CN106714158B - WiFi access method and device - Google Patents

WiFi access method and device Download PDF

Info

Publication number
CN106714158B
CN106714158B CN201510507794.5A CN201510507794A CN106714158B CN 106714158 B CN106714158 B CN 106714158B CN 201510507794 A CN201510507794 A CN 201510507794A CN 106714158 B CN106714158 B CN 106714158B
Authority
CN
China
Prior art keywords
access point
wifi
detection platform
authentication
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510507794.5A
Other languages
Chinese (zh)
Other versions
CN106714158A (en
Inventor
彭华熹
张艳
曹斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201510507794.5A priority Critical patent/CN106714158B/en
Publication of CN106714158A publication Critical patent/CN106714158A/en
Application granted granted Critical
Publication of CN106714158B publication Critical patent/CN106714158B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a WiFi access method and a WiFi access device, wherein the WiFi access method comprises the following steps: sending registration information to an access point detection platform for access point registration, and receiving a registration success result returned after the access point detection platform checks the registration information; wherein, the registration information comprises access authentication related information and a public key; receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to an access point detection platform; and receiving an authentication success result notification fed back after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing WiFi connection with the WiFi client. The embodiment of the invention improves the safety of WiFi verification, avoids data information from being maliciously tampered, can prevent the access to a phishing WiFi access point, and realizes the safe access of WiFi.

Description

WiFi access method and device
Technical Field
The invention relates to the technical field of information security, in particular to a WiFi access method and a WiFi access device.
Background
With the development and popularization of the mobile internet, when a restaurant or a coffee shop has meals, a mobile phone internet user can take out a mobile phone or a tablet computer with an internet access function to search for a free WiFi wireless network, and many merchants can also paste advertisements of 'providing free WiFi in the shop'. However, free WiFi may present no minor security risk. Some lawbreakers can establish a wireless hotspot by using a computer with a wireless network card and network packet analysis software in public places, and establish a phishing WiFi without a password. If the user uses the WiFi, lawless persons can steal sensitive information such as bank passwords of mobile phone internet users in a short time.
Disclosure of Invention
The embodiment of the invention aims to provide a WiFi access method and a WiFi access device, which are used for improving the safety of WiFi verification, avoiding malicious tampering of data information, preventing access to a phishing WiFi access point and realizing the safe access of WiFi.
In order to achieve the above object, an embodiment of the present invention provides a WiFi access method, which is applied to a WiFi access point, where the WiFi access method includes:
sending registration information to an access point detection platform for access point registration, and receiving a registration success result returned after the access point detection platform checks the registration information; wherein the registration information comprises access authentication related information and a public key;
receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
and receiving an authentication success result notification fed back after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing WiFi connection with the WiFi client.
And when receiving a registration success result returned by the access point detection platform after checking the registration information, receiving address configuration of the access point detection platform, and storing the address of the access point detection platform in a white list.
The step of generating authentication information by using a preset private key and sending the authentication information to the WiFi client comprises the following steps of:
generating an access point random number Rc, and encrypting the Rc by adopting an access point private key to obtain a first encrypted random number EAPs (Rc), wherein the Rc and the EAPs (Rc) form the authentication information;
and sending the Rc and the EAPs (Rc) to the WiFi client, and generating the connection access request by the WiFi client after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client and the digest values corresponding to all parts.
Wherein, the forwarding the connection access request containing the authentication information sent by the WiFi client to the access point detection platform specifically includes:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
The receiving access point detection platform utilizes the public key in the registration information to carry out legal authentication on the authentication information and then feeds back an authentication success result notification, and establishes WiFi connection with the WiFi client, and the receiving access point detection platform specifically comprises:
receiving the authentication success result notice and receiving a second encrypted random number E sent by the access point detection platformAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
pairing said E with an access point private keyAPp(Rs) decrypting to obtain said Rs;
and generating a shared key Ks with the WiFi client by using a key generation algorithm by taking the Rs and the Rc as factors, safely storing the shared key Ks, establishing connection with the WiFi client, and realizing information transmission.
The embodiment of the invention provides a WiFi access method which is applied to a WiFi client side and comprises the following steps:
scanning a WiFi access point list, and sending a connection verification request to a first WiFi access point of the WiFi access point list;
when the first WiFi access point is an access point which is successfully registered in an access point detection platform in advance, receiving authentication information generated by the first WiFi access point by using a private key;
sending a connection access request containing the authentication information to the access point detection platform for validity authentication;
and receiving a validity check result which is transmitted by the access point detection platform, forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point.
The connection access request is generated by the WiFi client side after being encrypted by an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts, and the authentication information comprises an access point random number Rc generated by the first WiFi access point and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by an access point private key.
The method comprises the following steps of receiving a validity check result which is sent by the access point detection platform and is forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point, wherein the validity check result specifically comprises the following steps:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
Wherein the method further comprises:
and when the first WiFi access point is not an access point which is successfully registered in the access point detection platform in advance, the WiFi client terminates the authentication process and prompts a user that the validity of the first WiFi access point cannot be determined.
The embodiment of the invention also provides a WiFi access method which is applied to the access point detection platform and comprises the following steps:
receiving registration information sent by a WiFi access point, checking the current WiFi access point, storing the registration information into a legal access point list after the checking is successful, and returning a successful registration result to the current WiFi access point so that the current WiFi access point generates authentication information by using a preset private key;
receiving a connection access request containing the authentication information sent by a WiFi client;
and carrying out legal authentication on the authentication information by using the public key in the registration information according to the received connection access request, and sending an authentication success result notice to the current WiFi access point so that the current WiFi access point establishes connection with the WiFi client.
Wherein the authentication information includes: an access point random number Rc and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by adopting an access point private key; and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
Wherein, the legally authenticating the authentication information by using the public key in the registration information according to the received connection access request comprises:
decrypting the connection access request by using a private key of the access point detection platform to complete integrity check of information;
searching a legal access point list through the registration information of the current WiFi access point;
if the complete corresponding item is searched, decrypting E by using the public key of the current WiFi access pointAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
When the current WiFi access point is a legal access point, the method further comprises the following steps:
encrypting the decrypted Rs by using the public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
Subjecting said E toAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
Wherein the method further comprises:
if the corresponding item is searched, but the decryption result is different from the received Rc, obtaining an authentication failure result;
and if the corresponding item is not searched, obtaining an authentication failure result.
The embodiment of the invention also provides a WiFi access device, which is applied to a WiFi access point, and comprises:
the first processing module is used for sending registration information to an access point detection platform for access point registration and receiving a registration success result returned after the access point detection platform checks the registration information; wherein the registration information comprises access authentication related information and a public key;
the second processing module is used for receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
and the third processing module is used for receiving an authentication success result notification fed back after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing WiFi connection with the WiFi client.
Wherein, the WiFi access device further comprises:
and the receiving and storing module is used for receiving the address configuration of the access point detection platform and storing the address of the access point detection platform into a white list when the first processing module receives a registration success result returned by the access point detection platform after checking the registration information.
Wherein the second processing module comprises:
the generation submodule is used for generating an access point random number Rc, and encrypting the Rc by adopting an access point private key to obtain a first encrypted random number EAPs (Rc), wherein the Rc and the EAPs (Rc) form the authentication information;
and the first sending submodule is used for sending the Rc and the EAPs (Rc) to the WiFi client, and the WiFi client generates the connection access request after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client and the digest values corresponding to all parts.
Wherein the second processing module is further configured to:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
Wherein the third processing module comprises:
a receiving submodule, configured to receive the second encrypted random number E sent by the ap detection platform when receiving the authentication success result notificationAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
a first decryption submodule for pairing E with an access point private keyAPp(Rs) decrypting to obtain said Rs;
and the connection submodule is used for generating a shared key Ks with the WiFi client by using a key generation algorithm by taking the Rs and the Rc as factors, safely storing the shared key Ks, establishing connection with the WiFi client and realizing information transmission.
The embodiment of the invention also provides a WiFi access device, which is applied to a WiFi client side, and the access device comprises:
the device comprises a scanning and sending module, a verification module and a verification module, wherein the scanning and sending module is used for scanning a WiFi access point list and sending a connection verification request to a first WiFi access point of the WiFi access point list;
the first receiving module is used for receiving authentication information generated by the first WiFi access point by using a private key when the first WiFi access point is an access point which is successfully registered in an access point detection platform in advance;
the first sending module is used for sending the connection access request containing the authentication information to the access point detection platform for validity authentication;
and the fourth processing module is used for receiving a validity check result which is transmitted by the access point detection platform, forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point.
The connection access request is generated by the WiFi client side after being encrypted by an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts, and the authentication information comprises an access point random number Rc generated by the first WiFi access point and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by an access point private key.
Wherein the fourth processing module is further configured to:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
Wherein the apparatus further comprises:
and the termination module is used for terminating the authentication process when the first WiFi access point is not an access point which is successfully registered in the access point detection platform in advance, and prompting a user that the validity of the first WiFi access point cannot be determined.
The embodiment of the invention also provides a WiFi access device, which is applied to the access point detection platform and comprises:
the fifth processing module is used for receiving registration information sent by a WiFi access point, checking the current WiFi access point, storing the registration information into a legal access point list after the checking is successful, and returning a registration success result to the current WiFi access point, so that the current WiFi access point generates authentication information by using a preset private key;
the second receiving module is used for receiving a connection access request which is sent by the WiFi client and contains the authentication information;
and the sixth processing module is used for carrying out legal authentication on the authentication information by using the public key in the registration information according to the received connection access request, and sending an authentication success result notification to the current WiFi access point, so that the current WiFi access point establishes connection with the WiFi client.
Wherein the authentication information includes: an access point random number Rc and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by adopting an access point private key; and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
Wherein the sixth processing module comprises:
the second decryption submodule is used for decrypting the connection access request by using a private key of the access point detection platform to complete the integrity check of information;
the searching submodule is used for searching a legal access point list through the registration information of the current WiFi access point;
a processing submodule for decrypting E by using the public key of the current WiFi access point if the complete corresponding item is searchedAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
Wherein, when the current WiFi access point is a legal access point, the apparatus further includes:
an encryption module for encrypting the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
A second sending module for sending the EAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
Wherein the apparatus further comprises:
the first authentication module is used for obtaining an authentication failure result if the corresponding item is searched but the decryption result is different from the received Rc;
and the second authentication module is used for obtaining an authentication failure result if the corresponding item is not searched.
The technical scheme of the invention has the following beneficial effects:
after the WiFi access point finishes registration authentication in the access point detection platform, a user is connected with the WiFi access point through the WiFi client, the WiFi access point generates authentication information by using a preset private key and sends the authentication information to the WiFi client, the WiFi client transmits a connection access request containing the authentication information to the access point detection platform through the WiFi access point, the access point detection platform verifies the legality of the WiFi access point, confirms the legal identity of the access point and sends a verification result to the WiFi client in an encrypted mode, and the WiFi client accesses the legal access point according to the verification result. The safety of WiFi verification can be improved, malicious tampering of data information is avoided, access to a phishing WiFi access point is prevented, and safe access of WiFi is achieved.
Drawings
Fig. 1 is a first schematic diagram illustrating steps of a WiFi access method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a second step of a WiFi access method according to an embodiment of the present invention;
fig. 3 is a third schematic diagram illustrating steps of a WiFi access method according to an embodiment of the present invention;
fig. 4 is a schematic overall flow chart of a WiFi access method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a WiFi access device in an embodiment of the invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
An embodiment of the present invention provides a WiFi access method, which is applied to a WiFi access point, as shown in fig. 1, the WiFi access method includes:
step S101, sending registration information to an access point detection platform to perform access point registration, and receiving a registration success result returned after the access point detection platform checks the registration information; wherein the registration information comprises access authentication related information and a public key;
step S102, receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
step S103, receiving an authentication success result notification fed back after the access point detection platform utilizes the public key in the registration information to legally authenticate the authentication information, and establishing WiFi connection with the WiFi client.
Specifically, the WiFi access point sends information such as the identity information of the access point, the WiFi access point name SSID, the media access control value MAC, the authentication method, the public key, and the like to the access point detection platform for registration through an HTTPS (hypertext transfer protocol server), where the access authentication related information includes: identity information of the access point, a WiFi access point name SSID, a media access control value MAC and an authentication mode. And after the registration is finished, receiving a registration success result returned by the access point detection platform after the registration information is checked. After the successful registration, a connection verification request sent by the WiFi client can be received, authentication information is generated by using a preset private key after the connection verification request is received, the authentication information is sent to the WiFi client, the WiFi client sends a connection access request containing the authentication information, the WiFi access point forwards the connection access request to the access point detection platform through HTTPS after receiving the connection access request, the access point detection platform legally authenticates the authentication information and returns an authentication success result notice, and WiFi connection with the WiFi client is established after the authentication success result notice is received.
After registration authentication is completed in the access point detection platform through the WiFi access point, the WiFi access point generates authentication information by using a preset private key and sends the authentication information to the WiFi client side, the WiFi client side sends a connection access request containing the authentication information to the access point detection platform through the WiFi access point, the access point detection platform verifies the legality of the WiFi access point, after the legal identity of the access point is confirmed, WiFi connection between the WiFi access point and the WiFi client side is established by the WiFi access point, the safety of WiFi verification is improved, malicious tampering of data information is avoided, the access to a phishing WiFi access point can be prevented, and the safe access of WiFi is realized.
In the above embodiment of the present invention, when receiving a registration success result returned by the access point detection platform after checking the registration information, the access point detection platform receives address configuration of the access point detection platform at the same time, and stores an address of the access point detection platform in a white list.
Specifically, the WiFi access point includes a white list, a plurality of addresses are stored in the white list, and the client can directly access the addresses in the white list without authentication when accessing the addresses in the white list. When the WiFi access point receives a registration success result returned by the access point detection platform, the address configuration of the access point detection platform is received at the same time, the address of the access point detection platform is stored in a white list, and when a message is sent to the access point detection platform, the message can be directly transmitted to the access point detection platform through the HTTPS through the address of the access point detection platform stored in the white list.
In the above embodiment of the present invention, the step S102 of generating the authentication information by using the preset private key and sending the authentication information to the WiFi client includes:
step S1021, generating an access point random number Rc, and encrypting the Rc by adopting an access point private key to obtain a first encrypted random number EAPs (Rc), wherein the Rc and the EAPs (Rc) form the authentication information;
step S1022, sending the Rc and the eaps (Rc) to the WiFi client, and generating the connection access request by the WiFi client after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and digest values corresponding to each part.
Specifically, after receiving a connection verification request sent by a WiFi client, a WiFi access point generates Rc by using a random number generation unit, then encrypts Rc by using an access point private key to obtain eaps (Rc), and sends authentication information consisting of Rc and eaps (Rc) to the WiFi client.
And the WiFi client generates Rs after receiving the Rc and the EAPs (Rc), and then generates a connection access request after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the Rs and the corresponding digest values of all parts.
In the above embodiment of the present invention, in step S102, the step of forwarding the connection access request including the authentication information sent by the WiFi client to the access point detection platform specifically includes:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
Specifically, the white list of the WiFi access point stores the address of the access point detection platform, and when accessing the address in the white list, the access can be directly performed without authentication. When the connection access request is forwarded to the access point detection platform, the connection access request is directly transmitted to the access point detection platform through the HTTPS by using the address of the access point detection platform stored in the white list.
In the above embodiment of the present invention, step S103 includes:
step S1031, receiving the authentication success result notice, and receiving the second encrypted random number E sent by the access point detection platformAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
step S1032, utilizing the private key of the access point to the EAPp(Rs) decrypting to obtain said Rs;
and step S1033, generating a shared key Ks with the WiFi client by using a key generation algorithm with the Rs and the Rc as factors, storing the key Ks safely, establishing connection with the WiFi client, and realizing information transmission.
Specifically, when the WiFi access point receives the authentication success result notification sent by the access point detection platform, the WiFi access point receives E sent by the access point detection platform, which is generated by the access point detection platform decrypting the obtained encrypted Rs and then encrypting the Rs with the access point public keyAPp(Rs). Receive EAPp(Rs) using the access point private key pair EAPp(Rs) is decrypted to obtain Rs. And generating a key Ks shared with the WiFi client by using a key generation algorithm according to the obtained Rs and the Rc generated by the WiFi access point, and safely storing the calculated Ks to realize the connection between the WiFi access point and the WiFi client and the transmission of information.
An embodiment of the present invention further provides a WiFi access method, which is applied to a WiFi client, and as shown in fig. 2, the access method includes:
step S201, scanning a WiFi access point list, and sending a connection verification request to a first WiFi access point of the WiFi access point list;
step S202, when the first WiFi access point is an access point which is successfully registered in an access point detection platform in advance, receiving authentication information generated by the first WiFi access point by using a private key;
step S203, sending the connection access request containing the authentication information to the access point detection platform for validity authentication;
step S204, receiving a validity check result which is transmitted by the access point detection platform, forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point.
Specifically, the WiFi client scans a WiFi access point list and sends a connection verification request to a first WiFi access point, and when the first WiFi access point is an access point which is registered successfully in an access point detection platform in advance, the WiFi client receives authentication information generated by the first WiFi access point by using a private key; when the first WiFi access point is not the access point which is successfully registered in the access point detection platform in advance, the WiFi client ends the authentication process, prompts a user that the validity of the first WiFi access point cannot be determined, and the user determines whether to continue to connect.
And after the WiFi client receives authentication information generated by the first WiFi access point by using the private key, the connection access request containing the authentication information is sent to the access point detection platform, the access point detection platform authenticates the legality of the first WiFi access point, and a check result is sent to the WiFi client. The WiFi client side can receive the inspection result which is transmitted by the first WiFi access point and sent by the access point detection platform, and the inspection result is signed by the private key of the access point detection platform, so that the reliable authenticity of the inspection result is indicated. After receiving a check result which is sent by the access point detection platform and signed by a private key of the access point detection platform, decrypting the detection result by using a public key of the access point detection platform, and if the first WiFi access point is a legal access point, establishing connection with the first WiFi access point.
If the validity of the first WiFi access point cannot be verified, prompting the user that the validity of the first WiFi access point cannot be determined, and determining whether to continue by the user; and if the first WiFi access point is illegal, prompting the user that the access point is illegal, so that the phishing risk exists, and determining whether to continue or directly forbid the user access by the user.
In the above embodiment of the present invention, the connection access request is generated by the WiFi client encrypting, by using an access point detection platform public key, according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the digest values corresponding to each part, where the authentication information includes an access point random number Rc generated by the first WiFi access point and a first encrypted random number eaps (Rc) obtained by encrypting the Rc by using an access point private key.
Specifically, the WiFi client generates Rs after receiving the authentication information sent by the first WiFi access point, and then generates a connection access request after encrypting by using the detection platform public key according to the authentication information, the registration information of the first WiFi access point obtained by scanning, the Rs, and the digest values corresponding to each part, wherein the registration information of the WiFi access point at least includes: identity information of the WiFi access point, name SSID of the WiFi access point, media access control value MAC, authentication mode and public key.
In the above embodiment of the present invention, step S204 specifically includes:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
Specifically, after receiving the validity check result, the WiFi client knows that the first WiFi access point is a valid access point, generates a key Ks shared with the first WiFi access point by using a key generation algorithm according to the received Rc and Rs sent by the first WiFi access point, and securely stores the calculated Ks, so as to realize connection between the WiFi client and the first WiFi access point and realize information transmission.
An embodiment of the present invention further provides a WiFi access method, which is applied to an access point detection platform, as shown in fig. 3, the WiFi access method includes:
step S301, receiving registration information sent by a WiFi access point, checking the current WiFi access point, storing the registration information into a legal access point list after the checking is successful, and returning a successful registration result to the current WiFi access point, so that the current WiFi access point generates authentication information by using a preset private key;
step S302, receiving a connection access request containing the authentication information sent by a WiFi client;
step S303, according to the received connection access request, carrying out legal authentication on the authentication information by using the public key in the registration information, and sending an authentication success result notification to the current WiFi access point, so that the current WiFi access point establishes connection with the WiFi client.
Specifically, after registration information sent by a WiFi access point is received, the registration information submitted by the WiFi access point is checked, after the registration authentication is successful, the information is stored in a legal access point list, and the list records information such as identity information of the access point, name SSID of the access point, media access control value MAC, authentication mode, public key and the like. And returning the successful registration result to the current WiFi access point, so that the current WiFi access point generates authentication information by using a preset private key. And then receiving a connection access request which is sent by the WiFi client and forwarded by the current WiFi access point and contains authentication information.
It should be noted that, when returning a successful registration result to the current WiFi access point, the access point detection platform sends its own address configuration to the current WiFi access point, and the current WiFi access point stores the address of the access point detection platform in a white list, where multiple addresses are stored in the white list, and when accessing the address in the white list, the client does not need to perform authentication, and can directly access the access point. When the current WiFi access point sends a connection access request to the access point detection platform, the connection access request can be directly transmitted to the access point detection platform through the HTTPS through the address of the access point detection platform stored in the white list.
And after receiving a connection access request containing authentication information sent by the client, carrying out legal authentication on the authentication information by using the public key in the registration information, and after the authentication is successful, sending an authentication success result notification to the current WiFi access point so that the current WiFi access point establishes connection with the WiFi client.
In the above embodiment of the present invention, the authentication information includes: an access point random number Rc and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by adopting an access point private key; and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
Specifically, the Rc generated by the current WiFi access point and eaps (Rc) obtained by encrypting Rc with the access point private key constitute authentication information. And after receiving the authentication information sent by the current WiFi access point, the WiFi client generates Rs, and then generates a connection access request after encrypting the Rs and the corresponding digest values of all parts by using the public key of the detection platform according to the authentication information, the registration information of the current WiFi access point obtained by scanning and the Rs.
In the above embodiment of the present invention, step S303 includes:
step S3031, the private key of the access point detection platform is used for decrypting the connection access request to complete the integrity check of the information;
step S3032, searching a legal access point list through the registration information of the current WiFi access point;
step S3033, if the complete corresponding item is searched, decrypting E by using the public key of the current WiFi access pointAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
In particular, private key pair connection of access point detection platform is utilizedThe access request is decrypted to obtain authentication information which contains Rc and EAPs(Rc), the registration information and Rs of the current WiFi access point and the digest values of each part, searching a legal access point list through the registration information of the current WiFi access point: if the complete corresponding item is searched, decrypting E by using the public key of the current WiFi access pointAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if the decryption result is the same as the received Rc, obtaining an authentication success result.
In the above embodiment of the present invention, when the current WiFi access point is a legal access point, the method further includes:
step S304, the decrypted Rs is encrypted by the public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
Step S305, adding the EAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
Specifically, after the current WiFi access point is confirmed to be a legal access point, the obtained Rs is encrypted by a public key of the current WiFi access point to obtain EAPp(Rs) then EAPp(Rs) and authentication success result notification are sent to the current WiFi access point, and the current WiFi access point is used for EAPpAnd (Rs) is obtained after decryption, a key Ks shared with the WiFi client is generated by using the Rs and the Rc, the connection between the WiFi access point and the WiFi client is established, and information transmission is realized.
In the above embodiment of the present invention, the method further includes:
if the corresponding item is searched, but the decryption result is different from the received Rc, obtaining an authentication failure result;
and if the corresponding item is not searched, obtaining an authentication failure result.
When searching the legal access point list through the registration information of the current WiFi access point, if the corresponding item is searched, decrypting E by using the public key of the current WiFi access pointAPs(Rc), obtaining the decrypted Rc, comparing whether the decrypted Rc is the same as the received Rc, if the decrypted Rc is different from the received Rc, proving that the authentication fails, and if the corresponding item is not searched, proving that the authentication also fails.
As shown in fig. 4, it is a schematic overall flow chart of the embodiment of the present invention:
step S401, the WiFi access point sends registration information composed of identity information, name SSID of the WiFi access point, media access control value MAC, authentication mode, public key and the like to an access point detection platform through HTTPS for registration authentication.
Step S402, the access point detection platform checks the registration information submitted by the WiFi access point, after the registration authentication is successful, the information is stored in a legal access point list, and the list records the identity information of the WiFi access point and information such as the name SSID of the WiFi access point, the media access control value MAC, the authentication mode, the public key and the like.
Step S403, the access point detection platform informs the WiFi access point of the successful registration result and the address configuration of the access point detection platform.
Step S404, the WiFi access point configures the address of the access point detection platform into a white list for subsequently releasing a connection access request sent by the WiFi client.
Step S405, the WiFi client scans the WiFi access point list and clicks one of the access points to connect.
Step S406, the WiFi client sends a connection verification request to the access point.
Step S407, receiving the connection verification request at the legal access point registered by the access point detection platform, generating a random number Rc, and encrypting E by using a private keyAPs(Rc)。
Step S408, Rc and E are detected at the legal access point registered by the access point detection platformAPs(Rc) sending to the WiFi client; and if the legal access point is not registered in the access point detection platform, the subsequent authentication process cannot be completed, the WiFi client terminates the access point authentication process, prompts the user that the legality of the access point cannot be determined, and determines whether to continue or not by the user.
Step S409, the WiFi client generates a random number Rs, collects the SSID, MAC, authentication mode and Rc, E of the access pointAPsAnd (Rc), Rs and other information, calculating digest values of the information, and encrypting the information and the digest values by using the public key of the detection platform to form the connection access request.
And S410, the WiFi client transmits the connection access request to the access point detection platform through the HTTPS by the access point.
Step S411, the access point detection platform uses the private key to decrypt the connection access request, and after the integrity check of the information is completed, the access point information is used for searching a legal access point list: if the complete corresponding item is searched, decrypting E by using the public key of the legal access pointAPs(Rc), comparing whether the decrypted result is the same as the received Rc, if the same result indicates that the access point is legal and not forged, encrypting the decrypted Rs by using the public key of the access point to obtain EAPp(Rs); if the corresponding item is searched, but the decryption result is different from the received Rc, the access point is forged; if the corresponding item is not searched, the validity of the access point cannot be verified.
Step S412, the access point detection platform uses the private key signature of the detection platform and the E to detect the validity of the access pointAPp(Rs) are sent together to the access point.
Step S413, the access point decrypts E by using its private keyAPp(Rs) obtains Rs, and a key generation algorithm is used for generating and safely storing a shared key Ks with the client by taking Rs and Rc as factors.
And step S414, the access point forwards the detection result of the access point validity and the signature sent by the access point detection platform to the client.
Step S415, the WiFi client decrypts a result returned by the detection platform with the public key of the detection platform, and performs the following operations according to the result: if the access point is legal, using a key generation algorithm to generate and safely store a Ks shared with the client by taking Rs and Rc as factors, starting the operation of connecting the access point, and encrypting Ks-passed messages sent to the access point; if the access point can not be verified, prompting the user that the legality of the access point can not be determined, and determining whether to continue by the user; if the access point is illegal, the user is prompted that the access point is illegal, the phishing risk exists, and the user determines whether to continue or directly forbid the user access.
An embodiment of the present invention further provides a WiFi access apparatus, which is applied to a WiFi access point, as shown in fig. 5, the WiFi access apparatus includes:
a first processing module 10, configured to send registration information to an access point detection platform to perform access point registration, and receive a registration success result returned by the access point detection platform after checking the registration information; wherein the registration information comprises access authentication related information and a public key;
the second processing module 20 is configured to receive a connection verification request sent by a WiFi client, generate authentication information by using a preset private key, send the authentication information to the WiFi client, and forward a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
and the third processing module 30 is configured to receive an authentication success result notification fed back after the access point detection platform performs legal authentication on the authentication information by using the public key in the registration information, and establish WiFi connection with the WiFi client.
In the above embodiment of the present invention, the WiFi access apparatus further includes:
a receiving and storing module 40, configured to, when the first processing module 10 receives a registration success result returned after the access point detection platform checks the registration information, receive address configuration of the access point detection platform at the same time, and store the address of the access point detection platform in a white list.
In the above embodiment of the present invention, the second processing module 20 includes:
the generation submodule 21 is configured to generate an access point random number Rc, and encrypt the Rc by using an access point private key to obtain a first encrypted random number eaps (Rc), where the Rc and the eaps (Rc) form the authentication information;
the first sending submodule 22 is configured to send the Rc and the eaps (Rc) to the WiFi client, and the WiFi client encrypts, according to the authentication information, the registration information of the current access point obtained through scanning, the client random number Rs generated by the WiFi client, and the digest value corresponding to each part by using a detection platform public key, to generate the connection access request.
In the above embodiment of the present invention, the second processing module 20 is further configured to:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
In the above embodiment of the present invention, the third processing module 30 includes:
a receiving submodule 31, configured to receive the second encrypted random number E sent by the ap detection platform when receiving the authentication success result notificationAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
a first decryption submodule 32 for pairing said E with an access point private keyAPp(Rs) decrypting to obtain said Rs;
and the connection submodule 33 is configured to generate and securely store a shared key Ks with the WiFi client by using a key generation algorithm with the Rs and the Rc as factors, establish a connection with the WiFi client, and implement information transmission.
The embodiment of the invention also provides a WiFi access device, which is applied to a WiFi client side, and the access device comprises:
a scanning and sending module 40, configured to scan a WiFi access point list, and send a connection verification request to a first WiFi access point in the WiFi access point list;
a first receiving module 50, configured to receive, when the first WiFi access point is an access point that is successfully registered in advance on an access point detection platform, authentication information generated by the first WiFi access point using a private key;
a first sending module 60, configured to send a connection access request including the authentication information to the access point detection platform for validity authentication;
a fourth processing module 70, configured to receive a validity check result, which is sent by the access point detection platform and forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establish a connection with the first WiFi access point.
In the above embodiment of the present invention, the connection access request is generated by the WiFi client encrypting, by using an access point detection platform public key, according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the digest values corresponding to each part, where the authentication information includes an access point random number Rc generated by the first WiFi access point and a first encrypted random number eaps (Rc) obtained by encrypting the Rc by using an access point private key.
In the above embodiment of the present invention, the fourth processing module 70 is further configured to:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
In the above embodiment of the present invention, the apparatus further includes:
a terminating module 80, configured to terminate the authentication procedure when the first WiFi access point is not an access point that is successfully registered in the access point detection platform in advance, and prompt the user that the validity of the first WiFi access point cannot be determined.
The embodiment of the invention also provides a WiFi access device, which is applied to the access point detection platform and comprises:
a fifth processing module 90, configured to receive registration information sent by a WiFi access point, check a current WiFi access point, store the registration information in a legal access point list after the check is successful, and return a successful registration result to the current WiFi access point, so that the current WiFi access point generates authentication information by using a preset private key;
a second receiving module 100, configured to receive a connection access request including the authentication information sent by the WiFi client;
a sixth processing module 110, configured to perform legal authentication on the authentication information by using the public key in the registration information according to the received connection access request, and send an authentication success result notification to the current WiFi access point, so that the current WiFi access point establishes a connection with the WiFi client.
In the above embodiment of the present invention, the authentication information includes: an access point random number Rc and a first encrypted random number EAPs (Rc) obtained by encrypting the Rc by adopting an access point private key; and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
In the above embodiment of the present invention, the sixth processing module 110 includes:
the second decryption submodule 111 is configured to decrypt the connection access request by using a private key of the access point detection platform, so as to complete integrity verification of information;
a searching submodule 112, configured to search a legal access point list through registration information of a current WiFi access point;
a processing sub-module 113, configured to decrypt E with the public key of the current WiFi access point if a completely corresponding item is foundAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
In the above embodiment of the present invention, when the current WiFi access point is a legal access point, the apparatus further includes:
an encryption module 120, configured to encrypt the decrypted Rs with a public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
A second sending module 130, configured to send the EAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
In the above embodiment of the present invention, the apparatus further includes:
a first authentication module 140, configured to obtain an authentication failure result if the corresponding item is searched, but the decryption result is different from the received Rc;
the second authentication module 150 is configured to obtain an authentication failure result if the corresponding item is not searched.
In the WiFi access method provided by the embodiment of the invention, after the registration authentication is completed in the access point detection platform through the WiFi access point, the WiFi access point generates authentication information by using a preset private key and sends the authentication information to the WiFi client side, the WiFi client side transmits a connection access request containing the authentication information to the access point detection platform through the WiFi access point, the access point detection platform verifies the legality of the WiFi access point, confirms the legal identity of the access point and sends the verification result to the WiFi client side in an encrypted manner, and the WiFi client side accesses the legal access point according to the verification result. The safety of WiFi verification can be improved, malicious tampering of data information is avoided, access to a phishing WiFi access point is prevented, and safe access of WiFi is achieved.
It should be noted that, the WiFi access device provided in the embodiments of the present invention is a device using the foregoing method, and all embodiments of the foregoing method are applicable to the device and all can achieve the same or similar beneficial effects.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (28)

1. A WiFi access method is applied to a WiFi access point, and is characterized by comprising the following steps:
sending registration information to an access point detection platform for access point registration, and receiving a registration success result returned after the access point detection platform checks the registration information; wherein the registration information comprises access authentication related information and a public key;
receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
and receiving an authentication success result notification fed back after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing WiFi connection with the WiFi client.
2. The WiFi access method of claim 1, wherein when receiving the registration success result returned after the access point detection platform checks the registration information, receiving the address configuration of the access point detection platform at the same time, storing the address of the access point detection platform in a white list.
3. The WiFi access method of claim 1, wherein the step of generating authentication information to send to the WiFi client using a preset private key comprises:
generating an access point random number Rc, and encrypting the Rc by adopting an access point private key to obtain a first encrypted random number EAPs(Rc), said Rc and said EAPs(Rc) constitutes the authentication information;
mixing said Rc and said EAPs(Rc) sending to the WiFi client, and generating the connection access request by the WiFi client after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client and the digest values corresponding to all parts.
4. The WiFi access method according to claim 2, wherein the forwarding the connection access request containing the authentication information sent by the WiFi client to the access point detection platform specifically includes:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
5. The WiFi access method of claim 3, wherein the receiving access point detection platform uses the public key in the registration information to perform the authentication information with the public key in the registration information, and then feeds back the authentication success result notification, and establishes the WiFi connection with the WiFi client, specifically comprising:
receiving the authentication success result notice and receiving a second encrypted random number E sent by the access point detection platformAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
pairing said E with an access point private keyAPp(Rs) decrypting to obtain said Rs;
and generating a shared key Ks with the WiFi client by using a key generation algorithm by taking the Rs and the Rc as factors, safely storing the shared key Ks, establishing connection with the WiFi client, and realizing information transmission.
6. A WiFi access method is applied to a WiFi client, and is characterized by comprising the following steps:
scanning a WiFi access point list, and sending a connection verification request to a first WiFi access point of the WiFi access point list;
when the first WiFi access point is an access point which is successfully registered in an access point detection platform in advance, receiving authentication information generated by the first WiFi access point by using a private key;
sending a connection access request containing the authentication information to the access point detection platform for validity authentication;
and receiving a validity check result which is transmitted by the access point detection platform, forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point.
7. The WiFi access method of claim 6, wherein the connection access request is generated after the WiFi client encrypts, by using an access point detection platform public key, the random number Rs of the client generated by the WiFi client according to the authentication information, the registration information of the current access point obtained by scanning, and the digest values corresponding to the random number Rs of the client and the access point detection platform public keyThe authentication information includes an access point random number Rc generated by the first WiFi access point and a first encrypted random number E obtained by encrypting the Rc by using an access point private keyAPs(Rc)。
8. The WiFi access method according to claim 7, wherein the receiving the validity check result sent by the access point detection platform and forwarded by the first WiFi access point and signed by the private key of the access point detection platform establishes a connection with the first WiFi access point, specifically:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
9. The WiFi access method of claim 6, wherein the method further comprises:
and when the first WiFi access point is not an access point which is successfully registered in the access point detection platform in advance, the WiFi client terminates the authentication process and prompts a user that the validity of the first WiFi access point cannot be determined.
10. A WiFi access method is applied to an access point detection platform and is characterized by comprising the following steps:
receiving registration information sent by a WiFi access point, checking the current WiFi access point, storing the registration information into a legal access point list after the checking is successful, and returning a successful registration result to the current WiFi access point so that the current WiFi access point generates authentication information by using a preset private key;
receiving a connection access request containing the authentication information sent by a WiFi client;
and carrying out legal authentication on the authentication information by using the public key in the registration information according to the received connection access request, and sending an authentication success result notice to the current WiFi access point so that the current WiFi access point establishes connection with the WiFi client.
11. The WiFi access method of claim 10, wherein the authentication information comprises: an access point random number Rc and a first encrypted random number E obtained by encrypting the Rc with an access point private keyAPs(Rc); and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
12. The WiFi access method of claim 11, wherein the legally authenticating the authentication information with the public key in the registration information according to the received connection access request includes:
decrypting the connection access request by using a private key of the access point detection platform to complete integrity check of information;
searching a legal access point list through the registration information of the current WiFi access point;
if the complete corresponding item is searched, decrypting E by using the public key of the current WiFi access pointAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
13. The WiFi access method of claim 12, wherein when the current WiFi access point is a legitimate access point, the method further comprises:
encrypting the decrypted Rs by using the public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
Subjecting said E toAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
14. The WiFi access method of claim 12, wherein the method further comprises:
if the corresponding item is searched, but the decryption result is different from the received Rc, obtaining an authentication failure result;
and if the corresponding item is not searched, obtaining an authentication failure result.
15. A WiFi access device applied to a WiFi access point, comprising:
the first processing module is used for sending registration information to an access point detection platform for access point registration and receiving a registration success result returned after the access point detection platform checks the registration information; wherein the registration information comprises access authentication related information and a public key;
the second processing module is used for receiving a connection verification request sent by a WiFi client, generating authentication information by using a preset private key, sending the authentication information to the WiFi client, and forwarding a connection access request containing the authentication information sent by the WiFi client to the access point detection platform;
and the third processing module is used for receiving an authentication success result notification fed back after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing WiFi connection with the WiFi client.
16. The WiFi access apparatus of claim 15, wherein the WiFi access apparatus further comprises:
and the receiving and storing module is used for receiving the address configuration of the access point detection platform and storing the address of the access point detection platform into a white list when the first processing module receives a registration success result returned by the access point detection platform after checking the registration information.
17. The WiFi access apparatus of claim 15, wherein the second processing module comprises:
a generation submodule for generating an access point random number Rc, usingThe Rc is encrypted by the access point private key to obtain a first encrypted random number EAPs(Rc), said Rc and said EAPs(Rc) constitutes the authentication information;
a first sending submodule for sending the Rc and the EAPs(Rc) sending to the WiFi client, and generating the connection access request by the WiFi client after encrypting by using a detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client and the digest values corresponding to all parts.
18. The WiFi access apparatus of claim 16, wherein the second processing module is further to:
and transmitting the connection access request to the access point detection platform according to the address of the access point detection platform stored in the white list.
19. The WiFi access apparatus of claim 17, wherein the third processing module comprises:
a receiving submodule, configured to receive the second encrypted random number E sent by the ap detection platform when receiving the authentication success result notificationAPp(Rs) of said EAPp(Rs) is generated by the access point detection platform through decrypting the obtained encrypted Rs and then encrypting the Rs by using an access point public key;
a first decryption submodule for pairing E with an access point private keyAPp(Rs) decrypting to obtain said Rs;
and the connection submodule is used for generating a shared key Ks with the WiFi client by using a key generation algorithm by taking the Rs and the Rc as factors, safely storing the shared key Ks, establishing connection with the WiFi client and realizing information transmission.
20. A WiFi access device applied to a WiFi client side is characterized in that the access device comprises:
the device comprises a scanning and sending module, a verification module and a verification module, wherein the scanning and sending module is used for scanning a WiFi access point list and sending a connection verification request to a first WiFi access point of the WiFi access point list;
the first receiving module is used for receiving authentication information generated by the first WiFi access point by using a private key when the first WiFi access point is an access point which is successfully registered in an access point detection platform in advance;
the first sending module is used for sending the connection access request containing the authentication information to the access point detection platform for validity authentication;
and the fourth processing module is used for receiving a validity check result which is transmitted by the access point detection platform, forwarded by the first WiFi access point and signed by a private key of the access point detection platform, and establishing connection with the first WiFi access point.
21. The WiFi access apparatus of claim 20, wherein the connection access request is generated by the WiFi client encrypting with an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client random number Rs generated by the WiFi client, and the digest value corresponding to each part, and the authentication information includes an access point random number Rc generated by the first WiFi access point and a first encrypted random number E obtained by encrypting the Rc with an access point private keyAPs(Rc)。
22. The WiFi access apparatus of claim 21, wherein the fourth processing module is further to:
and after the legality checking result is received, generating a shared key Ks with the first WiFi access point by using a key generation algorithm by taking the received Rc and the generated Rs as factors, safely storing the shared key Ks, establishing connection with the first WiFi access point, and realizing information transmission.
23. The WiFi access apparatus of claim 20, wherein the apparatus further comprises:
and the termination module is used for terminating the authentication process when the first WiFi access point is not an access point which is successfully registered in the access point detection platform in advance, and prompting a user that the validity of the first WiFi access point cannot be determined.
24. The utility model provides a WiFi access device, is applied to access point testing platform, its characterized in that, WiFi access device includes:
the fifth processing module is used for receiving registration information sent by a WiFi access point, checking the current WiFi access point, storing the registration information into a legal access point list after the checking is successful, and returning a registration success result to the current WiFi access point, so that the current WiFi access point generates authentication information by using a preset private key;
the second receiving module is used for receiving a connection access request which is sent by the WiFi client and contains the authentication information;
and the sixth processing module is used for carrying out legal authentication on the authentication information by using the public key in the registration information according to the received connection access request, and sending an authentication success result notification to the current WiFi access point, so that the current WiFi access point establishes connection with the WiFi client.
25. The WiFi access device of claim 24, wherein the authentication information comprises: an access point random number Rc and a first encrypted random number E obtained by encrypting the Rc with an access point private keyAPs(Rc); and the connection access request is generated by the WiFi client side after the WiFi client side encrypts by using an access point detection platform public key according to the authentication information, the registration information of the current access point obtained by scanning, the client side random number Rs generated by the WiFi client side and the corresponding digest values of all parts.
26. The WiFi access apparatus of claim 25, wherein the sixth processing module comprises:
the second decryption submodule is used for decrypting the connection access request by using a private key of the access point detection platform to complete the integrity check of information;
the searching submodule is used for searching a legal access point list through the registration information of the current WiFi access point;
a processing submodule for decrypting E by using the public key of the current WiFi access point if the complete corresponding item is searchedAPs(Rc), comparing whether the decryption result is the same as the received Rc, and if so, obtaining an authentication success result.
27. The WiFi access apparatus of claim 26, wherein when the current WiFi access point is a legitimate access point, the apparatus further comprises:
an encryption module for encrypting the decrypted Rs with the public key of the current WiFi access point to obtain a second encrypted random number EAPp(Rs);
A second sending module for sending the EAPp(Rs) and an authentication success result notification is sent to the current WiFi access point.
28. The WiFi access apparatus of claim 26, wherein the apparatus further comprises:
the first authentication module is used for obtaining an authentication failure result if the corresponding item is searched but the decryption result is different from the received Rc;
and the second authentication module is used for obtaining an authentication failure result if the corresponding item is not searched.
CN201510507794.5A 2015-08-18 2015-08-18 WiFi access method and device Active CN106714158B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510507794.5A CN106714158B (en) 2015-08-18 2015-08-18 WiFi access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510507794.5A CN106714158B (en) 2015-08-18 2015-08-18 WiFi access method and device

Publications (2)

Publication Number Publication Date
CN106714158A CN106714158A (en) 2017-05-24
CN106714158B true CN106714158B (en) 2020-02-18

Family

ID=58918570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510507794.5A Active CN106714158B (en) 2015-08-18 2015-08-18 WiFi access method and device

Country Status (1)

Country Link
CN (1) CN106714158B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109729525A (en) * 2017-10-31 2019-05-07 中国电信股份有限公司 Fishing WIFI recognition methods, device, terminal device and computer readable storage medium
CN113543150A (en) * 2020-04-22 2021-10-22 中兴通讯股份有限公司 Network distribution method and device of intelligent device, electronic device and computer readable medium
CN116709313B (en) * 2023-08-07 2023-10-17 江西科技学院 WiFi sharing method, system and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1399490A (en) * 2002-08-15 2003-02-26 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network
CN101141259A (en) * 2007-10-22 2008-03-12 杭州华三通信技术有限公司 Method and device of access point equipment for preventing error access
CN101990206A (en) * 2009-08-03 2011-03-23 秦志强 Method and system capable of realizing differentiated access control of air interface of wireless local area network
CN102036235A (en) * 2009-09-28 2011-04-27 西门子(中国)有限公司 Device and method for identity authentication
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system
CN102883316A (en) * 2011-07-15 2013-01-16 华为终端有限公司 Connection establishing method, terminal and access point
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN104010310A (en) * 2014-05-21 2014-08-27 中国人民解放军信息工程大学 Heterogeneous network unified authentication method based on physical layer safety
CN104144163A (en) * 2014-07-24 2014-11-12 腾讯科技(深圳)有限公司 Identity verification method, device and system
CN104735052A (en) * 2015-01-28 2015-06-24 中山大学 WiFi hot spot safe login method and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1399490A (en) * 2002-08-15 2003-02-26 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network
CN101141259A (en) * 2007-10-22 2008-03-12 杭州华三通信技术有限公司 Method and device of access point equipment for preventing error access
CN101990206A (en) * 2009-08-03 2011-03-23 秦志强 Method and system capable of realizing differentiated access control of air interface of wireless local area network
CN102036235A (en) * 2009-09-28 2011-04-27 西门子(中国)有限公司 Device and method for identity authentication
CN102883316A (en) * 2011-07-15 2013-01-16 华为终端有限公司 Connection establishing method, terminal and access point
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN104010310A (en) * 2014-05-21 2014-08-27 中国人民解放军信息工程大学 Heterogeneous network unified authentication method based on physical layer safety
CN104144163A (en) * 2014-07-24 2014-11-12 腾讯科技(深圳)有限公司 Identity verification method, device and system
CN104735052A (en) * 2015-01-28 2015-06-24 中山大学 WiFi hot spot safe login method and system

Also Published As

Publication number Publication date
CN106714158A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
TWI686075B (en) Identity verification method and device, electronic equipment
EP3550783B1 (en) Internet of things device burning verification method and apparatus
EP2314090B1 (en) Portable device association
US8099761B2 (en) Protocol for device to station association
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
CN109583181B (en) Authentication method, authentication device and machine-readable storage medium
US8214649B2 (en) System and method for secure communications between at least one user device and a network entity
US20170250974A1 (en) System and method for service assisted mobile pairing of password-less computer login
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
US9015489B2 (en) Securing passwords against dictionary attacks
US8868909B2 (en) Method for authenticating a communication channel between a client and a server
US10862684B2 (en) Method and apparatus for providing service on basis of identifier of user equipment
WO2016177052A1 (en) User authentication method and apparatus
KR20180095873A (en) Wireless network access method and apparatus, and storage medium
WO2017054617A1 (en) Wifi network authentication method, device and system
DK2924944T3 (en) Presence authentication
CN102577301A (en) Method and apparatus for trusted authentication and logon
US20220116385A1 (en) Full-Duplex Password-less Authentication
CN106559785B (en) Authentication method, device and system, access device and terminal
WO2015158228A1 (en) Server, user equipment, and method for user equipment to interact with server
CN106714158B (en) WiFi access method and device
KR102171377B1 (en) Method of login control
CN114422216A (en) Internet of things equipment binding method and device and storage medium
WO2018099407A1 (en) Account authentication login method and device
KR101298216B1 (en) Authentication system and method using multiple category

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant