of wireless network resource of one preferred embodiment of the application.
The network equipment 3 include first device 31 ', the 4th device 32 ', the 7th device 33 ' and the tenth device 34 ', the described tenth
Device 34 ' is used to obtain and handle the user's registration request of the second equipment initiation.Here, in Fig. 2 the network equipment 3 first device
31 ', the 4th device 32 ', the 7th device 33 ' and 3 first device 31 of the network equipment in Fig. 1, the 4th device 32, the 7th device 33
Content is identical or essentially identical, and for simplicity, details are not described herein, and is incorporated herein by reference.
Specifically, the tenth device 34 ' obtains the user's registration request that the second equipment is initiated;And it is infused according to the user
The user information that second equipment described in volume request is submitted.Wherein, the user information that second equipment is submitted may include using
The key information of the registration information at family, the hardware information of the second equipment and the second equipment, wherein the registration information of the user can
Password including the account of the second equipment and the second equipment filled in by resource user, the hardware information of second equipment can
Hardware address (address mac) including the second equipment, the key information of second equipment may include the public close of the second equipment
Key, the public keys of second equipment are the public keys of the user's registration certificate generated by second equipment, described the
The user's registration certificate that two equipment generate further includes private cipher key corresponding with its public keys.
Then, the tenth device 34 ' verifies the legitimacy of the user information, returns to user's registration feedback letter if legal
Breath, wherein the user's registration feedback information includes: the public keys of the network equipment.Here, network described herein
The public keys of equipment is the public keys of the network credentials generated by the network equipment, the network that the network equipment generates
Certificate further includes private cipher key corresponding with public keys.
In other examples, the network equipment 3 can also provide Internet resources for unregistered second equipment, tool
Body can be referred to by directly distributing the modes such as interim visitor's account, ephemeral public for the second equipment, and subsequent
Authenticating phase carries out authentication to the second equipment with interim visitor's account, thus in maintenance wireless network money
Source environment it is safe while, realize unified management of the network equipment to the second equipment.
Fig. 3 is shown according to a kind of for providing the equipment of the first equipment of wireless network resource of the application another aspect
Schematic diagram.Wherein, first equipment 1 includes second device 11, the 5th device 12 and the 8th device 13, the second device 11
Resource registering request for initiating to the network equipment, the communication that the 5th device 12 is used to obtain the initiation of the second equipment are asked
It asks, checking request is initiated to request the network equipment to first equipment and second equipment according to the communication request
Carry out authentication;8th device 13 is used to obtain that the network equipment to be returned about first equipment and second
The authentication information of equipment, and the communication request is handled according to the authentication information.
Here, the first equipment 1 described herein can be gateway, such as router and it is capable of providing wireless
Equipment of hot spot, such as mobile phone, desktop computer, PDA, palm PC PPC or tablet computer etc..Those skilled in the art should be able to manage
It solves above-mentioned first equipment to be only for example, other be able to use wireless network resource online that are existing or being likely to occur from now on
One equipment, is such as applicable to the application, should also be included within the application protection scope, and is contained in by reference herein
This.
Specifically, when the second device 11 initiates resource registering request to the network equipment, resource registering card is firstly generated
Book, and resource information is submitted to the network equipment.
In the particular embodiment, the resource registering certificate that the second device 11 generates include public keys and with its public affairs
The corresponding private cipher key of key altogether, the private cipher key of the first equipment are saved by the first equipment 1 itself, first equipment it is public
Key is used for the second equipment that the network equipment and authentication pass through, to realize the first equipment and the network equipment, the first equipment
With the safe and secret communication of the second equipment.Meanwhile the registration information of the resource may include the account of the first equipment, the first equipment
Password and service set resource name etc., the hardware information of first equipment may include hardware address (address mac) and
Network bandwidth etc., the key information of first equipment may include the public keys of first equipment.
Specifically, the resource registering certificate that the second device 11 generates can be the digital certificate using public key system.
Here, digital certificate is encrypted using the key that a pair matches each other, is decrypted, including public keys (public key) and private cipher key
(private key).Each equipment generates setting one being specifically only private cipher key (private key) known to itself, is carried out with private cipher key
Decryption and signature;It concurrently sets a public keys (public key) and is one group for encrypting and verifying signature by itself disclosure and set
It is standby to share.It can only be decrypted with private key using the content of public key encryption, corresponding public key solution can only be used using the content of private key encryption
It is close, it can guarantee that information can arrive at the destination safe and punctually.
Here, the resource registering certificate of first equipment, the network credentials for the network equipment that the application refers to and second
The user resources certificate of registry of equipment all can equally use digital certificate mode, the i.e. network equipment, the first equipment and the second equipment
Corresponding public keys and private cipher key are all had, is passed by corresponding public keys and private cipher key cooperation encryption, decryption communication
Transmission of data, to guarantee that can only be designated equipment decryption in communication data obtains, to guarantee the network equipment, the first equipment 1 and the
Communication data between two equipment can safe transmission reach, and then ensure the safety of wireless network resource environment.
Certainly, those skilled in the art will be understood that the resource registering card that the first equipment is realized in the way of digital certificate
The description of the user resources certificate of registry of the network credentials for the network equipment that book and the application refer to and the second equipment is only to lift
Example, other modes that communication between devices data are safely transmitted that can be realized that are existing or being likely to occur from now on are such as applicable to
The application should also be included within the application protection scope, and be incorporated herein by reference.
Then, the first device 11 obtains the resource registering feedback information that the network equipment is returned.In the money
Login feedback information may include the SSID information (Service Set Identifier, service set) of first equipment
With the public keys of the network equipment.Here, the public keys of the network equipment is the net generated by the network equipment
The public keys of network certificate, the network credentials that the network equipment generates further include private cipher key corresponding with public keys.
In the preferred embodiment, the SSID information of first equipment includes: resource identification prefix, resource name and money
Source identifying code.Here, the SSID information of first equipment can find resource provider, the money convenient for resource user
Source mark prefix can be such as, but not limited to: Openwifi;The resource name can be the resource account of resource provider registration
Number, it is also possible to other identifier;Unique identifier area can be used between resource identification prefix, resource name and resource identifying code
Point, the unique identifier can such as, but not limited to " _ ";The resource identifying code is private using it by the first device 11
There is key encryption to generate, and the account including first equipment and a string of random numbers generated by the network equipment.
Second equipment first passes through search, searches the Internet resources for obtaining and being able to access that, specifically before initiating communication request
By retrieving the SSID information of the first equipment, find with resource identification prefix, such as started with " openwifi " prefix
Corresponding first equipment 1 of SSID information.Second equipment decrypts the resource identifying code using the public keys of the network equipment, obtains
The account of first equipment and a string of random numbers generated by the network equipment carry out the account of the first equipment and resource name
It compares, illustrates that first equipment is the legitimate network resource provider registered in the network device if consistent, second sets
It is standby safely to initiate communication request to first equipment.Further, the communication request that the second equipment is initiated is with ciphertext
Form is sent, and the ciphertext about the communication request is generated by the public-key encryption of the second equipment utilization network equipment
, and the ciphertext about the communication request includes: by described its private cipher key pair of second equipment utilization second equipment
Account, password and current time carry out encryption generation ciphertext and second equipment account.
Then, the 5th device 12 obtains the communication request that the second equipment is initiated, and utilizes the public affairs of the network equipment
Key decrypts the ciphertext about the communication request altogether, to obtain the content of the communication request.Then, the 5th device 12
Checking request is initiated according to the communication request.5th device 12 first is generated using the public-key encryption of the network equipment
About the ciphertext of the checking request, the ciphertext about checking request includes: to be set by the 5th device 12 using described first
Account, password and the current time of standby private cipher key pair first equipment carry out the ciphertext and described first of encryption generation
The account of equipment, the ciphertext about checking request is sent to the network equipment by the 5th device 12 thereafter.
In the particular embodiment, it includes: second equipment by that second equipment, which initiates the process of communication request,
The private key encryption of second equipment such as account, password and current time of two equipment generates ciphertext cryptograph_
User_nick_password can ensure that the ciphertext can only have current second equipment using the private key encryption of the second equipment
It generates;Then, second equipment is again by the account of the second equipment and ciphertext cryptograph_user_nick_password
It is stitched together and is encrypted using the public keys of the network equipment, the ciphertext send_packet_from_client of generation;It utilizes
The public-key encryption of the network equipment is all secrecy, the only network equipment to ensure encrypted content in whole network communication
Ciphertext send_packet_from_client can be decrypted.
Specific implementation code is such as, but not limited to:
send_packet_from_client
=encrypt (encrypt (user_nick+user_password) user_private_key
+user_nick)wifi_server_public_key
In the particular embodiment, after first equipment receives the communication request that the second equipment is initiated, verifying is initiated
The step of request includes: to be set the account of the first equipment, password and current time with second using the private cipher key of the first equipment
Standby private cipher key is encrypted, and ciphertext cryptograph_router_nick_password is generated, by ciphertext
The account of cryptograph_router_nick_password and the first equipment, and the leading to about the second equipment received
The ciphertext send_packet_from_client of letter request is packaged and is encrypted with the public keys of the network equipment, will be packaged
Encrypted ciphertext is sent to the network equipment as the checking request of the first equipment of access.
