CN105792205A - Method for client to initiate verification of access point validity - Google Patents

Method for client to initiate verification of access point validity Download PDF

Info

Publication number
CN105792205A
CN105792205A CN201610119962.8A CN201610119962A CN105792205A CN 105792205 A CN105792205 A CN 105792205A CN 201610119962 A CN201610119962 A CN 201610119962A CN 105792205 A CN105792205 A CN 105792205A
Authority
CN
China
Prior art keywords
access point
information
user
differentiates
snmp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610119962.8A
Other languages
Chinese (zh)
Inventor
谭彦
邓博存
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shunde Zhongka Cloud Network Technology Co Ltd
Original Assignee
Guangdong Shunde Zhongka Cloud Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Shunde Zhongka Cloud Network Technology Co Ltd filed Critical Guangdong Shunde Zhongka Cloud Network Technology Co Ltd
Priority to CN201610119962.8A priority Critical patent/CN105792205A/en
Publication of CN105792205A publication Critical patent/CN105792205A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/11Allocation or use of connection identifiers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method for a client to initiate verification of access point validity. The method comprises the steps that a user initiates a verification request of the access point validity to an access point identification response end by an access point identification client entity, the access point identification response end functions as an agent to establish a connection between the client and an access point and query user online information of the access point by an SNMP, and the access point identification client entity compares a returned user information list with an MAC address of a wireless network card of a terminal and invokes an information prompting functional module to display a final identification result to a user. According to the method for identifying the access validity, the user can actively initiate the request of the access point validity without updating the existing AP, so the user can quickly establish a trust relationship with the access point, and the information security of the user is guaranteed.

Description

A kind of client initiates the method for checking access point legitimacy
Technical field
The present invention relates to mobile communication technology field, particularly relate to a kind of method that client initiates checking WiFi access point legitimacy.
Background technology
The fishing network problem of free WiFi extensively sees newspapers, because fishing network causes that economic loss happens occasionally.But, in 802.11 protocol infrastructures of IEEE, user can not directly to AP legitimate verification, thus causing user to access, illegal WiFi network is also muddled does not so know.
In prior art, the legitimacy of AP can be identified by the MAC Address of preset AP, but still there is problems in that hacker again may be by the MAC Address of counterfeit legal AP, the IP address of legal focus and dns server address etc. and walks around feature detection so that identify and lost efficacy.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, provide firstly a kind of method that client initiates checking access point legitimacy, the method is actively to be initiated by client user, network the method being verified response identification access point legitimacy.
In order to achieve the above object, the invention provides following technical solution:
A kind of client initiates the method for checking access point legitimacy, comprises the following steps:
By access point, user differentiates to access point, clients entities differentiates that responding terminal entity initiates access point connection request, and transmit the current BSSID information connecting access point;
After described access point differentiates that responding terminal entity receives the discriminating request that described access point differentiates client transmissions, by the IP address information of the legal AP in access point auth-proxy module polls legal AP identity information database, then pass through SNMP enquiry module and set up SNMP with AP and be connected;Access point differentiates to access point, responding terminal entity differentiates that clients entities returns and is successfully established response;
Described access point differentiates to access point, clients entities differentiates that responding terminal entity initiates inquiry online user's request, access point differentiates that responding terminal entity calls SNMP enquiry module by access point auth-proxy module and inquires about online user's information to access point AP, after AP returns user profile list, access point auth-proxy module forwards that information to access point and differentiates clients entities;
After described access point differentiates user profile list that access point differentiates that responding terminal entity returns by clients entities and terminal wireless MAC Address of Network Card comparison, recalls information prompt facility module is shown to the identification result that user is final.
Preferably, access point differentiates that clients entities is install application program on mobile terminals, including radio network information abstraction function module, information discrimination natwork interface and information prompting function module;
Described radio network information abstraction function module, for extracting the wireless network card information of wireless aps identity information that user radio network interface card connects and user;The wireless aps identity information that described user radio network interface card connects includes the BSSID of AP, channel, SSID;The wireless network card information of described user includes the IP address of the MAC Address of network interface card, configuration;
Described information discrimination natwork interface is based on TCP/IP network and carries out information alternately with responding terminal, transmits access point and end message;
Described information prompting function module, for, after getting the list information that access point discriminating responding terminal entity is beamed back, carrying out legitimacy comparison, and be shown to the identification result that user is final.
Preferably, described information prompting function module, it is shown to the final identification result of user and includes following one of which:
Legal AP
Rogue AP
Response timeout.
Preferably, access point differentiates that responding terminal entity includes access point auth-proxy module, legal AP network management data storehouse and SNMP requestor;
Described access point auth-proxy module, for after the solicited message getting the discriminating clients entities transmission of described access point, as agency, inquiry legal AP network management data storehouse, call SNMP enquiry module and inquire about the management information bank of corresponding AP, and differentiate that clients entities returns Query Result to access point;
Described legal AP and identity information database, for preserving the network management information of legal AP, including the BSSID(BasicServiceSetIdentifier of AP), the IP address of configuration, SNMP community string;
Described SNMP requestor, is communicated by snmp protocol and access point, and inquiry access point mib information storehouse also returns Query Result.
Compared with prior art, the invention have the advantages that
1, access point differentiates the distribution simple and flexible of client, it would be preferable to support different network operating systems;
2, access point differentiates that responding terminal deployment can be upgraded on original WLAN webmaster basis;
3, access point discrimination process actively can be initiated by user, and hacker is difficult to forge access point.
Accompanying drawing explanation
Fig. 1 is the logical schematic of access point legitimacy identification system of the present invention.
Fig. 2 is the schematic diagram of the method for the checking access point legitimacy described in the embodiment of the present invention.
Detailed description of the invention
Description of the invention provides for example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principles of the invention and practical application are better described, and makes those of ordinary skill in the art it will be appreciated that the present invention is thus design is suitable to the various embodiments with various amendments of special-purpose.
A kind of client initiates the method for checking access point legitimacy, and wherein, described method comprises the following steps:
Described access point differentiates that client passes through the wireless network card information that radio network information abstraction function module extracts user terminal and the IP address information obtained and the MAC Address of the upper current AP of user terminal association;
Described access point differentiates that client by the wireless network card of described user extracted, APMAC information and the IP address information obtained and differentiates that request is transferred to access point by TCP/IP network and differentiates responding terminal entity.
Described access point differentiates that responding terminal entity gets described access point and differentiates the wireless network card information of described user terminal of client transmissions, APMAC and the IP address information obtained, communicated with AP by described access point auth-proxy module, inquired about the information of the AP online user that user terminal currently connects by SNMP requestor;
Described access point differentiates that responding terminal entity returns AP legitimacy identification result and differentiates client to described access point.
Described access point calls described information prompting function module and is shown to the identification result that user is final after differentiating that client gets the identification result that described access point differentiates responding terminal entity.
The client that the present invention proposes is initiated checking access point legitimacy identification system and is included being arranged on the access point discriminating client of user terminal and be deployed in the responding terminal of WLAN core network, access point differentiates between client and responding terminal by TCP/IP network interaction information, communicating and return identification result by access point auth-proxy module with AP, client presents to the identification result of user access point legitimacy.Wherein, access point differentiates that responding terminal entity includes access point auth-proxy module, legal AP network management data storehouse and SNMP requestor.Access point differentiates that client is install application program on mobile terminals, including radio network information abstraction function module, information discrimination natwork interface and information prompting function module;The internal interface of system includes the information discrimination natwork interface of interactive information between client and responding terminal.
Fig. 1 is the logical schematic of access point legitimacy identification system of the present invention.As shown in Figure 1, this access point legitimacy identification system includes access point and differentiates that client and access point differentiate two parts of responding terminal, by the TCP/IP network interconnection between them, it is connected with TCP/IP network by information discrimination natwork interface between them, and by this interface communication.Below in conjunction with Fig. 1, entity each in system and interface are described in detail.
1, access point differentiates that responding terminal provides the core of legal AP agents query service for system to all clients, and it includes access point auth-proxy module, legal AP network management data storehouse and SNMP requestor.
Wherein, access point auth-proxy module primary responsibility:
1) it is responsible for the request accepting client carry out agent communication with access point and complete the discriminating of access point legitimacy, receive the information that client sends over, the result etc. differentiated to client feedback;
2) carry out the management of data, access control, encryption and decryption, security audit etc.;
3) legal AP and link information data base are administered and maintained, by inquiring about the management information bank of the online AP of operator or manually perfect;
4) it is responsible for recalls information discrimination natwork interface to communicate with each client.
Legal AP network management data storehouse primary responsibility:
1) it is responsible for storage and updates legal AP and identity information, the request of response responding terminal and return Query Result;
2) carry out the management of data, access control, encryption and decryption, security audit etc..
SNMP requestor primary responsibility:
1) being communicated by snmp protocol and access point, inquiry access point mib information storehouse also returns Query Result.
2. access point differentiates that client is install application program on mobile terminals, including radio network information abstraction function module, information discrimination natwork interface and information prompting function module;
Wherein, radio network information abstraction function module primary responsibility:
1) authentication information of the responsible wireless aps identity information being extracted user's connection by the network operating system of operation on user terminal and the wireless network card information of the wireless network card information of user, transmission wireless aps identity information and user, reception return;
2) management of process, encryption and decryption etc. are carried out;
3) it is responsible for recalls information discrimination natwork interface to communicate with service end.
Information prompting function module primary responsibility:
1) it is responsible for according to the authentication information returned, user being carried out the information alert of identification result.
The interface that information discrimination natwork interface connects based on TCP/IP network, interface primary responsibility:
2) transmission client is sent to the information of responding terminal, the content of information include user connect wireless aps identity information and the wireless network card information of user, the communication request instruction of client, client sequence information etc..
3) transmission responding terminal is sent to the information of client, and the content of information includes the Control on Communication instruction of responding terminal, the identity information of responding terminal, serial number, identification result etc..
Fig. 2 is the schematic diagram of the method flow being initiated checking access point legitimacy by visitor's end of access point legitimacy identification system one embodiment of the present invention of the logical structure based on Fig. 1, and it comprises the following steps:
201, visitor's end extracts the wireless network card information of user terminal and the IP address information obtained and the MAC Address of the upper current AP of user terminal association.
Specifically, clients entities is may be mounted at the software program on mobile phone operating system, the wireless access dot information that this software program is connected by Drivers Library acquisition user radio network interface card information and the wireless network card of calling mobile phone operating system.
Specifically, wireless access point AP identity information includes BSSID, MAC information of access point.
Specifically, the wireless network card information of user includes the IP address of the MAC Address of user radio network interface card, dynamically configuration.
202, client is initiated to differentiate request and by TCP/IP network, the information extracted is transferred to access point to differentiate responding terminal entity.
Specifically, client is set up after TCP/IP is connected with responding terminal, sets up data transmission channel with responding terminal.
203, after responding terminal gets the information of client transmissions, by the record of the legal AP in legal AP network management data storehouse described in access point auth-proxy module polls, then pass through the information of the AP online user that SNMP requestor inquiry user terminal currently connects.
Specifically, the corresponding informance in the APBSSID information inquiry legal AP network management data storehouse that the access point auth-proxy module of responding terminal is come by client transmissions, and obtain the IP address of legal AP.
Specifically, SNMP requestor, by inquiring about the management information bank of legal AP, obtains its mac address information currently associating user.
204, after responding terminal completes described identity information comparison, return identity identification result to client.
Specifically, responding terminal obtains following comparison result:
AP is legal
AP is illegal
AP is without response
205, after client gets the identification result of responding terminal, recalls information prompt facility module is shown to the identification result that user is final.
Specifically, identification result is processed by client call information prompting function, obtains following one of which information:
Legal AP
Rogue AP
Response timeout
Specifically, client call information prompting function will be prompted to information pushing to user terminal by the reminding module of mobile phone operating system.
The embodiment of invention described above, is not intended that limiting the scope of the present invention.Any amendment done within the spiritual principles of the present invention, equivalent replacement and improvement etc., should be included within the claims of the present invention.

Claims (4)

1. the method that a client initiates checking access point legitimacy, it is characterised in that comprise the following steps:
By access point, user differentiates to access point, clients entities differentiates that responding terminal entity initiates access point connection request, and transmit the current BSSID information connecting access point;
After described access point differentiates that responding terminal entity receives the discriminating request that described access point differentiates client transmissions, by the IP address information of the legal AP in access point auth-proxy module polls legal AP identity information database, then pass through SNMP enquiry module and set up SNMP with AP and be connected;Access point differentiates to access point, responding terminal entity differentiates that clients entities returns and is successfully established response;
Described access point differentiates to access point, clients entities differentiates that responding terminal entity initiates inquiry online user's request, access point differentiates that responding terminal entity calls SNMP enquiry module by access point auth-proxy module and inquires about online user's information to access point AP, after AP returns user profile list, access point auth-proxy module forwards that information to access point and differentiates clients entities;
After described access point differentiates user profile list that access point differentiates that responding terminal entity returns by clients entities and terminal wireless MAC Address of Network Card comparison, recalls information prompt facility module is shown to the identification result that user is final.
2. the method for claim 1, it is characterised in that access point differentiates that clients entities is install application program on mobile terminals, including radio network information abstraction function module, information discrimination natwork interface and information prompting function module;
Described radio network information abstraction function module, for extracting the wireless network card information of wireless aps identity information that user radio network interface card connects and user;The wireless aps identity information that described user radio network interface card connects includes the BSSID of AP, channel, SSID;The wireless network card information of described user includes the IP address of the MAC Address of network interface card, configuration;
Described information discrimination natwork interface is based on TCP/IP network and carries out information alternately with responding terminal, transmits access point and end message;
Described information prompting function module, for, after getting the list information that access point discriminating responding terminal entity is beamed back, carrying out legitimacy comparison, and be shown to the identification result that user is final.
3. method as claimed in claim 2, it is characterised in that described information prompting function module, is shown to the final identification result of user and includes following one of which:
Legal AP
Rogue AP
Response timeout.
4. the method for claim 1, it is characterised in that access point differentiates that responding terminal entity includes access point auth-proxy module, legal AP network management data storehouse and SNMP requestor;
Described access point auth-proxy module, for after the solicited message getting the discriminating clients entities transmission of described access point, as agency, inquiry legal AP network management data storehouse, call SNMP enquiry module and inquire about the management information bank of corresponding AP, and differentiate that clients entities returns Query Result to access point;
Described legal AP and identity information database, for preserving the network management information of legal AP, including the BSSID of AP, the IP address of configuration, SNMP community string;
Described SNMP requestor, is communicated by snmp protocol and access point, and inquiry access point mib information storehouse also returns Query Result.
CN201610119962.8A 2016-03-03 2016-03-03 Method for client to initiate verification of access point validity Pending CN105792205A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610119962.8A CN105792205A (en) 2016-03-03 2016-03-03 Method for client to initiate verification of access point validity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610119962.8A CN105792205A (en) 2016-03-03 2016-03-03 Method for client to initiate verification of access point validity

Publications (1)

Publication Number Publication Date
CN105792205A true CN105792205A (en) 2016-07-20

Family

ID=56386877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610119962.8A Pending CN105792205A (en) 2016-03-03 2016-03-03 Method for client to initiate verification of access point validity

Country Status (1)

Country Link
CN (1) CN105792205A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529165A (en) * 2017-10-11 2017-12-29 北京大学 The recognition methods of wireless access points legitimacy under a kind of Campus Net
CN112671765A (en) * 2020-12-23 2021-04-16 浪潮云信息技术股份公司 Method and device for verifying validity of wireless network equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005041040A1 (en) * 2003-10-23 2005-05-06 Nanyang Polytechnic System and method for detection and location of rogue wireless access users in a computer network
CN102075934A (en) * 2009-11-19 2011-05-25 ***通信集团江苏有限公司 AP (Access Point) monitor and method and system for monitoring illegal APs
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103648094A (en) * 2013-11-19 2014-03-19 华为技术有限公司 Method, device and system for detecting illegal wireless access point

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005041040A1 (en) * 2003-10-23 2005-05-06 Nanyang Polytechnic System and method for detection and location of rogue wireless access users in a computer network
CN102075934A (en) * 2009-11-19 2011-05-25 ***通信集团江苏有限公司 AP (Access Point) monitor and method and system for monitoring illegal APs
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103648094A (en) * 2013-11-19 2014-03-19 华为技术有限公司 Method, device and system for detecting illegal wireless access point

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
冀明等: "无线局域网非法接入点的探测和处理", 《科技资讯》 *
谭彦等: "Wi-Fi 无线钓鱼攻击分析及应对技术研究", 《电信科学》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107529165A (en) * 2017-10-11 2017-12-29 北京大学 The recognition methods of wireless access points legitimacy under a kind of Campus Net
CN107529165B (en) * 2017-10-11 2019-09-13 北京大学 The recognition methods of wireless access points legitimacy under a kind of Campus Net
CN112671765A (en) * 2020-12-23 2021-04-16 浪潮云信息技术股份公司 Method and device for verifying validity of wireless network equipment

Similar Documents

Publication Publication Date Title
US20200296574A1 (en) Method and apparatus for accessing cellular network for sim profile
JP6382289B2 (en) Communication support method and apparatus using non-access layer protocol in mobile communication system
EP3629613B1 (en) Network verification method, and relevant device and system
EP2887761B1 (en) Verification method for the verification of a Connection Request from a Roaming Mobile Entity
US7831237B2 (en) Authenticating mobile network provider equipment
CN108259164B (en) Identity authentication method and equipment of Internet of things equipment
US10721616B2 (en) Subscription information download method, related device, and system
US11871223B2 (en) Authentication method and apparatus and device
CN104967595A (en) Method and apparatus for registering devices on Internet of things platform
JP6697075B2 (en) Method for data transmission in vehicle-to-vehicle / road-to-vehicle communication system
CN104837136B (en) Wireless access authentication method and device
CN104796894A (en) Configuration information transmission method and equipment
CN108293055A (en) Method, apparatus and system for authenticating to mobile network and for by the server of device authentication to mobile network
CN103297968A (en) Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system
US20130304879A1 (en) Configuration of an end device for an access to a wireless communication network
US20160165451A1 (en) System and Method Of Preventing Unauthorized SIM Card Usage
CN101754210B (en) Method and system for authenticating home base station equipment
CN114070597B (en) Private network cross-network authentication method and device
AU4256300A (en) Mobile-station adapted for removable user identity modules
EP3635988B1 (en) Improvements in and relating to network communications
CN105792205A (en) Method for client to initiate verification of access point validity
JP2015517747A (en) Authentication method, apparatus and system for mobile device
WO2018049655A1 (en) Device networking method, apparatus and system
CN112788738A (en) Code number processing method and device for public and private network convergence system
US20020042820A1 (en) Method of establishing access from a terminal to a server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160720