Specific implementation code is such as, but not limited to:
send_packet_from_router
=encrypt (router_nick+encrypt (router_nick+router_password)
router_private_key+send_packet_from_client)wifi_server_public_key
Then, the network equipment returns to the authentication letter of authentication information and the second equipment about the first equipment
Breath returns to network in the process and Fig. 1 of the authentication information of the authentication information and the second equipment about the first equipment and sets
It is standby to be returned according to the checking request about first equipment is identical with the content of the authentication information of the second equipment or base
This is identical, and for simplicity, therefore details are not described herein, and is incorporated herein by reference.
Then, the 8th device 13 is obtained first about the authentication information of first equipment and the second equipment
Ciphertext, and the authentication information is decrypted using the public keys of the network equipment, to obtain about second equipment
Authentication information.
Then, the 8th device 13 identifies the authentication information of second equipment, if the body of second equipment
Part verification information is illegal, then the first device interrupt communication;If the authentication information of second equipment be it is legal,
Then first equipment sends communications feedback information to second equipment.The communications feedback information is by first equipment
It is generated using the public-key encryption of second equipment, and the communications feedback information includes: that the identity of the first equipment is tested
Demonstrate,prove information and the key by the encrypted tunnel between first equipment and second equipment of first equipment generation.It is right
Have second to set after the authentication of second equipment passes through, in the authentication information about the second equipment that the first equipment obtains
Standby public keys, the Public key that the first equipment can use the second equipment encrypt communications feedback information, so as to
The decryption of two equipment safeties.First equipment then opens its Internet resources.
In the particular embodiment, the 8th device 13 obtain that the network equipment sends back to about the first equipment and
It after the authentication information of two equipment, is decrypted with the public keys of the network equipment, decrypts ciphertext cryptograph_
User_pass and ciphertext cryptograph_router_pass.According to the cipher mode, carried out using corresponding key
Decryption, wherein ciphertext cryptograph_user_pass is decrypted using the private cipher key of the first equipment, confirmation second
Whether equipment is a second legal equipment.
If the authentication of the second equipment be it is legal, generate a key session_router_key, this is close
Key session_router_key and ciphertext cryptograph_router_pass utilize together the public keys of the second equipment into
Row packaging ciphering, and the ciphertext of packing is sent to the second equipment for submitting communication application, and to its open net of second equipment
Network resource.
Hereafter, second equipment obtains the communications feedback information, and decrypts institute using the public keys of the network equipment
Communications feedback information is stated, decrypts the authentication information about the first equipment in the private cipher key using the second equipment, it is right again
The whether registered legitimate device of first equipment is authenticated.After completing certification, the first equipment can be used to provide for the second equipment
Internet resources.
After completing certification, the first equipment can be used to provide Internet resources for the second equipment.
In the particular embodiment, second equipment obtains the communications feedback information, uses the privately owned of the second equipment
Communications feedback information described in key pair is decrypted.Specifically, by being solved to ciphertext cryptograph_router_pass
Close, the authentication information for obtaining the first equipment judges whether current first equipment is a registered legitimate device.It completes
After certification, current second equipment is the wireless network resource that the first equipment can be used to provide.
Compared with prior art, in one embodiment of the application the first equipment by uniting to the equipment of Internet resources
One registration, and when the second equipment initiates communication request to the first equipment, request the network equipment to the first equipment and the second equipment
Authentication is carried out, and is returned about the authentication information of the first equipment and the second equipment to the first equipment.Hereafter, it first sets
It is standby to obtain the authentication information, and the communication request is handled according to the authentication information, and to the second equipment
The legal backward corresponding first equipment open network resource of authentication, thus while guaranteeing network security, realization network
The concentration of resource improves the redundancy of Internet resources, expands network coverage face, and then improve the usage experience of user.
Further, the network equipment generates network credentials, first equipment generates resource registering certificate, and described the
Two equipment generate user's registration certificate, and the network equipment, the first equipment and the second equipment are in communication request and authentication rank
The data of section transmission are all decrypted by corresponding public keys and private cipher key and respective encrypted, guarantee the first equipment and the
Two equipment safely, can be transmitted securely in communication request and authenticating phase data, and then provide the net of a safety
Network resource environment.
Fig. 4 show according to a kind of network equipment for providing wireless network resource of one preferred embodiment of the application and
The equipment schematic diagram of first equipment.The network equipment 3 includes first device 31 " ', the 4th device 32 " ' and the 7th device
33 " ', first equipment 1 includes second device 11 " ', the 5th device 12 " ' and the 8th device 13 " '.The first of the network equipment 3
The resource registering request of the initiation of device 31 " ' obtain and handle the second device 11 " of the first equipment 1 ', the 5th of the first equipment 1 the
Device 12 " ' according to the communication request of the second equipment initiation got, to the 4th device 32 " of the network equipment 3 ' initiate verifying
Request, the 4th device 32 " of the network equipment 3 ' it is obtained according to checking request to the first equipment and the progress authentication of the second equipment,
7th device 33 " of the network equipment 3 ' authentication information of the return about first equipment and the second equipment, the first equipment 1
The 8th device 13 " ' obtain the authentication information, and the communication request is handled according to the authentication information.?
This, the first device 31 " of the network equipment 3 ', the 4th device 32 " ' and the 7th device 33 " ' in Fig. 1 the network equipment 3 it is corresponding
The content of first device 31, the 4th device 32 and the 7th device 33 is identical or essentially identical, and the second device of the first equipment 1
11 " ', the 5th device 12 " ' and the 8th device 13 " ' and the second device 12 of the first equipment 1, the 5th device 12 and the 8th in Fig. 2
The content of device 13 is identical or essentially identical, and during being simplicity, therefore details are not described herein, and is incorporated herein by reference.
Fig. 5 is shown according to a kind of for providing the first equipment of wireless network resource of the application another preferred embodiment
With the equipment schematic diagram of the second equipment, first equipment 1 includes second device 11 " ", the 5th device 12 " " and the 8th device
13 " ", the second equipment 2 include 3rd device 21 " ", the 6th device 22 " " and the 9th device 23 " ", the 3rd device for
The network equipment initiates user's registration request, and the 6th device is used to initiate communication request, the 9th device to the first equipment
For to for obtaining communications feedback information.Specifically, the 3rd device 21 " of the second equipment 2 " initiates user's note to the network equipment
The communication request that after volume request, the 6th device 22 " of the second equipment 2 " to the 5th device 12 " of the first equipment 1 " is initiated, the
8th device 13 " of one equipment 1 " requests the network equipment to carry out identity to the first equipment 1 and the second equipment 2 according to communication request
Verifying, and communications feedback information, the 9th device 23 " of the second equipment are generated according to authentication information " obtain the communication instead
Feedforward information.Here, the second device 11 " of the first equipment 1 ", the 5th device 12 " " and the 8th device 13 " " with Fig. 2 in the first equipment
The content of 1 second device 12, the 5th device 12 and the 8th device 13 is identical or essentially identical, during being simplicity, therefore herein not
It repeats, and is incorporated herein by reference again.
In the particular embodiment, the 8th device 13 " " identifies the authentication information of second equipment, if institute
The authentication information for stating the second equipment is illegal, the then interruption of the first equipment 1 communication;If the identity of second equipment
Verification information be it is legal, then first equipment 1 sends communications feedback information, and its open network money to second equipment
Source.Then, nine devices 23 " of second equipment 2 " obtain the communications feedback information, use the private cipher key of the second equipment
The communications feedback information is decrypted.Specifically, being carried out by the ciphertext to the authentication information about the first equipment
Decryption, the authentication information for obtaining the first equipment judge whether current first equipment 1 is a registered legitimate device.It is complete
After certification, current second equipment is the wireless network resource that the first equipment can be used to provide.
Here, the second equipment 2 described herein can be any one can with user (in application user include money
Source user) carried out by modes such as keyboard, mouse, touch tablet, touch screen, handwriting equipment, remote controler or voice-operated devices it is man-machine
Interactive electronic product, such as mobile computer, mobile phone, PDA, palm PC PPC, tablet computer etc..Here, described second
Equipment 2 includes that one kind can be according to the instruction for being previously set or storing, and automatic progress numerical value calculates and the electronics of information processing is set
Standby, hardware includes but is not limited to microprocessor, specific integrated circuit (ASIC), programmable gate array (FPGA), digital processing
Device (DSP), embedded device etc..Those skilled in the art will be understood that above-mentioned first equipment is only for example, other it is existing or
The equipment for being able to use wireless network resource and continuing data communication being likely to occur from now on, is such as applicable to the application, should also wrap
It is contained within the application protection scope, and is incorporated herein by reference.
Hereafter, during the Internet resources that the second equipment 2 is provided using the first equipment 1, the transmission of network data can be with
Three kinds of modes: clear data transmission mode, wireless portion encrypted transmission mode and whole encrypted transmission are used according to safety
Mode.Specifically, clear data transmission mode be the first equipment 1 and the second equipment 2 and the second equipment 2 and network server it
Between data be all plaintext, clear data transmission mode is suitable for that data transmission efficiency is more demanding and security requirement is low
Data transmission.Wireless portion encrypted transmission mode is when transmitting data between the second equipment 2 and the first equipment 1, to remove original net
Outside the safety guarantee of network agreement, it is between first equipment 1 and second equipment 2 that are generated when being authenticated all before use plus
The cipher key pair communication data in close channel are encrypted, while increasing identifier on the head of the ciphertext data packet to realize that first sets
The identification of standby 1 pair of encrypted packet.Wireless portion encrypted transmission mode may further ensure that the second equipment 2 and the first equipment
The safety of communication part between 1.In addition, whole encrypted transmission mode is that the first equipment 1 is set with the second equipment 2 and second
Data between standby 2 and network server are all that the data that the second equipment 2 is sent use first equipment 1 by encryption
The key of encrypted tunnel between second equipment 2 is encrypted, and is forwarded to the network equipment through the first equipment 1 and is solved
It is close, destination server is sent to after being decrypted by the network equipment.Whole encrypted transmission mode prevents the number for ensuring to transmit
It is obtained according to by other first equipment 1, it is ensured that the safety of the transmission of network data.
Fig. 6 shows the method stream that offer wireless network resource is realized according to the network equipment end of the application another aspect
Cheng Tu.In conjunction with Fig. 6 and described for providing the network equipment of wireless network resource, the described method comprises the following steps:
Step S01: the resource registering request that the first equipment is initiated is obtained;
Step S02: in the communication request that second equipment is initiated to first equipment, first equipment is obtained
The checking request initiated according to the communication request;And
Step S03: the authentication information about first equipment and the second equipment is returned to according to the checking request.
Here, the network equipment 3 described herein can be by network host, single network server, multiple network services
The cloud etc. that device collection or multiple servers are constituted is realized.The cloud is a large amount of masters by being based on cloud computing (Cloud Computing)
What machine or network server were constituted, wherein cloud computing is one kind of distributed computing, by the computer set group of a group loose couplings
At a super virtual computer.Those skilled in the art will be understood that the above-mentioned network equipment 3 is only for example, other are existing
Or the network equipment 3 being likely to occur from now on is such as applicable to the application, should also be included within the application protection scope, and herein
It is incorporated herein by reference.In addition, the network equipment 3 include it is a kind of can according to the instruction for being previously set or store, oneself
The dynamic electronic equipment for carrying out numerical value calculating and information processing, hardware includes but is not limited to microprocessor, specific integrated circuit
(ASIC), programmable gate array (FPGA), digital processing unit (DSP), embedded device etc..
Specifically, in the step S01, obtaining the resource registering request that the first equipment is initiated includes:
The resource registering request that first equipment is initiated is obtained, and first according to the resource registering request
The resource information that equipment is submitted.
Wherein, the resource information that first equipment is submitted may include the registration letter for the resource filled in by resource provider
Breath, the hardware information of the first equipment and key information of the first equipment etc..
In the particular embodiment, the registration information of the resource may include the account of the first equipment, the first equipment it is close
Code and service set resource name etc., the hardware information of first equipment may include hardware address (address mac) and network
Bandwidth etc., the key information of first equipment may include the public keys of first equipment, the public keys of the first equipment
It is the public keys of the resource registering certificate generated by first equipment, the resource registering certificate that first equipment generates is also
Including private cipher key corresponding with its public keys.
Specifically, the resource registering certificate that first equipment generates can be the digital certificate using public key system.?
This, digital certificate is encrypted using the key that a pair matches each other, is decrypted, including public keys (public key) and private cipher key
(private key).Each equipment generates setting one being specifically only private cipher key (private key) known to itself, is carried out with private cipher key
Decryption and signature;It concurrently sets a public keys (public key) and is one group for encrypting and verifying signature by itself disclosure and set
It is standby to share.It can only be decrypted with private key using the content of public key encryption, corresponding public key solution can only be used using the content of private key encryption
It is close, it can guarantee that information can arrive at the destination safe and punctually.
Here, the resource registering certificate for the first equipment that the network credentials and the application of the network equipment refer to and
The user resources certificate of registry of two equipment all can equally use digital certificate mode, i.e. the network equipment, the first equipment and second sets
It is standby to all have corresponding public keys and private cipher key, pass through public keys and private cipher key cooperation encryption, decryption communications
Data, to guarantee that can only be designated equipment decryption in communication data obtains, to guarantee the network equipment, the first equipment and second set
Communication data between standby can safe transmission reach, and then ensure the safety of wireless network resource environment.
Certainly, those skilled in the art will be understood that the network credentials that the network equipment is realized in the way of digital certificate and
The description of the user resources certificate of registry of the resource registering certificate and the second equipment for the first equipment that the application refers to is only to lift
Example, other modes that communication between devices data are safely transmitted that can be realized that are existing or being likely to occur from now on are such as applicable to
The application should also be included within the application protection scope, and be incorporated herein by reference.
Then, the network equipment verifies the legitimacy of the resource information, then returns to resource registering feedback letter if legal
Breath, the resource registering feedback information may include SSID information (Service Set Identifier, the clothes of first equipment
Be engaged in set identifier) and the network equipment public keys.Here, the public keys of the network equipment is by the network equipment
The public keys of the network credentials of generation, the network credentials that the network equipment generates further include corresponding with public keys privately owned
Key.
In the preferred embodiment, the SSID information of first equipment includes: resource identification prefix, resource name and money
Source identifying code.Here, the SSID information of first equipment can find resource provider, the money convenient for resource user
Source mark prefix can be such as, but not limited to: Openwifi;The resource name can be the resource account of resource provider registration
Number, it is also possible to other identifier;Unique identifier area can be used between resource identification prefix, resource name and resource identifying code
Point, the unique identifier can such as, but not limited to " _ ";The resource identifying code is privately owned using its by the network equipment
Key encryption generates, and the account including first equipment and a string of random numbers generated by the network equipment.
Then, first equipment obtains the resource registering feedback information that the network equipment is returned, and is set according to network
The SSID information of standby the first equipment returned modifies update to original SSID name, and saves the public close of the network equipment
Key;So far, first equipment is completed to carry out the work of resource registering in the network equipment.
Therefore, the network equipment 3 provides resource registering platform, and the net that will be provided described in the first equipment for the first equipment
It is supplied to resource user in network resource set, Internet resources covering surface can be expanded, improves network redundancy, improves resource and uses
The Web vector graphic experience of side.
Pass through here, the resource provider can be trade company, individual or other offers Internet resources person, resource provider
First equipment provides Internet resources, and the resource user can be the user that wish uses Internet resources, resource user
Internet resources are obtained by the second equipment.
After completing registration, the link of all Internets of the second equipment of resource user is still still closed
's.It connects link to need to initiate communication request to the first equipment of resource provider by the second equipment, and by the second equipment root
After carrying out authentication to the first equipment and the second equipment according to the communication request request network equipment, the second equipment can connect net
Network, the Internet resources that resource user could use resource provider to provide.
In the particular embodiment, it includes: second equipment by that second equipment, which initiates the process of communication request,
The private key encryption of second equipment such as account, password and current time of two equipment generates ciphertext cryptograph_
User_nick_password can ensure that the ciphertext can only have current second equipment using the private key encryption of the second equipment
It generates;Then, second equipment is again by the account of the second equipment and ciphertext cryptograph_user_nick_password
It is stitched together and is encrypted using the public keys of the network equipment, the ciphertext send_packet_from_client of generation;It utilizes
The public-key encryption of the network equipment is all secrecy, the only network equipment to ensure encrypted content in whole network communication
Ciphertext send_packet_from_client can be decrypted.
Specific implementation code is such as, but not limited to:
send_packet_from_client
=encrypt (encrypt (user_nick+user_password) user_private_key
+user_nick)wifi_server_public_key
Then, in the step S02, the network equipment obtains the checking request that first equipment is initiated.?
In preferred embodiment, the network equipment obtains the ciphertext for the checking request initiated about the first equipment first, then utilizes
The ciphertext of the public keys decryption checking request initiated about the first equipment of the network equipment, to obtain the communication
The ciphertext of request, the checking request initiated about the first equipment is by the public close of the first equipment utilization network equipment
Key encryption generate, and it is described about the second equipment initiate communication request ciphertext include: by first equipment utilization its
Account, password and the current time of private cipher key pair first equipment carry out the ciphertext and first equipment of encryption generation
Account.
In the particular embodiment, after first equipment receives the communication request that the second equipment is initiated, verifying is initiated
The step of request includes: to be set the account of the first equipment, password and current time with second using the private cipher key of the first equipment
Standby private cipher key is encrypted, and ciphertext cryptograph_router_nick_password is generated, by ciphertext
The account of cryptograph_router_nick_password and the first equipment, and the leading to about the second equipment received
The ciphertext send_packet_from_client of letter request is packaged and is encrypted with the public keys of the network equipment, will be packaged
Encrypted ciphertext is sent to the network equipment as the checking request of the first equipment.
Specific implementation code is such as, but not limited to:
send_packet_from_router
=encrypt (router_nick+encrypt (router_nick+router_password)
router_private_key+send_packet_from_client)wifi_server_public_key
Then, in step S03, the network equipment carries out identity to the first equipment and the second equipment according to checking request
Verifying, and return to the authentication information about first equipment and the second equipment.Specifically, the network equipment is raw first
At the authentication information of authentication information and the second equipment about the first equipment.
Wherein, the authentication information about the first equipment includes current time, the account of first equipment, public close
It key and authentication result information and the network equipment about first equipment and is encrypted between first equipment
The key in channel;Authentication information about the second equipment includes the account, public close of current time and second equipment
Key and authentication result information about second equipment, the authentication information of second equipment is by the network
It is generated using the public-key encryption of first equipment, encrypted tunnel between the network equipment and first equipment
Key is the random number generated by the network equipment.
Authentication information about the first equipment will be decrypted by the second equipment to be obtained, therefore is to utilize second equipment
Public keys encrypted;And it generates to be decrypted by first equipment about the authentication information of the second equipment and obtain
It takes, therefore is that the public keys of first equipment is encrypted.Thereafter, the network equipment utilizes the network equipment
The authentication information of the authentication information of first equipment and the second equipment described in private cipher key pair carries out packaging ciphering, generates
About the ciphertext of first equipment and the authentication information of the second equipment and the ciphertext is returned, utilizes the network equipment
Private cipher key, which is packaged ciphertext, can be avoided illegal resource user or resource provider acquisition first equipment and second
The ciphertext of the authentication information of equipment, it is ensured that the safety of communication data, and then guarantee the safety of wireless network resource environment
Property.
In the particular embodiment, after the network equipment receives the checking request that the first equipment is sent, verifying is asked
The processing asked includes:
1) be first decrypted with the private cipher key of the network equipment, to corresponding ciphertext by the public keys of the second equipment and
The public keys of first equipment and the public keys of the second equipment are decrypted, to confirm that corresponding data are by the two main bodys
It generates, there is no the possibility of forgery.2) extraction relevant request information, account, password including the second equipment, the first equipment
Account, password and specific application time.3) confirm whether this application is currently mentioned by user by the verification information of application time
It rises.4) information for passing through account and password, verifies the user validation of the second equipment and the resource legitimacy of the first equipment.5)
By the account of the second equipment, current time, the second authentication information (value of information is TRUE or FAULSE) using currently
The public keys of second equipment carries out packaging ciphering using the public keys of " wifi router ", to generate ciphertext
Cryptograph_user_pass, ciphertext cryptograph_user_pass are to notify the second equipment, to the first equipment
Authentication whether be it is legal, if legal then by the second authentication information indicating be TRUE, if it is illegal succeed then will
Second authentication information indicating is TRUE.6) account of the first equipment, current time, the first authentication are believed
Breath (value of information is TRUE or FAULSE), the public keys of the first equipment, message segment session_server_key utilize second
The public keys of equipment carries out packaging ciphering, generates ciphertext cryptograph_router_pass, ciphertext cryptograph_
Router_pass is to notify whether the second equipment succeeds to the authentication of first equipment, if is one legal
First equipment of access network device.Wherein message segment session_server_key is the random number of a generation, for making
The key of encrypted tunnel between the first equipment and network.7) by ciphertext cryptograph_user_pass and ciphertext
After cryptograph_router_pass splicing, packaging ciphering is carried out using the private cipher key of the network equipment, ciphertext will be packaged and made
For the ciphertext about first equipment and the authentication information of the second equipment.
Then, the network equipment is returned specifically includes about the authentication information of first equipment and the second equipment
Ciphertext about first equipment and the authentication information of the second equipment is returned into corresponding second equipment.
Hereafter, first equipment is obtained first about the close of the authentication information of first equipment and the second equipment
Text, and the authentication information is decrypted using the public keys of the network equipment, to obtain about second equipment
Authentication information, hereafter, the first equipment handle the communication request according to authentication information.
In the preferred embodiment, before the step S03, the method also includes step S04 (not to show in figure
Out), the user's registration request that second equipment is initiated is obtained.
Specifically, the step S04 includes: the user's registration information for obtaining second equipment and submitting, user's note
Volume information includes account, password and the public keys of second equipment and its place as acquired in second equipment
The hardware address of user equipment;And the registering result about the user's registration information returned, which includes network
The public keys of equipment.Here, the step S01 and the step S04 step are without sequencing.
Specifically, the secondth equipment obtains the user's registration request that the second equipment is initiated;And it is infused according to the user
The user information that second equipment described in volume request is submitted.Wherein, the user information that second equipment is submitted may include using
The key information of the registration information at family, the hardware information of the second equipment and the second equipment, wherein the registration information of the user can
Password including the account of the second equipment and the second equipment filled in by resource user, the hardware information of second equipment can
Hardware address (address mac) including the second equipment, the key information of second equipment may include the public close of the second equipment
Key, the public keys of second equipment are the public keys of the user's registration certificate generated by second equipment, described the
The user's registration certificate that two equipment generate further includes private cipher key corresponding with its public keys.
Then, the legitimacy of user information described in second device authentication returns to user's registration feedback information if legal,
Wherein, the user's registration feedback information includes: the public keys of the network equipment.Here, network described herein is set
Standby public keys is the public keys of the network credentials generated by the network equipment, the network card that the network equipment generates
Book further includes private cipher key corresponding with public keys.
In other examples, the network equipment can also provide Internet resources for unregistered second equipment, tool
Body can be referred to by directly distributing the modes such as interim visitor's account, ephemeral public for the second equipment, and subsequent
Authenticating phase carries out authentication to the second equipment with interim visitor's account, thus in maintenance wireless network money
Source environment it is safe while, realize unified management of the network equipment to the second equipment.
Fig. 7 shows the method flow that offer wireless network resource is realized according to the first equipment of the application other side
Figure, which comprises
Step S11: resource registering request is initiated to the network equipment;
Step S12: obtaining the communication request that the second equipment is initiated, and initiates checking request according to the communication request to request
The network equipment carries out authentication to first equipment and second equipment;
Step S13: the authentication about first equipment and the second equipment that the network equipment is returned is obtained
Information, and the communication request is handled according to the authentication information.
Here, the first equipment 1 described herein can be gateway, such as router and it is capable of providing wireless
Equipment of hot spot, such as mobile phone, desktop computer, PDA, palm PC PPC or tablet computer etc..Those skilled in the art should be able to manage
It solves above-mentioned first equipment to be only for example, other be able to use wireless network resource online that are existing or being likely to occur from now on
One equipment, is such as applicable to the application, should also be included within the application protection scope, and is contained in by reference herein
This.
Specifically, in step s 11, it when first equipment initiates resource registering request to the network equipment, firstly generates
Resource registering certificate, and resource information is submitted to the network equipment.
In the particular embodiment, the resource registering certificate that first equipment generates includes public keys and public with it
The corresponding private cipher key of key, the private cipher key of the first equipment are saved by the first equipment itself, first equipment it is public close
The second equipment that key passes through for the network equipment and authentication uses, with realize the first equipment and the network equipment, the first equipment with
The safe and secret communication of second equipment.Meanwhile the registration information of the resource may include the account of the first equipment, the first equipment
Password and service set resource name etc., the hardware information of first equipment may include hardware address (address mac) and net
Network bandwidth etc., the key information of first equipment may include the public keys of first equipment.
Specifically, the resource registering certificate that first equipment generates can be the digital certificate using public key system.?
This, digital certificate is encrypted using the key that a pair matches each other, is decrypted, including public keys (public key) and private cipher key
(private key).Each equipment generates setting one being specifically only private cipher key (private key) known to itself, is carried out with private cipher key
Decryption and signature;It concurrently sets a public keys (public key) and is one group for encrypting and verifying signature by itself disclosure and set
It is standby to share.It can only be decrypted with private key using the content of public key encryption, corresponding public key solution can only be used using the content of private key encryption
It is close, it can guarantee that information can arrive at the destination safe and punctually.
Here, the resource registering certificate of first equipment, the network credentials for the network equipment that the application refers to and second
The user resources certificate of registry of equipment all can equally use digital certificate mode, the i.e. network equipment, the first equipment and the second equipment
Corresponding public keys and private cipher key are all had, is passed by corresponding public keys and private cipher key cooperation encryption, decryption communication
Transmission of data, to guarantee that can only be designated equipment decryption in communication data obtains, to guarantee the network equipment, the first equipment and second
Communication data between equipment can safe transmission reach, and then ensure the safety of wireless network resource environment.
Certainly, those skilled in the art will be understood that the resource registering card that the first equipment is realized in the way of digital certificate
The description of the user resources certificate of registry of the network credentials for the network equipment that book and the application refer to and the second equipment is only to lift
Example, other modes that communication between devices data are safely transmitted that can be realized that are existing or being likely to occur from now on are such as applicable to
The application should also be included within the application protection scope, and be incorporated herein by reference.
Then, first equipment obtains the resource registering feedback information that the network equipment is returned.In the resource
Registration feedback information may include first equipment SSID information (Service Set Identifier, service set) and
The public keys of the network equipment.Here, the public keys of the network equipment is the network generated by the network equipment
The public keys of certificate, the network credentials that the network equipment generates further include private cipher key corresponding with public keys.
In the preferred embodiment, the SSID information of first equipment includes: resource identification prefix, resource name and money
Source identifying code.Here, the SSID information of first equipment can find resource provider, the money convenient for resource user
Source mark prefix can be such as, but not limited to: " Openwifi ";The resource name can be the resource of resource provider registration
Account is also possible to other identifier;Unique identifier area can be used between resource identification prefix, resource name and resource identifying code
Point, the unique identifier can such as, but not limited to " _ ";The resource identifying code is private using it by the first device 11
There is key encryption to generate, and the account including first equipment and a string of random numbers generated by the network equipment.
Second equipment first passes through search, searches the Internet resources for obtaining and being able to access that, specifically before initiating communication request
By retrieving the SSID information of the first equipment, find with resource identification prefix, such as started with " openwifi " prefix
Corresponding first equipment 1 of SSID information.Second equipment decrypts the resource identifying code using the public keys of the network equipment, obtains
The account of first equipment and a string of random numbers generated by the network equipment carry out the account of the first equipment and resource name
It compares, illustrates that first equipment is the legitimate network resource provider registered in the network device if consistent, second sets
It is standby safely to initiate communication request to first equipment.Further, the communication request that the second equipment is initiated is with ciphertext
Form is sent, and the ciphertext about the communication request is generated by the public-key encryption of the second equipment utilization network equipment
, and the ciphertext about the communication request includes: by described its private cipher key pair of second equipment utilization second equipment
Account, password and current time carry out encryption generation ciphertext and second equipment account.
In the step S12, first equipment obtains the communication request that the second equipment is initiated, and utilizes the network
The public keys of equipment decrypts the ciphertext about the communication request, to obtain the content of the communication request.
In the particular embodiment, it includes: second equipment by that second equipment, which initiates the process of communication request,
The private key encryption of second equipment such as account, password and current time of two equipment generates ciphertext cryptograph_
User_nick_password can ensure that the ciphertext can only have current second equipment using the private key encryption of the second equipment
It generates;Then, second equipment is again by the account of the second equipment and ciphertext cryptograph_user_nick_password
It is stitched together and is encrypted using the public keys of the network equipment, the ciphertext send_packet_from_client of generation;It utilizes
The public-key encryption of the network equipment is all secrecy, the only network equipment to ensure encrypted content in whole network communication
Ciphertext send_packet_from_client can be decrypted.
Specific implementation code is such as, but not limited to:
send_packet_from_client
=encrypt (encrypt (user_nick+user_password) user_private_key
+user_nick)wifi_server_public_key
In step s 12, first equipment initiates checking request according to the communication request.First equipment utilization first
The public-key encryption of the network equipment generates the ciphertext about the checking request, the ciphertext packet about checking request
Include: the account of the private cipher key pair of the first equipment first equipment, password as described in the first equipment utilization and current time carry out
The account of the ciphertext and first equipment that generate is encrypted, the first equipment sends out the ciphertext about checking request thereafter
Give the network equipment.
In the particular embodiment, after first equipment receives the communication request that the second equipment is initiated, first is utilized
The private cipher key of equipment encrypts the account of the first equipment, password and current time with the private cipher key of the second equipment, raw
At ciphertext cryptograph_router_nick_password, by ciphertext cryptograph_router_nick_password
With the account of the first equipment, and the ciphertext send_packet_from_ of the communication request about the second equipment received
Client, which is packaged, simultaneously to be encrypted with the public keys of the network equipment, by the ciphertext after packaging ciphering, as accessing the first equipment
Checking request, be sent to the network equipment.
Specific implementation code is such as, but not limited to:
send_packet_from_router
=encrypt (router_nick+encrypt (router_nick+router_password)
router_private_key+send_packet_from_client)wifi_server_public_key
Then, the network equipment returns to the authentication letter of authentication information and the second equipment about the first equipment
Breath, wherein the network equipment returns to the authentication information of the authentication information and the second equipment about the first equipment
Process and the content of step S03 in Fig. 6 are identical or essentially identical, and for simplicity, therefore details are not described herein, and with the side of reference
Formula is incorporated herein.
In step s 13, first equipment obtains the authentication about first equipment and the second equipment first
The ciphertext of information, and decrypt the authentication information using the public keys of the network equipment, to obtain about described the
The authentication information of two equipment.
Then, first equipment identifies the authentication information of second equipment, if the identity of second equipment
Verification information is illegal, then the first device interrupt communication;If the authentication information of second equipment be it is legal,
First equipment sends communications feedback information to second equipment.The communications feedback information is by the first equipment benefit
It is generated with the public-key encryption of second equipment, and the communications feedback information includes: the authentication of the first equipment
Information and by first equipment generate first equipment and second equipment between encrypted tunnel key.To
After the authentication of two equipment passes through, there is the second equipment in the authentication information about the second equipment that the first equipment obtains
Public keys, the Public key that the first equipment can use the second equipment encrypts communications feedback information, so as to second
Equipment safety decryption.First equipment then opens its Internet resources.
In the particular embodiment, first equipment obtain that the network equipment sends back to about the first equipment and second
It after the authentication information of equipment, is decrypted with the public keys of the network equipment, decrypts ciphertext cryptograph_user_
Pass and ciphertext cryptograph_router_pass.According to the cipher mode, it is decrypted using corresponding key,
Wherein, ciphertext cryptograph_user_pass is decrypted using the private cipher key of the first equipment, the second equipment of confirmation is
No is a second legal equipment.
If the authentication of the second equipment be it is legal, generate a key session_router_key, this is close
Key session_router_key and ciphertext cryptograph_router_pass utilize together the public keys of the second equipment into
Row packaging ciphering, and the ciphertext of packing is sent to the second equipment for submitting communication application, and to its open net of second equipment
Network resource.
Hereafter, second equipment obtains the communications feedback information, and decrypts institute using the public keys of the network equipment
Communications feedback information is stated, decrypts the authentication information about the first equipment in the private cipher key using the second equipment, it is right again
The whether registered legitimate device of first equipment is authenticated.After completing certification, the first equipment can be used to provide for the second equipment
Internet resources.After completing certification, the first equipment can be used to provide Internet resources for the second equipment.
In the particular embodiment, second equipment obtains the communications feedback information, uses the privately owned of the second equipment
Communications feedback information described in key pair is decrypted.Specifically, by being solved to ciphertext cryptograph_router_pass
Close, the authentication information for obtaining the first equipment judges whether current first equipment is a registered legitimate device.It completes
After certification, current second equipment is the wireless network resource that the first equipment can be used to provide.
Compared with prior art, in one embodiment of the application the first equipment by uniting to the equipment of Internet resources
One registration, and when the second equipment initiates communication request to the first equipment, request the network equipment to the first equipment and the second equipment
Authentication is carried out, and is returned about the authentication information of the first equipment and the second equipment to the first equipment.Hereafter, it first sets
It is standby to obtain the authentication information, and the communication request is handled according to the authentication information, and to the second equipment
The legal backward corresponding first equipment open network resource of authentication, thus while guaranteeing network security, realization network
The concentration of resource improves the redundancy of Internet resources, expands network coverage face, and then improve the usage experience of user.
Further, the network equipment generates network credentials, first equipment generates resource registering certificate, and described the
Two equipment generate user's registration certificate, and the network equipment, the first equipment and the second equipment are in communication request and authentication rank
The data of section transmission are all decrypted by corresponding public keys and private cipher key and respective encrypted, guarantee the first equipment and the
Two equipment safely, can be transmitted securely in communication request and authenticating phase data, and then provide the net of a safety
Network resource environment.
Fig. 8, which is shown, to be realized according to the network equipment of one preferred embodiment of the application and the cooperation of the first equipment and provides wireless network
The method flow diagram of network resource, including step S11 '~S16 ', specifically, in step S11 ', the first equipment 1 is to the network equipment
The resource registering of 3 initiation is requested;In step S12 ', the first equipment 1 is asked according to the communication that the second equipment got is initiated
It asks;In step S13 ', the first equipment 1 initiates checking request to the network equipment 3;In step S14 ', the network equipment 3 is according to testing
It demonstrate,proves request and authentication is carried out to the first equipment and the second equipment;In step S15 ', the network equipment 3 is returned about described
The authentication information of first equipment and the second equipment;In step S16 ', the first equipment 1 according to the authentication information at
Manage the communication request.Here, the content of step S11 is identical or essentially identical in step S11 ' and Fig. 7, step S12 ' and step
The content of step S12 is identical or essentially identical in S13 ' and Fig. 7, the content of step S02 in step S14 ' and step S15 ' and Fig. 6
Identical or essentially identical, the content of step S13 is identical or essentially identical in step S16 ' and Fig. 7, for simplicity, therefore herein not
It repeats, and is incorporated herein by reference again.
Fig. 9, which is shown, to be realized according to first equipment of one preferred embodiment of the application and the cooperation of the second equipment and provides wireless network
The method flow diagram of network resource, including step S11 "~S14 ".Specifically, in step S11 ", the second equipment 2 is to the first equipment
1 initiates communication request;In step S12 ", the first equipment 1 initiates checking request to the network equipment according to communication request;In step
In S13 ", the first equipment 1 obtains authentication information about first equipment and the second equipment, and according to verification information at
Manage the communication request;In step S14 ", 1 return communication feedback information of the first equipment.
Here, the second equipment 2 described herein can be any one can with user (in application user include money
Source user) carried out by modes such as keyboard, mouse, touch tablet, touch screen, handwriting equipment, remote controler or voice-operated devices it is man-machine
Interactive electronic product, such as mobile computer, mobile phone, PDA, palm PC PPC, tablet computer etc..Here, described second
Equipment 2 includes that one kind can be according to the instruction for being previously set or storing, and automatic progress numerical value calculates and the electronics of information processing is set
Standby, hardware includes but is not limited to microprocessor, specific integrated circuit (ASIC), programmable gate array (FPGA), digital processing
Device (DSP), embedded device etc..Those skilled in the art will be understood that above-mentioned first equipment is only for example, other it is existing or
The equipment for being able to use wireless network resource and continuing data communication being likely to occur from now on, is such as applicable to the application, should also wrap
It is contained within the application protection scope, and is incorporated herein by reference.
In the particular embodiment, in step S11 ", the process that the second equipment 2 initiates communication request includes: described the
The private key encryption of second equipment such as the account of the second equipment, password and current time is generated ciphertext by two equipment
Cryptograph_user_nick_password can ensure that the ciphertext can only have using the private key encryption of the second equipment
Current second equipment generates;Then, second equipment is again by the account of the second equipment and ciphertext cryptograph_user_
Nick_password is stitched together to be encrypted using the public keys of the network equipment, the ciphertext send_packet_ of generation
from_client;Using the network equipment public-key encryption to ensure encrypted content whole network communication in all be protect
Close, only the network equipment can decrypt ciphertext send_packet_from_client.
Specific implementation code is such as, but not limited to:
send_packet_from_client
=encrypt (encrypt (user_nick+user_password) user_private_key
+user_nick)wifi_server_public_key
Here, step S12 ", step S13 " and the content of step S12 and step S13 in Fig. 7 are identical or essentially identical, it is
For the sake of simplicity, therefore details are not described herein, and is incorporated herein by reference.
The communication request is handled according to the authentication information in step S13 ", identifies second equipment first
Authentication information, if the authentication information of second equipment be it is illegal, first equipment 1 interrupts communication;
If the authentication information of second equipment be it is legal, first equipment 1 enters step S14 ", i.e., sets to described second
Standby 2 send communications feedback information, and the Internet resources of open first equipment 1.
Hereafter, second equipment 2 obtains the communications feedback information, and using described in the private cipher key pair of the second equipment
Communications feedback information is decrypted.Specifically, being decrypted by the ciphertext to the authentication information about the first equipment, obtain
The authentication information of the first equipment is taken to judge whether current first equipment 1 is a registered legitimate device.Complete certification
Afterwards, current second equipment is the wireless network resource that the first equipment can be used to provide.
Hereafter, during the Internet resources that the second equipment 2 is provided using the first equipment 1, the transmission of network data can be with
Three kinds of modes: clear data transmission mode, wireless portion encrypted transmission mode and whole encrypted transmission are used according to safety
Mode.Specifically, clear data transmission mode be the first equipment 1 and the second equipment 2 and the second equipment 2 and network server it
Between data be all plaintext, clear data transmission mode is suitable for that data transmission efficiency is more demanding and security requirement is low
Data transmission.Wireless portion encrypted transmission mode is when transmitting data between the second equipment 2 and the first equipment 1, to remove original net
Outside the safety guarantee of network agreement, it is between first equipment 1 and second equipment 2 that are generated when being authenticated all before use plus
The cipher key pair communication data in close channel are encrypted, while increasing identifier on the head of the ciphertext data packet to realize that first sets
The identification of standby 1 pair of encrypted packet.Wireless portion encrypted transmission mode may further ensure that the second equipment 2 and the first equipment
The safety of communication part between 1.In addition, whole encrypted transmission mode is that the first equipment 1 is set with the second equipment 2 and second
Data between standby 2 and network server are all that the data that the second equipment 2 is sent use first equipment 1 by encryption
The key of encrypted tunnel between second equipment 2 is encrypted, and is forwarded to the network equipment through the first equipment 1 and is solved
It is close, destination server is sent to after being decrypted by the network equipment.Whole encrypted transmission mode prevents the number for ensuring to transmit
It is obtained according to by other first equipment 1, it is ensured that the safety of the transmission of network data.
According to the another aspect of the application, additionally provide a kind of for providing the system of wireless network, the system comprises this
Application is described for providing the network equipment of wireless network resource, the first equipment for providing wireless network resource and second setting
Standby, second equipment is used to initiate communication request to first equipment to provide with the network of the first equipment described in request
Source.
Here, the network equipment can be by network host, single network server, multiple network server collection or multiple servers
Cloud of composition etc. is realized.The cloud is a large amount of hosts or network server structure by being based on cloud computing (Cloud Computing)
At, wherein cloud computing is one kind of distributed computing, and one consisting of a loosely coupled set of computers is super virtual
Computer.Those skilled in the art will be understood that the above-mentioned network equipment is only for example, other are existing or are likely to occur from now on
The network equipment 3 is such as applicable to the application, should also be included within the application protection scope, and is contained in by reference herein
This.In addition, the network equipment includes that one kind can be according to the instruction for being previously set or storing, automatic progress numerical value calculating and letter
The electronic equipment of processing is ceased, hardware includes but is not limited to microprocessor, specific integrated circuit (ASIC), programmable gate array
(FPGA), digital processing unit (DSP), embedded device etc..
Here, the equipment that the first equipment can be gateway or be capable of providing wireless network resource, for example, router and
The equipment for being capable of providing hotspot, such as mobile phone, desktop computer, PDA, palm PC PPC or tablet computer etc..This field skill
Art personnel will be understood that above-mentioned first equipment is only for example, other are existing or what is be likely to occur from now on is able to use wireless network
First equipment of resource online, is such as applicable to the application, should also be included within the application protection scope, and herein with reference
Mode is incorporated herein.
Here, the second equipment, which can be any one, to pass through key with user (user includes resource user in application)
The modes such as disk, mouse, touch tablet, touch screen, handwriting equipment, remote controler or voice-operated device carry out the electronic product of human-computer interaction,
Such as mobile computer, mobile phone, PDA, palm PC PPC, tablet computer etc..Here, second equipment includes a kind of energy
It is enough that the automatic numerical value that carries out calculates and the electronic equipment of information processing according to the instruction for being previously set or store, hardware include but
It is not limited to microprocessor, specific integrated circuit (ASIC), programmable gate array (FPGA), digital processing unit (DSP), embedded sets
It is standby etc..Those skilled in the art will be understood that above-mentioned first equipment is only for example, other energy that are existing or being likely to occur from now on
The equipment for enough continuing data communication using wireless network resource, is such as applicable to the application, should also be included in the application and protects model
Within enclosing, and it is incorporated herein by reference.
Following example combines a specific embodiment to illustrate to provide the course of work of the system of wireless network:
The router side of the provider (such as businessman) of Wireless Communication Equipment is provided when opening first time, to the network equipment
Resource registering request is initiated, after completing resource registering request, then there is the router of provider one to identify with specific resources
The SSID information of prefix is easy to use the user of Wireless Communication Equipment to search.
The mobile terminal (such as mobile phone etc.) that user uses initiates user's registration request to the network equipment first, completes resource
After registration request, when needing using wireless network resource, user opens the function of search of mobile terminal, and search in its vicinity may be used
Wireless network resource, retrieve with specific resource identification prefix in available Internet resources information (such as with
The SSID information of " Openwifi " resource identification prefix) available offer Wireless Communication Equipment can be provided.Then, it is accorded with to acquisition
The router for closing desired provider initiates communication request.
The router for receiving communication request initiates checking request to the network equipment of server-side, requests the network equipment pair
The router and mobile terminal of provider carry out authentication, and the network equipment is according to checking request by the router about provider
Authentication information and user mobile terminal authentication information carry out packaging ciphering return to router.
The router of provider then according to the authentication information of the mobile terminal about user, handles the communication and asks
Ask, if be to the authentication information of the mobile terminal of user it is legal, the router return communication feedback information of provider is simultaneously
Wireless network resource is provided to the mobile terminal of user, the mobile network appliance of user can be used according to communications feedback information to be mentioned
The wireless network resource that supplier provides.
In conclusion providing the businessman of wireless network resource for wish and wish is provided using the user of wireless network resource
The platform of registration, after completing registration, when user requests available businessman to provide Internet resources, the method and equipment can unite
A pair of of user and businessman carry out authentication and management, businessman can be legal to authentication according to the authentication information
User's open network resource, allow the user to easily using businessman provide wireless network resource, while guarantee user and
The safety of businessman.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application
Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt
With specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodiment
In, the software program of the application can be executed to implement the above steps or functions by processor.Similarly, the application
Software program (including relevant data structure) can be stored in computer readable recording medium, for example, RAM memory,
Magnetic or optical driver or floppy disc and similar devices.In addition, hardware can be used to realize in some steps or function of the application, example
Such as, as the circuit cooperated with processor thereby executing each step or function.
In addition, a part of the application can be applied to computer program product, such as computer program instructions, when its quilt
When computer executes, by the operation of the computer, it can call or provide according to the present processes and/or technical solution.
And the program instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass through
Broadcast or the data flow in other signal-bearing mediums and transmitted, and/or be stored according to described program instruction operation
In the working storage of computer equipment.Here, including a device according to one embodiment of the application, which includes using
Memory in storage computer program instructions and processor for executing program instructions, wherein when the computer program refers to
When enabling by processor execution, method and/or skill of the device operation based on aforementioned multiple embodiments according to the application are triggered
Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned exemplary embodiment, Er Qie
In the case where without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and scope of the present application is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the application.Any reference signs in the claims should not be construed as limiting the involved claims.This
Outside, it is clear that one word of " comprising " does not exclude other units or steps, and odd number is not excluded for plural number.That states in device claim is multiple
Unit or device can also be implemented through software or hardware by a unit or device.The first, the second equal words are used to table
Show title, and does not indicate any particular order.
Claims (27)
1. a kind of for providing the method for wireless network resource at network equipment end, wherein the described method includes:
Obtain and handle the resource registering request of the first equipment initiation;
In the communication request that the second equipment is initiated to first equipment, first equipment is obtained according to the communication request
The checking request initiated;And
The authentication information about first equipment and the second equipment is returned according to the checking request;
Wherein, it obtains and the resource registering request for handling the initiation of the first equipment includes:
Obtain the resource registering request that first equipment is initiated;
The resource information submitted according to the first equipment described in the resource registering request;And
The legitimacy of the resource information is verified, then returns to resource registering feedback information if legal;
Wherein, the resource information includes: the close of the registration information of resource, the hardware information of first equipment and the first equipment
Key information;The resource registering feedback information include: first equipment SSID information and the network equipment it is public close
Key.
2. according to the method described in claim 1, wherein,
The registration information of the resource includes the account of the first equipment, the password of the first equipment, service set resource name, institute
The hardware information for stating the first equipment includes the hardware address of first equipment and the key letter of network broadband, first equipment
Breath includes the public keys of first equipment;
The SSID information of first equipment includes: resource identification prefix, resource name and resource identifying code, the resource verifying
Code is to be generated by the network equipment using its private key encryption, and the account including first equipment and a string are by institute
State the random number of network equipment generation.
3. according to the method described in claim 1, wherein, in the communication request that second equipment is initiated to first equipment
Before, the method also includes:
Obtain and handle the user's registration request of the second equipment initiation.
4. according to the method described in claim 3, wherein, obtaining and the user's registration request for handling the initiation of the second equipment including:
Obtain the user's registration request of the second equipment initiation;
The user information submitted according to the second equipment described in the user's registration request;And
The legitimacy of the user information is verified, returns to user's registration feedback information if legal.
5. according to the method described in claim 4, wherein,
The user information includes: the key information of the registration information of user, the hardware information of the second equipment and the second equipment, institute
The registration information for stating user includes the account of the second equipment and the password of the second equipment, and the hardware information of second equipment includes
The key information of the hardware address of second equipment, second equipment includes the public keys of the second equipment;
The user's registration feedback information includes: the public keys of the network equipment.
6. the method according to any one of claims 1 to 5, wherein obtain first equipment and asked according to the communication
The initiated checking request is asked to include:
Obtain the ciphertext for the checking request initiated about the first equipment;And
The ciphertext of the checking request initiated about the first equipment is decrypted, using the public keys of the network equipment to obtain
The ciphertext of the communication request, the checking request initiated about the first equipment is by the first equipment utilization network equipment
Public-key encryption generate, and the ciphertext of communication request initiated about the second equipment includes: to be set by described first
It is standby encrypt the ciphertext of generation and described using the account of its private cipher key pair first equipment, password and current time
The account of first equipment.
7. the method according to any one of claims 1 to 5, wherein return about first equipment and the second equipment
Authentication information include:
The authentication information about the first equipment is generated, and is encrypted using the public keys of second equipment, about
The authentication information of first equipment includes current time, the account of first equipment, public keys and about described first
The key of encrypted tunnel between the authentication result information and the network equipment and first equipment of equipment;
The authentication information about the second equipment is generated, and is encrypted using the public keys of first equipment, about
The authentication information of second equipment includes the account of current time and second equipment, public keys and about described second
The authentication result information of equipment, the authentication information of second equipment are to utilize first equipment by the network
Public-key encryption generate, the key of encrypted tunnel is by the network between the network equipment and first equipment
The random number that equipment generates;
The identity of the authentication information of first equipment and the second equipment described in private cipher key pair using the network equipment is tested
It demonstrate,proves information and carries out packaging ciphering, to generate the ciphertext about first equipment and the authentication information of the second equipment;And
Return to the ciphertext about first equipment and the second authentication information.
8. a kind of for providing the method for wireless network resource in the first equipment end, wherein the described method includes:
Resource registering request is initiated to the network equipment;
The communication request of the second equipment initiation is obtained, and checking request is initiated according to the communication request, to request the network
Equipment carries out authentication to first equipment and second equipment;And
The authentication information about first equipment and the second equipment that the network equipment is returned is obtained, and according to institute
It states authentication information and handles the communication request;
Wherein, initiating resource registering request to the network equipment includes:
Generate resource registering certificate;
Resource information is submitted to the network equipment;And
Obtain the resource registering feedback information that the network equipment is returned;
Wherein, the resource information includes: the close of the registration information of resource, the hardware information of first equipment and the first equipment
Key information;The resource registering feedback information include: first equipment SSID information and the network equipment it is public close
Key.
9. according to the method described in claim 8, wherein,
The registration information of the resource includes the account of the first equipment, the password of the first equipment, service set resource name, institute
The hardware information for stating the first equipment includes the hardware address and network broadband of first equipment, the key letter of first equipment
Breath includes the public keys of first equipment;
The SSID information of first equipment includes: resource identification prefix, resource name and resource identifying code, the resource verifying
Code is the account generated by the network equipment using its private key encryption, including first equipment and a string by described
The random number that the network equipment generates.
10. according to the method described in claim 8, wherein, obtaining the communication request that the second equipment is initiated includes:
Obtain that second equipment sends about communication request ciphertext;And
The ciphertext about the communication request is decrypted using the public keys of the network equipment, to obtain the communication request,
Ciphertext about the communication request is generated by the public-key encryption of the second equipment utilization network equipment, and described
Ciphertext about the communication request includes: the account, close by described its private cipher key pair of second equipment utilization second equipment
Code and current time carry out the ciphertext of encryption generation and the account of second equipment.
11. the method according to any one of claim 8 to 10, wherein initiate checking request according to the communication request
Include:
The ciphertext about the checking request is generated using the public-key encryption of the network equipment, it is described about checking request
Ciphertext include: by the account of described its private cipher key pair of first equipment utilization first equipment, password and current time carry out
Encrypt the account of the ciphertext and first equipment that generate;And it is sent to the network equipment described about checking request
Ciphertext.
12. the method according to any one of claim 8 to 10, wherein according to authentication information processing
Communication request includes:
Obtain the ciphertext about first equipment and the authentication information of the second equipment;
The authentication information is decrypted using the public keys of the network equipment, to obtain the body about second equipment
Part verification information;
If the authentication information of second equipment be it is illegal, interrupt communication;
If the authentication information of second equipment be it is legal, it is anti-that first equipment to second equipment sends communication
Feedforward information.
13. according to the method for claim 12, wherein the communications feedback information is by first equipment utilization second
What the public-key encryption of equipment generated, and the communications feedback information includes:
The authentication information of first equipment and by first equipment generate first equipment and second equipment it
Between encrypted tunnel key.
14. a kind of for providing the network equipment of wireless network resource, wherein the network equipment includes:
First device, for obtaining and handling the resource registering request of the first equipment initiation;
4th device when communication request for initiating in from the second equipment to first equipment, obtains the first equipment root
The checking request initiated according to the communication request;And
7th device, for returning to the authentication information about first equipment and the second equipment;
Wherein, the first device obtain and handle the first equipment initiation resource registering request include:
Obtain the resource registering request that first equipment is initiated;
The resource information submitted according to the first equipment described in the resource registering request;And
The legitimacy of the resource information is verified, then returns to resource registering feedback information if legal;
Wherein, the resource information includes: the close of the registration information of resource, the hardware information of first equipment and the first equipment
Key information;The resource registering feedback information include: first equipment SSID information and the network equipment it is public close
Key.
15. the network equipment according to claim 14, wherein
The resource information includes: that the registration information of the resource includes the account of the first equipment, the password of the first equipment, service
Set identifier resource name, the hardware information of first equipment include the hardware address and network broadband, institute of first equipment
The key information for stating the first equipment includes the public keys of first equipment;
The resource registering feedback information includes: the SSID information of first equipment and the public keys of the network equipment,
The SSID information of first equipment includes: resource identification prefix, resource name and resource identifying code, and the resource identifying code is
It is generated by the first device using its private key encryption, and the account including first equipment and a string are by the net
The random number that network equipment generates.
16. the network equipment according to claim 14, wherein the network equipment further include:
Tenth device, for obtaining and handling the user's registration request of the second equipment initiation.
17. the network equipment according to claim 16, wherein the tenth device obtains user's note that the second equipment is initiated
Volume is requested
Obtain the user's registration request of the second equipment initiation;
The user information submitted according to the second equipment described in the user's registration request;And
The legitimacy of the user information is verified, returns to user's registration feedback information if legal.
18. the network equipment according to claim 17, wherein
The user information includes: the key information of the registration information of user, the hardware information of the second equipment and the second equipment, institute
The registration information for stating user includes the account of the second equipment and the password of the second equipment, and the hardware information of second equipment includes
The key information of the hardware address of second equipment, second equipment includes the public keys of the second equipment;
The user's registration feedback information includes: the public keys of the network equipment.
19. the network equipment described in any one of 4 to 18 according to claim 1, wherein the 4th device obtains described first
Equipment includes: according to the checking request that the communication request is initiated
Obtain the ciphertext for the checking request initiated about the first equipment;And
The ciphertext of the checking request initiated about the first equipment is decrypted, using the public keys of the network equipment to obtain
The ciphertext of the communication request, the checking request initiated about the first equipment is by the first equipment utilization network equipment
Public-key encryption generate, and the ciphertext of communication request initiated about the second equipment includes: to be set by described first
It is standby encrypt the ciphertext of generation and described using the account of its private cipher key pair first equipment, password and current time
The account of first equipment.
20. the network equipment described in any one of 4 to 18 according to claim 1, wherein the 7th device is returned about described
The authentication information of first equipment and the second equipment includes:
The authentication information about the first equipment is generated, and is encrypted using the public keys of second equipment, about
The authentication information of first equipment includes current time, the account of first equipment, public keys and about described first
The key of encrypted tunnel between the authentication result information and the network equipment and first equipment of equipment;
The authentication information about the second equipment is generated, and is encrypted using the public keys of first equipment, about
The authentication information of second equipment includes the account of current time and second equipment, public keys and about described second
The authentication result information of equipment, the authentication information of second equipment are to utilize first equipment by the network
Public-key encryption generate, the key of encrypted tunnel is by the described 7th between the network equipment and first equipment
The random number that device generates;
The identity of the authentication information of first equipment and the second equipment described in private cipher key pair using the network equipment is tested
It demonstrate,proves information and carries out packaging ciphering, to generate the ciphertext about first equipment and the authentication information of the second equipment;And
Return to the ciphertext about first equipment and the second authentication information.
21. a kind of for providing the first equipment of wireless network resource, wherein first equipment includes:
Second device, the resource registering request for being initiated to the network equipment;
5th device, for obtain the second equipment initiation communication request, and according to the communication request initiate checking request with
The network equipment is requested to carry out authentication to first equipment and second equipment;
8th device, the authentication about first equipment and the second equipment returned for obtaining the network equipment
Information, and the communication request is handled according to the authentication information;
Wherein, the second device includes: to network equipment initiation resource registering request
Generate resource registering certificate;
Resource information is submitted to the network equipment;And
Obtain the resource registering feedback information that the network equipment is returned;
Wherein, the resource information includes: the close of the registration information of resource, the hardware information of first equipment and the first equipment
Key information;The resource registering feedback information include: first equipment SSID information and the network equipment it is public close
Key.
22. the first equipment according to claim 21, wherein
The registration information of the resource includes the account of the first equipment, the password of the first equipment, service set resource name, institute
The hardware information for stating the first equipment includes the hardware address and network broadband of first equipment, the key letter of first equipment
Breath includes the public keys of first equipment;
The resource registering feedback information includes: the SSID information of first equipment and the public keys of the network equipment,
The SSID information of first equipment includes: resource identification prefix, resource name and resource identifying code, and the resource identifying code is
It is generated by the network equipment using its private key encryption, account including first equipment and a string are by the network
The random number that equipment generates.
23. the first equipment according to claim 21, wherein the 5th device obtains the communication that the second equipment is initiated and asks
It asks and includes:
Obtain that second equipment sends about communication request ciphertext;And
The ciphertext about the communication request is decrypted using the public keys of the network equipment, to obtain the communication request,
Ciphertext about the communication request is generated by the public-key encryption of the second equipment utilization network equipment, and described
Ciphertext about the communication request includes: the account, close by described its private cipher key pair of second equipment utilization second equipment
Code and current time carry out the ciphertext of encryption generation and the account of second equipment.
24. first equipment according to any one of claim 21 to 23, wherein the 5th device is according to the communication
Checking request is initiated in request
The ciphertext about the checking request is generated using the public-key encryption of the network equipment, it is described about checking request
Ciphertext include: that the account of the private cipher key pair of first equipment first equipment, password and current are utilized by the 5th device
Time carries out the ciphertext of encryption generation and the account of first equipment;And
The ciphertext about checking request is sent to the network equipment.
25. first equipment according to any one of claim 21 to 23, wherein the 8th device is according to the identity
Verification information handles the communication request
Obtain the ciphertext about first equipment and the authentication information of the second equipment;
The authentication information is decrypted using the public keys of the network equipment, to obtain the body about second equipment
Part verification information;
If the authentication information of second equipment be it is illegal, interrupt communication;
If the authentication information of second equipment be it is legal, it is anti-that first equipment to second equipment sends communication
Feedforward information.
26. the first equipment according to claim 25, wherein the communications feedback information is by first equipment utilization
What the public-key encryption of the second equipment generated, and the communications feedback information includes:
The authentication information of first equipment and by first equipment generate first equipment and second equipment it
Between encrypted tunnel key.
27. a kind of for providing the system of wireless network resource, wherein the system comprises:
According to claim 1 first described in any one of the network equipment, claim 21 to 26 described in any one of 4 to 20
Equipment and the second equipment, second equipment are used to initiate communication request to first equipment with described in request first
The Internet resources of equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410736264.3A CN105721403B (en) | 2014-12-04 | 2014-12-04 | For providing the method, equipment and system of wireless network resource |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410736264.3A CN105721403B (en) | 2014-12-04 | 2014-12-04 | For providing the method, equipment and system of wireless network resource |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105721403A CN105721403A (en) | 2016-06-29 |
CN105721403B true CN105721403B (en) | 2019-01-11 |
Family
ID=56144098
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410736264.3A Active CN105721403B (en) | 2014-12-04 | 2014-12-04 | For providing the method, equipment and system of wireless network resource |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105721403B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106413047A (en) * | 2016-10-31 | 2017-02-15 | 北京小米移动软件有限公司 | Method and device for enabling intelligent device to be accessed to wireless network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977380A (en) * | 2010-11-15 | 2011-02-16 | 天津工业大学 | Wireless Mesh network identification method |
CN102625310A (en) * | 2012-03-13 | 2012-08-01 | 中国联合网络通信集团有限公司 | Wireless network access method and authentication method and device |
CN103812921A (en) * | 2012-11-12 | 2014-05-21 | (株)庆东One | Heating system remote control and management device using a smart phone application and its method |
CN103945458A (en) * | 2014-03-05 | 2014-07-23 | 周良文 | Intelligent WIFI triggering device, integrating system and method |
CN103997733A (en) * | 2014-05-30 | 2014-08-20 | 李克 | WiFi access resource sharing method and system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070002833A1 (en) * | 2005-06-30 | 2007-01-04 | Symbol Technologies, Inc. | Method, system and apparatus for assigning and managing IP addresses for wireless clients in wireless local area networks (WLANs) |
US9319880B2 (en) * | 2010-09-15 | 2016-04-19 | Intel Corporation | Reformatting data to decrease bandwidth between a video encoder and a buffer |
-
2014
- 2014-12-04 CN CN201410736264.3A patent/CN105721403B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977380A (en) * | 2010-11-15 | 2011-02-16 | 天津工业大学 | Wireless Mesh network identification method |
CN102625310A (en) * | 2012-03-13 | 2012-08-01 | 中国联合网络通信集团有限公司 | Wireless network access method and authentication method and device |
CN103812921A (en) * | 2012-11-12 | 2014-05-21 | (株)庆东One | Heating system remote control and management device using a smart phone application and its method |
CN103945458A (en) * | 2014-03-05 | 2014-07-23 | 周良文 | Intelligent WIFI triggering device, integrating system and method |
CN103997733A (en) * | 2014-05-30 | 2014-08-20 | 李克 | WiFi access resource sharing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105721403A (en) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102116399B1 (en) | Content security at the service layer | |
US11432150B2 (en) | Method and apparatus for authenticating network access of terminal | |
US10601801B2 (en) | Identity authentication method and apparatus | |
KR102024653B1 (en) | Access Methods, Devices, and Systems for User Equipment (UE) | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
CN109075968A (en) | Method and apparatus for safety equipment certification | |
US11736304B2 (en) | Secure authentication of remote equipment | |
CN101296086B (en) | Method, system and device for access authentication | |
CN107800539A (en) | Authentication method, authentication device and Verification System | |
CN108809633B (en) | Identity authentication method, device and system | |
CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
CN108347404A (en) | A kind of identity identifying method and device | |
CN112733129B (en) | Trusted access method for server out-of-band management | |
Dey et al. | Message digest as authentication entity for mobile cloud computing | |
WO2020087286A1 (en) | Key generation method, device, and system | |
CN104767766A (en) | Web Service interface verification method, Web Service server and client | |
US9356931B2 (en) | Methods and apparatuses for secure end to end communication | |
CN103139201A (en) | Network strategy acquiring method and data center switchboard | |
ES2926968T3 (en) | A first entity, a second entity, an intermediate node, methods for establishing a secure session between a first and a second entity, and software products | |
US11032708B2 (en) | Securing public WLAN hotspot network access | |
Aiash | A formal analysis of authentication protocols for mobile devices in next generation networks | |
Hoeper et al. | Where EAP security claims fail | |
CN105721403B (en) | For providing the method, equipment and system of wireless network resource | |
CN105743859B (en) | A kind of method, apparatus and system of light application certification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |