+

WO2019076041A1 - Method for paired connection of access devices, and access devices - Google Patents

Method for paired connection of access devices, and access devices Download PDF

Info

Publication number
WO2019076041A1
WO2019076041A1 PCT/CN2018/086305 CN2018086305W WO2019076041A1 WO 2019076041 A1 WO2019076041 A1 WO 2019076041A1 CN 2018086305 W CN2018086305 W CN 2018086305W WO 2019076041 A1 WO2019076041 A1 WO 2019076041A1
Authority
WO
WIPO (PCT)
Prior art keywords
access device
authentication
access
information
request
Prior art date
Application number
PCT/CN2018/086305
Other languages
French (fr)
Chinese (zh)
Inventor
谭细金
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2019076041A1 publication Critical patent/WO2019076041A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Definitions

  • the present application relates to the field of wireless communications, and in particular, to an access device pairing connection method and an access device.
  • WIFI Wireless Fidelity
  • the user deploys an access device in the room, and the access device provides a WIFI signal, and the user terminal can connect to the network by connecting the access device.
  • the WIFI signal for example, a 25 cc (cm) thick brick wall is attenuated by about 25 db (representing the relative ratio of power), the space is transmitted by 15 m (m), and the attenuation is about 70 db. It can be seen that in a large space, if only a single access device can not completely cover the WIFI signal.
  • multiple access device networking is generally used to achieve full rate coverage of a large space.
  • the networking between the access device and the access device first requires effective authentication between the access devices, that is, pairing is achieved.
  • the identification buttons of the two access devices are generally pressed by the user within a preset time. Complete valid authentication, or enter an identification code on the access device to complete valid authentication.
  • the present invention provides an access device pairing connection method and an access device, which are used to solve the problem that the user operation is cumbersome and efficient under the method in which the access device performs effective authentication in the prior art.
  • the application provides a method for pairing access devices, including:
  • the first access device receives an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information;
  • the first access device performs authentication on the second access device according to the authentication information
  • the first access device sends an authentication response to the second access device according to the identifier information of the second access device;
  • the first access device sends an access response to the second access device.
  • the authentication request further includes: a uniqueness verification parameter
  • the method further includes:
  • the first access device verifies the uniqueness of the authentication request according to the uniqueness parameter.
  • the uniqueness verification parameter includes: a random number, and/or a timestamp.
  • the authentication information includes: an agreed content after the preset private key is encrypted;
  • the first access device performs authentication on the second access device according to the authentication information, including:
  • the first access device decrypts the authentication information by using a preset public key, and obtains the decrypted information
  • the first access device determines whether the decrypted information is the same as the agreed content.
  • the agreed content includes: information other than the authentication information in the authentication request.
  • the application provides a method for connecting and connecting an access device, including:
  • the first access device After detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information;
  • the first access device receives an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the Successful authentication of authentication information;
  • the first access device sends a network access request to the second access device
  • the first access device receives an access response sent by the second access device, and completes a network connection according to the access response.
  • the authentication request further includes: a uniqueness verification parameter.
  • the uniqueness verification parameter includes: a random number, and/or a timestamp.
  • the authentication information includes: an agreed content after the preset private key is encrypted.
  • the agreed content includes: information other than the authentication information in the authentication request.
  • the present application provides an access device, the device comprising means or means for performing the methods of the first aspect and the various implementations of the first aspect described above.
  • the present application provides an access device, the device comprising means or means for performing the methods of the second aspect and the various implementations of the second aspect described above.
  • the application provides an access device, the device comprising a processor and a memory, the memory is for storing a program, and the processor calls a program stored in the memory to perform the method provided by the first aspect of the application.
  • the application provides an access device, the device comprising a processor and a memory, the memory is for storing a program, and the processor calls a program stored in the memory to perform the method provided by the second aspect of the application.
  • the application provides an access device comprising at least one processing element (or chip) for performing the method of the above first aspect.
  • the application provides an access device comprising at least one processing element (or chip) for performing the method of the above second aspect.
  • the present application provides a computer storage medium comprising a program for performing the method of the above first aspect.
  • the application provides a computer storage medium comprising a program for performing the method of the above second aspect.
  • the first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: The first access device authenticates the second access device according to the authentication information, and the first access device sends the second access device to the second access device after the authentication succeeds. After the authentication succeeds, the first access device sends an authentication response to the second access device after the authentication succeeds. After the authentication is completed, the access device can initiate the access to access the second access device to the network. The entire authentication and access network process is completed by the first access device and the second access device, and no human intervention is required, which improves the access efficiency and user experience, and also improves the security of the networking process.
  • FIG. 1 is a schematic diagram of a communication network architecture
  • FIG. 2 is a schematic flowchart of a method for pairing and connecting access devices according to an embodiment of the present disclosure
  • FIG. 3 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure
  • FIG. 4 is a schematic structural diagram of an authentication request in an access device pairing connection method according to another embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure
  • FIG. 6 is a schematic structural diagram of an access device according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of an access device according to another embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of an access device according to another embodiment of the present disclosure.
  • FIG. 1 is a schematic diagram of a communication network architecture.
  • the communication network includes a plurality of access devices 01, and the plurality of access devices 01 include a primary access device, and the primary access device can be connected to a network provided by an operator, and other access devices.
  • the access network can be accessed by accessing the primary access device or other access devices that have access to the network, that is, the multiple access devices 01 are networked.
  • the foregoing access device may be referred to as an access point (AP).
  • AP access point
  • Each access device 01 can access one or more terminals 02 to provide a network for the terminal 02.
  • Multiple access devices 01 can be deployed in various locations in a large space, or deployed in various rooms of an office building, various rooms in a family home, etc., to achieve more comprehensive network coverage.
  • the terminal device includes, but is not limited to, a mobile station (MS, Mobile Station), a mobile terminal (Mobile Terminal), a mobile telephone (Mobile Telephone), a mobile phone (handset), and a portable device.
  • the terminal can communicate with one or more core networks via a Radio Access Network (RAN).
  • RAN Radio Access Network
  • the terminal can be a mobile phone (or “cellular” phone), a computer with wireless communication function, etc., the terminal. It can also be a portable, pocket, handheld, computer built-in or in-vehicle mobile device or device.
  • the networking process requires other access devices to be paired with the primary access device, that is, the validity of the verification.
  • the user needs to input information or press a button to complete, that is, the operation must be performed manually, and the process is cumbersome. And the security is not high.
  • the present application proposes a new access device pairing connection method.
  • the first access device is a primary access device or an access device that has accessed the network through other access devices.
  • the two access devices need to access the network by accessing the first access device.
  • the first access device and the second access device may be the same physical device.
  • the method includes:
  • the first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information.
  • the identifier information of the second access device is used to identify the second access device, which may be a media access control (MAC) address of the second access device, a serial number of the second access device, and the like. No restrictions. So that the first access device identifies the second access device and obtains relevant address information for subsequent interaction.
  • MAC media access control
  • the authentication information may be some information pre-approved by the first access device and the second access device, or some information configured before the factory, for the opposite device to verify its validity, and the first access device needs to be After confirming that the second access device is valid and trusted, the subsequent access process will be performed.
  • the first access device may perform authentication on the second access device, or both parties may perform authentication, that is, the second access device also receives the authentication sent by the first access device. Requesting to authenticate the first device, both parties pass the authentication and then enter the subsequent access process.
  • the second access device may detect the signals of other access devices within the coverage of the signal, and after detecting the first access device, automatically send an authentication request without human triggering.
  • the first access device authenticates the second access device according to the foregoing authentication information.
  • the first access device sends an authentication response to the second access device according to the identifier information of the second device.
  • the second access device sends a network access request to the first access device.
  • the first access device sends an access response to the second access device.
  • the first access device sends an access response to the second access device according to the identifier information of the second device.
  • the access process can use the Wi-Fi protected setup (WPS) authentication process to complete the authentication to access.
  • WPS Wi-Fi protected setup
  • the second access device After the second access device completes the access, it can connect to the network to provide network services for the terminals in the coverage.
  • the first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information,
  • the first access device authenticates the second access device according to the foregoing authentication information, and the first access device sends an authentication response to the second access device after the authentication succeeds, and the first access device is authenticated.
  • the authentication response is sent to the second access device.
  • the access may be initiated to access the second access device to the network.
  • the entire authentication and access network process is completed by the first access device and the second access device, and no human intervention is required, which improves the access efficiency and user experience, and also improves the security of the networking process.
  • the foregoing authentication request may further include: a uniqueness verification parameter.
  • the above method may further comprise: verifying the uniqueness of the foregoing authentication request according to the uniqueness parameter.
  • the interaction between the first access device and the second access device is a plaintext interaction before the data encryption key is officially obtained, so that the third party can easily forge the first access device and the second access device by using packet capture.
  • Inter-communication packets in order to avoid attacks, can carry unique authentication parameters in the message.
  • the uniqueness verification parameters carried in each authentication request are different. If the first access device receives the same uniqueness verification parameter, the second access device may be denied access, or attack identification may be performed to determine the authentication. Whether the request is attacked.
  • the above-mentioned uniqueness verification parameter may include: a random number, and/or a timestamp.
  • Random numbers and timestamps are different at any time. Embedding random numbers and/or timestamps in authentication requests ensures the uniqueness of each transmission.
  • the authentication information may include: the preset content encrypted by the preset private key.
  • the first access device performs the authentication on the second access device according to the foregoing authentication information, where the first access device decrypts the authentication information by using a preset public key, and obtains the decrypted information. Then, the first access device determines whether the decrypted information is the same as the agreed content.
  • the above public key and private key are a pair of keys, one for encryption and the other for decryption.
  • the private key is used for encryption, and only the corresponding public key can decrypt the content. If the decrypted content is the same as the pre-agreed content, the first access device determines that the second access device is valid and can access. .
  • the content of the agreement includes: information other than the authentication information in the authentication request. That is, in the authentication request, the information statistics other than the authentication information may be encrypted with the private key and carried in the authentication request.
  • the first access device decrypts the authentication information by using the preset public key, the information is compared and decrypted. If the information is consistent with other information, if the authentication is successful, the second access device is determined to be valid and can be accessed. If the authentication is inconsistent, the authentication fails, and the second access device is not allowed to access.
  • FIG. 3 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic structural diagram of an authentication request in an access device pairing connection method according to another embodiment of the present disclosure.
  • the authentication request may include the uniqueness verification parameter and the authentication information.
  • the first access device After receiving the authentication request, the first access device authenticates the authentication information and determines the uniqueness according to the uniqueness verification parameter.
  • the second access device is allowed to access the network when both are met.
  • the authentication request may include: identifier information of the second access device, uniqueness verification parameters, custom text, and authentication information.
  • the custom text is a reserved space and can be expanded in the future. This application is not limited.
  • the authentication information includes the “identity information of the second access device + uniqueness verification parameter + custom text” after the preset private key is encrypted.
  • a hash algorithm may be used to calculate a hash value of "identity information of the second access device + uniqueness verification parameter + custom text", and the authentication information includes "second” encrypted by the preset private key.
  • the hash value of the identification information of the access device + uniqueness verification parameter + custom text may be used to calculate a hash value of "identity information of the second access device + uniqueness verification parameter + custom text.
  • the authentication information may include the “MAC address of the second access device + time stamp + custom text” after the preset private key is encrypted, or the authentication information may include the “second access device” after the preset private key is encrypted.
  • MAC address + time stamp + custom text "hash value this application is not limited.
  • FIG. 5 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure.
  • the first access device may also serve as an accessing party.
  • the second access device like the first access device, can be the access party or the requesting access party.
  • the method includes:
  • the first access device After detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information.
  • the identifier of the first access device may be the MAC address of the first access device, the serial number of the first access device, and the like, which are not limited herein.
  • the first access device may automatically send an authentication request to the second access device, without manual triggering operation.
  • the first access device receives an authentication response that is sent by the second access device according to the identifier information of the first access device.
  • the authentication response is used to indicate that the second access device successfully authenticates according to the authentication information.
  • the first access device sends a network access request to the second access device.
  • the first access device receives an access response sent by the second access device, and completes the network connection according to the access response.
  • the second access device authenticates the first access device
  • the validity of the first access device is confirmed, and the authentication response is sent to the first access device.
  • the two parties can enter the access process.
  • the access process can use the WPS authentication process to complete the authentication to access.
  • This application does not limit the application.
  • the first access device and the second access device securely acquire an account through key exchange and complete network access.
  • the first access device after detecting the second access device, sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information,
  • the second access device successfully authenticates, the first access device sends an authentication response to the first access device, and then the first access device sends a network access request to the second access device, and receives the connection sent by the second access device.
  • the network connection is completed according to the access response.
  • the entire authentication and access network process is completed by the interaction information between the first access device and the second access device, and no human intervention is required, thereby improving access efficiency and user experience.
  • the authentication request may further include: a uniqueness verification parameter.
  • the uniqueness verification parameter can be a random number, and/or a timestamp.
  • the second access device After receiving the authentication request, the second access device further verifies the uniqueness of the foregoing authentication request according to the uniqueness parameter.
  • the uniqueness verification parameters carried in each authentication request are different. If the second access device receives the same uniqueness verification parameter, the first access device may be denied access, or attack identification may be performed to determine the authentication. Whether the request is attacked.
  • the authentication information includes: an agreed content that is encrypted by the preset private key.
  • the agreement content includes: information other than the authentication information in the authentication request. See Figure 3 and Figure 4.
  • FIG. 6 is a schematic structural diagram of an access device according to an embodiment of the present disclosure. As shown in FIG. 6, the device includes: a receiving module 601, an authentication module 602, and a sending module 603, where:
  • the receiving module 601 is configured to receive an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information. .
  • the authentication module 602 is configured to perform authentication on the second access device according to the authentication information.
  • the sending module 603 is configured to send an authentication response to the second access device according to the identifier information of the second access device after the authentication succeeds.
  • the receiving module 601 is further configured to receive a network access request sent by the second access device.
  • the sending module 603 is further configured to send an access response to the second access device.
  • the authentication request further includes: a uniqueness verification parameter.
  • the authentication module 602 is further configured to verify the uniqueness of the authentication request according to the uniqueness parameter.
  • the uniqueness verification parameter includes: a random number, and/or a timestamp.
  • the authentication information includes: an agreed content that is encrypted by a preset private key.
  • the authentication module 602 is specifically configured to decrypt the authentication information by using a preset public key to obtain the decrypted information, and determine whether the decrypted information is identical to the agreed content.
  • the agreed content includes: information other than the authentication information in the authentication request.
  • FIG. 7 is a schematic structural diagram of an access device according to another embodiment of the present disclosure. As shown in FIG. 7, the device includes: a sending module 701 and a receiving module 702, where:
  • the sending module 701 is configured to send an authentication request to the second access device after detecting the second access device, where the authentication request includes: identifier information of the first access device, and authentication information.
  • the receiving module 702 is configured to receive an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the authentication information. The authentication was successful.
  • the sending module 701 is further configured to send a network access request to the second access device.
  • the receiving module 702 is further configured to receive an access response sent by the second access device, and complete a network connection according to the access response.
  • the authentication request further includes: a uniqueness verification parameter.
  • the uniqueness verification parameter includes: a random number, and/or a timestamp.
  • the authentication information includes: an agreed content after the preset private key is encrypted.
  • the agreed content includes: information other than the authentication information in the authentication request.
  • each module of the above device is only a division of a logical function, and the actual implementation may be integrated into one physical entity in whole or in part, or may be physically separated.
  • these modules can all be implemented by software in the form of processing component calls; or all of them can be implemented in hardware form; some modules can be realized by processing component calling software, and some modules are realized by hardware.
  • the authentication module may be a separately set processing element, or may be integrated in one of the above-mentioned devices, or may be stored in the memory of the above device in the form of program code, and processed by one of the devices.
  • the component invokes and executes the functions of the above authentication module.
  • the implementation of other modules is similar.
  • all or part of these modules can be integrated or implemented independently.
  • the processing elements described herein can be an integrated circuit that has signal processing capabilities. In the implementation process, each step of the above method or each of the above modules may be completed by an integrated logic circuit of hardware in the processor element or an instruction in a form of software.
  • the above modules may be one or more integrated circuits configured to implement the above methods, such as one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (Digital) Signal Processor, DSP), or one or more Field Programmable Gate Arrays (FPGAs).
  • ASICs Application Specific Integrated Circuits
  • DSP Digital Signal Processor
  • FPGAs Field Programmable Gate Arrays
  • the processing component can be a general purpose processor, such as a central processing unit.
  • CPU Central Processing Unit
  • SOC system-on-a-chip
  • FIG. 8 is a schematic structural diagram of an access device according to another embodiment of the present disclosure. As shown in FIG. 8, the device includes: a memory 10 and a processor 11.
  • the memory 10 can be a separate physical unit and can be connected to the processor 11 via a bus.
  • the memory 10 and the processor 11 can also be integrated together, implemented by hardware or the like.
  • the memory 10 is configured to store a program for implementing the above method embodiments, or the modules of the embodiments shown in FIG. 6 to FIG. 7, and the processor 11 calls the program to perform the operations of the above method embodiments.
  • the access device may also include only the processor.
  • the memory for storing the program is located outside the access device, and the processor is connected to the memory through the circuit/wire for reading and executing the program stored in the memory.
  • the processor may be a Central Processing Unit (CPU), a Network Processor (NP) or a combination of a CPU and an NP.
  • CPU Central Processing Unit
  • NP Network Processor
  • the processor may further include a hardware chip.
  • the hardware chip may be an Application-specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof.
  • the PLD may be a Complex Programmable Logic Device (CPLD), a Field-Programmable Gate Array (FPGA), a Generic Array Logic (GAL), or any combination thereof.
  • the memory may include a volatile memory such as a random access memory (RAM); the memory may also include a non-volatile memory such as a flash memory.
  • RAM random access memory
  • non-volatile memory such as a flash memory.
  • HDD hard disk drive
  • SSD solid state drive
  • the memory may also include a combination of the above types of memories.
  • the embodiment of the present application further provides a computer storage medium, which is stored with a computer program, which is used to perform the access device pairing connection method provided by the foregoing embodiment.
  • the embodiment of the present application further provides a computer program product including instructions, which when executed on a computer, causes the computer to perform the access device pairing connection method provided by the foregoing embodiment.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present application provide a method for the paired connection of access devices, and access devices. The method comprises: a first access device receives an authentication request sent by a second access device after detecting the first access device, the authentication request comprising identifier information of the second access device and authentication information; authenticate the second access device according to the authentication information; send an authentication response to the second access device after the authentication succeeds; receive a network access request sent by the second access device; send an access response to the second access device. The embodiments of the present application implement the completion of an entire authentication and network access process by means of information interaction between a first access device and a second access device, without involving human participation, improve the access efficiency and user experience, and also improve the security of a network construction process.

Description

接入设备配对连接方法及接入设备Access device pairing connection method and access device
本申请要求于2017年10月18日提交中国专利局、申请号为201710969501.4、申请名称为“接入设备配对连接方法及接入设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application entitled "Access Device Pairing Connection Method and Access Device" submitted by the Chinese Patent Office on October 18, 2017, with the application number of 201710969501.4, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本申请涉及无线通信领域,尤其涉及一种接入设备配对连接方法及接入设备。The present application relates to the field of wireless communications, and in particular, to an access device pairing connection method and an access device.
背景技术Background technique
无线保真(Wireless Fidelity,WIFI)技术是一种无线传输技术,由于其接入的可移动性和便利性,目前广泛应用于家庭、办公等场所的网络接入。随着移动设备的增多、互联网业务的不断多元化,用户对WIFI带宽、速率的需求越来越高。一般地,用户会在房间里部署接入设备,由该接入设备提供WIFI信号,用户的终端可以通过连接该接入设备而连接至网络。但是WIFI信号在传输过程中会存在损耗,例如穿过一堵24厘米(cm)厚的砖墙衰减大约25db(表征功率的相对比值),空间传输15米(m),衰减大约70db。可见,在较大空间范围内,如果只有单个接入设备无法做到WIFI信号完全覆盖。Wireless Fidelity (WIFI) technology is a wireless transmission technology. Due to the mobility and convenience of its access, it is widely used in network access in homes, offices and other places. With the increase of mobile devices and the diversification of Internet services, users are increasingly demanding WIFI bandwidth and speed. Generally, the user deploys an access device in the room, and the access device provides a WIFI signal, and the user terminal can connect to the network by connecting the access device. However, there is a loss in the transmission of the WIFI signal, for example, a 25 cc (cm) thick brick wall is attenuated by about 25 db (representing the relative ratio of power), the space is transmitted by 15 m (m), and the attenuation is about 70 db. It can be seen that in a large space, if only a single access device can not completely cover the WIFI signal.
为了实现WIFI信号更好地覆盖,一般采用多个接入设备组网,来实现较大空间的全速率覆盖。接入设备和接入设备之间的组网首先需要接入设备之间的有效认证,即实现配对,现有技术中,一般通过用户在预设时间内按下两个接入设备的识别按钮完成有效认证,或者在接入设备输入识别码来完成有效认证。In order to achieve better coverage of the WIFI signal, multiple access device networking is generally used to achieve full rate coverage of a large space. The networking between the access device and the access device first requires effective authentication between the access devices, that is, pairing is achieved. In the prior art, the identification buttons of the two access devices are generally pressed by the user within a preset time. Complete valid authentication, or enter an identification code on the access device to complete valid authentication.
可见,现有技术中接入设备完成有效认证的方式中,用户操作繁琐、效率底下。It can be seen that in the prior art, in the manner in which the access device completes the effective authentication, the user operation is cumbersome and efficient.
发明内容Summary of the invention
本申请提供一种接入设备配对连接方法及接入设备,用于解决现有技术中接入设备完成有效认证的方式中,用户操作繁琐、效率底下的问题。The present invention provides an access device pairing connection method and an access device, which are used to solve the problem that the user operation is cumbersome and efficient under the method in which the access device performs effective authentication in the prior art.
第一方面,本申请提供一种接入设备配对连接方法,包括:In a first aspect, the application provides a method for pairing access devices, including:
第一接入设备接收第二接入设备检测到所述第一接入设备后发送的鉴权请求,所述鉴权请求包括:所述第二接入设备的标识信息、以及鉴权信息;The first access device receives an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information;
所述第一接入设备根据所述鉴权信息对所述第二接入设备进行鉴权;The first access device performs authentication on the second access device according to the authentication information;
所述第一接入设备在鉴权成功后根据所述第二接入设备的标识信息向所述第二接入设备发送鉴权响应;After the authentication succeeds, the first access device sends an authentication response to the second access device according to the identifier information of the second access device;
所述第一接入设备接收所述第二接入设备发送的网络接入请求;Receiving, by the first access device, a network access request sent by the second access device;
所述第一接入设备向所述第二接入设备发送接入响应。The first access device sends an access response to the second access device.
一种可能的设计方式中,所述鉴权请求还包括:唯一性验证参数;In a possible design manner, the authentication request further includes: a uniqueness verification parameter;
所述方法还包括:The method further includes:
所述第一接入设备根据所述唯一性参数验证所述鉴权请求的唯一性。The first access device verifies the uniqueness of the authentication request according to the uniqueness parameter.
一种可能的设计方式中,所述唯一性验证参数包括:随机数,和/或,时间戳。In a possible design manner, the uniqueness verification parameter includes: a random number, and/or a timestamp.
一种可能的设计方式中,所述鉴权信息包括:预设私钥加密后的约定内容;In a possible design manner, the authentication information includes: an agreed content after the preset private key is encrypted;
所述第一接入设备根据所述鉴权信息对所述第二接入设备进行鉴权,包括:The first access device performs authentication on the second access device according to the authentication information, including:
所述第一接入设备采用预设公钥对所述鉴权信息进行解密,获取解密后的信息;The first access device decrypts the authentication information by using a preset public key, and obtains the decrypted information;
所述第一接入设备判断所述解密后的信息与所述约定内容是否相同。The first access device determines whether the decrypted information is the same as the agreed content.
一种可能的设计方式中,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。In a possible design manner, the agreed content includes: information other than the authentication information in the authentication request.
第二方面,本申请提供一种接入设备配对连接方法,包括:In a second aspect, the application provides a method for connecting and connecting an access device, including:
第一接入设备检测到第二接入设备后,向所述第二接入设备发送鉴权请求,所述鉴权请求包括:所述第一接入设备的标识信息、以及鉴权信息;After detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information;
所述第一接入设备接收所述第二接入设备根据所述第一接入设备的标识信息发送的鉴权响应,所述鉴权响应用于指示所述第二接入设备根据所述鉴权信息鉴权成功;The first access device receives an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the Successful authentication of authentication information;
所述第一接入设备向所述第二接入设备发送网络接入请求;The first access device sends a network access request to the second access device;
所述第一接入设备接收所述第二接入设备发送的接入响应,根据所述接入响应完成网络连接。The first access device receives an access response sent by the second access device, and completes a network connection according to the access response.
一种可能的设计方式中,所述鉴权请求还包括:唯一性验证参数。In a possible design manner, the authentication request further includes: a uniqueness verification parameter.
一种可能的设计方式中,所述唯一性验证参数包括:随机数,和/或,时间戳。In a possible design manner, the uniqueness verification parameter includes: a random number, and/or a timestamp.
一种可能的设计方式中,所述鉴权信息包括:预设私钥加密后的约定内容。In a possible design manner, the authentication information includes: an agreed content after the preset private key is encrypted.
一种可能的设计方式中,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。In a possible design manner, the agreed content includes: information other than the authentication information in the authentication request.
第三方面,本申请提供一种接入设备,所述设备包括用于执行上述第一方面以及第一方面的各种实现方式所提供的方法的模块或手段(means)。In a third aspect, the present application provides an access device, the device comprising means or means for performing the methods of the first aspect and the various implementations of the first aspect described above.
第四方面,本申请提供一种接入设备,所述设备包括用于执行上述第二方面以及第二方面的各种实现方式所提供的方法的模块或手段(means)。In a fourth aspect, the present application provides an access device, the device comprising means or means for performing the methods of the second aspect and the various implementations of the second aspect described above.
第五方面,本申请提供一种接入设备,所述设备包括处理器和存储器,存储器用于存储程序,处理器调用存储器存储的程序,以执行本申请第一方面提供的方法。In a fifth aspect, the application provides an access device, the device comprising a processor and a memory, the memory is for storing a program, and the processor calls a program stored in the memory to perform the method provided by the first aspect of the application.
第六方面,本申请提供一种接入设备,所述设备包括处理器和存储器,存储器用于存储程序,处理器调用存储器存储的程序,以执行本申请第二方面提供的方法。In a sixth aspect, the application provides an access device, the device comprising a processor and a memory, the memory is for storing a program, and the processor calls a program stored in the memory to perform the method provided by the second aspect of the application.
第七方面,本申请提供一种接入设备,包括用于执行以上第一方面的方法的至少一个处理元件(或芯片)。In a seventh aspect, the application provides an access device comprising at least one processing element (or chip) for performing the method of the above first aspect.
第八方面,本申请提供一种接入设备,包括用于执行以上第二方面的方法的至少一个处理元件(或芯片)。In an eighth aspect, the application provides an access device comprising at least one processing element (or chip) for performing the method of the above second aspect.
第九方面,本申请提供一种计算机存储介质,包括程序,所述程序用于执行以上第一方面的方法。In a ninth aspect, the present application provides a computer storage medium comprising a program for performing the method of the above first aspect.
第十方面,本申请提供一种计算机存储介质,包括程序,所述程序用于执行以上第二方面的方法。In a tenth aspect, the application provides a computer storage medium comprising a program for performing the method of the above second aspect.
本申请提供的接入设备配对连接方法及接入设备中,第一接入设备接收第二接入 设备在检测到该第一接入设备后发送的鉴权请求,该鉴权请求包括:第二接入设备的标识信息、以及鉴权信息,第一接入设备根据上述鉴权信息对第二接入设备进行鉴权,第一接入设备在鉴权成功后向第二接入设备发送鉴权响应,进而第一接入设备在鉴权成功后向第二接入设备发送鉴权响应,鉴权完成后就可以发起接入以将第二接入设备接入网络。实现了整个鉴权及接入网过程由第一接入设备和第二接入设备交互信息完成,无需人为参与,提高了接入效率和用户体验,同时也提升了组网过程的安全性。In the access device pairing connection method and the access device provided by the present application, the first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: The first access device authenticates the second access device according to the authentication information, and the first access device sends the second access device to the second access device after the authentication succeeds. After the authentication succeeds, the first access device sends an authentication response to the second access device after the authentication succeeds. After the authentication is completed, the access device can initiate the access to access the second access device to the network. The entire authentication and access network process is completed by the first access device and the second access device, and no human intervention is required, which improves the access efficiency and user experience, and also improves the security of the networking process.
附图说明DRAWINGS
图1为一种通信网络架构示意图;1 is a schematic diagram of a communication network architecture;
图2为本申请一实施例提供的接入设备配对连接方法流程示意图;2 is a schematic flowchart of a method for pairing and connecting access devices according to an embodiment of the present disclosure;
图3为本申请一实施例提供的接入设备配对连接方法中鉴权请求结构示意图;FIG. 3 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure;
图4为本申请另一实施例提供的接入设备配对连接方法中鉴权请求结构示意图;FIG. 4 is a schematic structural diagram of an authentication request in an access device pairing connection method according to another embodiment of the present disclosure;
图5为本申请一实施例提供的接入设备配对连接方法中鉴权请求结构示意图;FIG. 5 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure;
图6为本申请一实施例提供的接入设备结构示意图;FIG. 6 is a schematic structural diagram of an access device according to an embodiment of the present disclosure;
图7为本申请另一实施例提供的接入设备结构示意图;FIG. 7 is a schematic structural diagram of an access device according to another embodiment of the present disclosure;
图8为本申请再一实施例提供的接入设备结构示意图。FIG. 8 is a schematic structural diagram of an access device according to another embodiment of the present disclosure.
具体实施方式Detailed ways
图1为一种通信网络架构示意图。如图1所示,该通信网络中包括多个接入设备01,这多个接入设备01中包括一个主接入设备,主接入设备可以连接运营商等提供的网络,其它接入设备可以通过接入主接入设备、或者其它已经接入网络的接入设备来接入网络,即将多个接入设备01进行组网。FIG. 1 is a schematic diagram of a communication network architecture. As shown in FIG. 1 , the communication network includes a plurality of access devices 01, and the plurality of access devices 01 include a primary access device, and the primary access device can be connected to a network provided by an operator, and other access devices. The access network can be accessed by accessing the primary access device or other access devices that have access to the network, that is, the multiple access devices 01 are networked.
上述接入设备可以称为接入点(Access Point,AP)。The foregoing access device may be referred to as an access point (AP).
每个接入设备01都可以接入一个或多个终端02,为终端02提供网络。Each access device 01 can access one or more terminals 02 to provide a network for the terminal 02.
多个接入设备01可以部署在大型空间的各个位置,或者部署在写字楼的各个房间、家庭住宅的各个房间等,以更加全面的实现网络覆盖。 Multiple access devices 01 can be deployed in various locations in a large space, or deployed in various rooms of an office building, various rooms in a family home, etc., to achieve more comprehensive network coverage.
本申请中,终端(terminal device)包括但不限于移动台(MS,Mobile Station)、移动终端(Mobile Terminal)、移动电话(Mobile Telephone)、手机(handset)及便携设备(portable equipment)等,该终端可以经无线接入网(RAN,Radio Access Network)与一个或多个核心网进行通信,例如,终端可以是移动电话(或称为“蜂窝”电话)、具有无线通信功能的计算机等,终端还可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置或设备。In the present application, the terminal device includes, but is not limited to, a mobile station (MS, Mobile Station), a mobile terminal (Mobile Terminal), a mobile telephone (Mobile Telephone), a mobile phone (handset), and a portable device. The terminal can communicate with one or more core networks via a Radio Access Network (RAN). For example, the terminal can be a mobile phone (or “cellular” phone), a computer with wireless communication function, etc., the terminal. It can also be a portable, pocket, handheld, computer built-in or in-vehicle mobile device or device.
针对现有技术中,组网过程需要其他接入设备与主接入设备进行配对,即验证有效性,这个过程中需要用户输入信息或者按下按钮来完成,即必须有人为操作,过程繁琐,且安全性不高。针对这些问题,本申请提出一种新的接入设备配对连接方法。In the prior art, the networking process requires other access devices to be paired with the primary access device, that is, the validity of the verification. In this process, the user needs to input information or press a button to complete, that is, the operation must be performed manually, and the process is cumbersome. And the security is not high. In response to these problems, the present application proposes a new access device pairing connection method.
图2为本申请一实施例提供的接入设备配对连接方法流程示意图,本实施例中,第一接入设备是主接入设备或者已经通过其他接入设备接入网络的接入设备,第二接入设备需要通过接入第一接入设备来接入网络。这里第一接入设备和第二接入设备可 以是相同的实体设备。2 is a schematic flowchart of a method for pairing and connecting an access device according to an embodiment of the present disclosure. In this embodiment, the first access device is a primary access device or an access device that has accessed the network through other access devices. The two access devices need to access the network by accessing the first access device. Here, the first access device and the second access device may be the same physical device.
如图2所示,该方法包括:As shown in Figure 2, the method includes:
S201、第一接入设备接收第二接入设备在检测到第一接入设备后发送的鉴权请求,该鉴权请求包括:第二接入设备的标识信息、以及鉴权信息。S201. The first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information.
第二接入设备的标识信息用于标识第二接入设备,可以是第二接入设备的媒体接入控制(Media Access Control,MAC)地址、第二接入设备的序列号等,在此不作限制。以便于第一接入设备识别出第二接入设备,并获取相关地址信息用于后续的交互。The identifier information of the second access device is used to identify the second access device, which may be a media access control (MAC) address of the second access device, a serial number of the second access device, and the like. No restrictions. So that the first access device identifies the second access device and obtains relevant address information for subsequent interaction.
鉴权信息可以是第一接入设备和第二接入设备预先约定好的一些信息,或者出厂前配置好的一些信息,用于让对侧设备验证自己的有效性,第一接入设备要确认第二接入设备有效且可信,才会进行后续的接入过程。The authentication information may be some information pre-approved by the first access device and the second access device, or some information configured before the factory, for the opposite device to verify its validity, and the first access device needs to be After confirming that the second access device is valid and trusted, the subsequent access process will be performed.
具体实现过程中,可以是第一接入设备单向对第二接入设备进行鉴权,也可以是双方都进行鉴权,即第二接入设备也接收第一接入设备发送的鉴权请求对第一设备进行鉴权,双方都鉴权通过后再进入后续的接入过程。In the specific implementation process, the first access device may perform authentication on the second access device, or both parties may perform authentication, that is, the second access device also receives the authentication sent by the first access device. Requesting to authenticate the first device, both parties pass the authentication and then enter the subsequent access process.
需要说明的是,第二接入设备可以在信号覆盖范围内检测其他接入设备的信号,检测到第一接入设备后,自动发送鉴权请求,无需人为触发。It should be noted that the second access device may detect the signals of other access devices within the coverage of the signal, and after detecting the first access device, automatically send an authentication request without human triggering.
S202、第一接入设备根据上述鉴权信息对第二接入设备进行鉴权。S202. The first access device authenticates the second access device according to the foregoing authentication information.
S203、第一接入设备在鉴权成功后根据第二设备的标识信息向第二接入设备发送鉴权响应。S203. After the authentication succeeds, the first access device sends an authentication response to the second access device according to the identifier information of the second device.
S204、第二接入设备向第一接入设备发送网络接入请求。S204. The second access device sends a network access request to the first access device.
S205、第一接入设备向第二接入设备发送接入响应。S205. The first access device sends an access response to the second access device.
可选地,第一接入设备根据第二设备的标识信息向第二接入设备发送接入响应。Optionally, the first access device sends an access response to the second access device according to the identifier information of the second device.
本实施例中,第一接入设备对第二接入设备鉴权通过后,确认了第二接入设备的有效性,并向第二接入设备发送鉴权响应。之后双方就可以进入接入过程,例如接入过程可以采用Wi-Fi保护设置(Wi-Fi protected setup,WPS)认证流程来完成认证以接入,本申请不作限制。具体地,第一接入设备和第二接入设备通过密钥交换安全获取账号并完成网络接入。In this embodiment, after the first access device authenticates the second access device, the validity of the second access device is confirmed, and the authentication response is sent to the second access device. After that, the two parties can enter the access process. For example, the access process can use the Wi-Fi protected setup (WPS) authentication process to complete the authentication to access. This application does not limit the application. Specifically, the first access device and the second access device securely acquire an account through key exchange and complete network access.
第二接入设备完成接入后,就可以连接至网络,为覆盖范围内的终端提供网络服务。After the second access device completes the access, it can connect to the network to provide network services for the terminals in the coverage.
本实施例中,第一接入设备接收第二接入设备检测到第一接入设备后发送的鉴权请求,该鉴权请求包括:第二接入设备的标识信息、以及鉴权信息,第一接入设备根据上述鉴权信息对第二接入设备进行鉴权,第一接入设备在鉴权成功后向第二接入设备发送鉴权响应,进而第一接入设备在鉴权成功后向第二接入设备发送鉴权响应,鉴权完成后就可以发起接入以将第二接入设备接入网络。实现了整个鉴权及接入网过程由第一接入设备和第二接入设备交互信息完成,无需人为参与,提高了接入效率和用户体验,同时也提升了组网过程的安全性。In this embodiment, the first access device receives an authentication request sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information, The first access device authenticates the second access device according to the foregoing authentication information, and the first access device sends an authentication response to the second access device after the authentication succeeds, and the first access device is authenticated. After the success, the authentication response is sent to the second access device. After the authentication is completed, the access may be initiated to access the second access device to the network. The entire authentication and access network process is completed by the first access device and the second access device, and no human intervention is required, which improves the access efficiency and user experience, and also improves the security of the networking process.
可选地,上述鉴权请求还可以包括:唯一性验证参数。相应地,上述方法还可以包括:根据唯一性参数验证上述鉴权请求的唯一性。Optionally, the foregoing authentication request may further include: a uniqueness verification parameter. Correspondingly, the above method may further comprise: verifying the uniqueness of the foregoing authentication request according to the uniqueness parameter.
第一接入设备和第二接入设备的交互在正式获得数据加密的密钥前都是明文交互,这样第三方很容易通过报文捕获来伪造第一接入设备和第二接入设备之间交互的报文, 为了避免攻击可以在消息中携带唯一性验证参数。每次发的鉴权请求中携带的唯一性验证参数都不同,如果第一接入设备收到了相同的唯一性验证参数,可以拒绝第二接入设备接入,或者进行攻击识别来判断鉴权请求是否被攻击。The interaction between the first access device and the second access device is a plaintext interaction before the data encryption key is officially obtained, so that the third party can easily forge the first access device and the second access device by using packet capture. Inter-communication packets, in order to avoid attacks, can carry unique authentication parameters in the message. The uniqueness verification parameters carried in each authentication request are different. If the first access device receives the same uniqueness verification parameter, the second access device may be denied access, or attack identification may be performed to determine the authentication. Whether the request is attacked.
可选地,上述唯一性验证参数可以包括:随机数,和/或,时间戳。Optionally, the above-mentioned uniqueness verification parameter may include: a random number, and/or a timestamp.
随机数、时间戳在任何时刻都不一样,在鉴权请求中嵌入随机数和/或时间戳,确保了每次发送的唯一性。Random numbers and timestamps are different at any time. Embedding random numbers and/or timestamps in authentication requests ensures the uniqueness of each transmission.
在上述实施例的基础上,可选地,鉴权信息可以包括:预设私钥加密后的约定内容。On the basis of the foregoing embodiment, optionally, the authentication information may include: the preset content encrypted by the preset private key.
相应地,上述第一接入设备根据上述鉴权信息对第二接入设备进行鉴权,可以为:第一接入设备采用预设公钥对鉴权信息进行解密,获取解密后的信息,进而第一接入设备判断解密后的信息与约定内容是否相同。Correspondingly, the first access device performs the authentication on the second access device according to the foregoing authentication information, where the first access device decrypts the authentication information by using a preset public key, and obtains the decrypted information. Then, the first access device determines whether the decrypted information is the same as the agreed content.
需要说明的是,上述公钥和私钥为一对密钥,一个用于加密、另一个用于解密。本实施例中采用私钥进行加密,只有对应的公钥可以解密出其中的内容,如果解密的内容跟预先约定好的一样,那么第一接入设备确定第二接入设备有效,可以接入。It should be noted that the above public key and private key are a pair of keys, one for encryption and the other for decryption. In this embodiment, the private key is used for encryption, and only the corresponding public key can decrypt the content. If the decrypted content is the same as the pre-agreed content, the first access device determines that the second access device is valid and can access. .
可选地,该约定内容包括:鉴权请求中除鉴权信息以外的信息。即鉴权请求中,可以把除了鉴权信息以外的信息统计用私钥加密,携带在鉴权请求中,当第一接入设备采用预设公钥对鉴权信息进行解密后,比较解密出的信息与其他信息是否一致即可,如果一致就鉴权成功,确定第二接入设备有效,可以接入,如果不一致,就鉴权失败,不允许第二接入设备接入。Optionally, the content of the agreement includes: information other than the authentication information in the authentication request. That is, in the authentication request, the information statistics other than the authentication information may be encrypted with the private key and carried in the authentication request. When the first access device decrypts the authentication information by using the preset public key, the information is compared and decrypted. If the information is consistent with other information, if the authentication is successful, the second access device is determined to be valid and can be accessed. If the authentication is inconsistent, the authentication fails, and the second access device is not allowed to access.
图3为本申请一实施例提供的接入设备配对连接方法中鉴权请求结构示意图。图4为本申请另一实施例提供的接入设备配对连接方法中鉴权请求结构示意图。FIG. 3 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure. FIG. 4 is a schematic structural diagram of an authentication request in an access device pairing connection method according to another embodiment of the present disclosure.
可选地,鉴权请求中可以同时包括唯一性验证参数和鉴权信息,第一接入设备收到鉴权请求后既对鉴权信息进行鉴权,也根据唯一性验证参数判断唯一性,在二者都符合时再允许第二接入设备接入网络。Optionally, the authentication request may include the uniqueness verification parameter and the authentication information. After receiving the authentication request, the first access device authenticates the authentication information and determines the uniqueness according to the uniqueness verification parameter. The second access device is allowed to access the network when both are met.
如图3所示,鉴权请求可以包括:第二接入设备的标识信息、唯一性验证参数、自定义文本以及鉴权信息。其中自定义文本是一段预留空间,未来可扩展,本申请不作限制。As shown in FIG. 3, the authentication request may include: identifier information of the second access device, uniqueness verification parameters, custom text, and authentication information. The custom text is a reserved space and can be expanded in the future. This application is not limited.
鉴权信息包括预设私钥加密后的“第二接入设备的标识信息+唯一性验证参数+自定义文本”。为了节约资源,还可以采用哈希算法计算出“第二接入设备的标识信息+唯一性验证参数+自定义文本”的哈希值,鉴权信息包括预设私钥加密后的“第二接入设备的标识信息+唯一性验证参数+自定义文本”的哈希值。The authentication information includes the “identity information of the second access device + uniqueness verification parameter + custom text” after the preset private key is encrypted. In order to save resources, a hash algorithm may be used to calculate a hash value of "identity information of the second access device + uniqueness verification parameter + custom text", and the authentication information includes "second" encrypted by the preset private key. The hash value of the identification information of the access device + uniqueness verification parameter + custom text.
图4以第二接入设备的标识信息为第二接入设备的MAC地址、唯一性验证参数为时间戳为例。鉴权信息可以包括预设私钥加密后的“第二接入设备的MAC地址+时间戳+自定义文本”,或者,鉴权信息可以包括预设私钥加密后的“第二接入设备的MAC地址+时间戳+自定义文本”哈希值,本申请不作限制。4 is an example in which the identifier information of the second access device is the MAC address of the second access device, and the uniqueness verification parameter is a timestamp. The authentication information may include the “MAC address of the second access device + time stamp + custom text” after the preset private key is encrypted, or the authentication information may include the “second access device” after the preset private key is encrypted. MAC address + time stamp + custom text "hash value, this application is not limited.
图5为本申请一实施例提供的接入设备配对连接方法中鉴权请求结构示意图,与上述实施例相对应,第一接入设备也可以作为接入方。需要说明的是,第二接入设备与第一接入设备一样,都可以成为接入方或请求接入方。FIG. 5 is a schematic structural diagram of an authentication request in an access device pairing connection method according to an embodiment of the present disclosure. Corresponding to the foregoing embodiment, the first access device may also serve as an accessing party. It should be noted that the second access device, like the first access device, can be the access party or the requesting access party.
如图5所示,该方法包括:As shown in FIG. 5, the method includes:
S501、第一接入设备检测到第二接入设备后向第二接入设备发送鉴权请求,该鉴权请求包括:第一接入设备的标识信息、以及鉴权信息。S501. After detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information.
第一接入设备的标识信息可以是第一接入设备的MAC地址、第一接入设备的序列号等,在此不作限制。The identifier of the first access device may be the MAC address of the first access device, the serial number of the first access device, and the like, which are not limited herein.
第一接入设备在信号覆盖范围内检测到第二接入设备后,可以自动向第二接入设备发送鉴权请求,无需人为触发操作。After detecting the second access device in the signal coverage, the first access device may automatically send an authentication request to the second access device, without manual triggering operation.
S502、第一接入设备接收第二接入设备根据第一接入设备的标识信息发送的鉴权响应。该鉴权响应用于指示该第二接入设备根据鉴权信息鉴权成功。S502. The first access device receives an authentication response that is sent by the second access device according to the identifier information of the first access device. The authentication response is used to indicate that the second access device successfully authenticates according to the authentication information.
S503、第一接入设备向第二接入设备发送网络接入请求。S503. The first access device sends a network access request to the second access device.
S504、第一接入设备接收第二接入设备发送的接入响应,根据该接入响应完成网络连接。S504. The first access device receives an access response sent by the second access device, and completes the network connection according to the access response.
进一步地,第二接入设备对第一接入设备鉴权通过后,确认了第一接入设备的有效性,并向第一接入设备发送鉴权响应。之后双方就可以进入接入过程,例如接入过程可以采用WPS认证流程来完成认证以接入,本申请不作限制。具体地,第一接入设备和第二接入设备通过密钥交换安全获取账号并完成网络接入。Further, after the second access device authenticates the first access device, the validity of the first access device is confirmed, and the authentication response is sent to the first access device. Then, the two parties can enter the access process. For example, the access process can use the WPS authentication process to complete the authentication to access. This application does not limit the application. Specifically, the first access device and the second access device securely acquire an account through key exchange and complete network access.
本实施例中,第一接入设备检测到第二接入设备后,向第二接入设备发送鉴权请求,该鉴权请求包括:第一接入设备的标识信息、以及鉴权信息,第二接入设备鉴权成功后向第一接入设备发送鉴权响应,进而第一接入设备向第二接入设备发送网络接入请求,并在收到第二接入设备发送的接入响应后,根据该接入响应完成网络连接。实现了整个鉴权及接入网过程由第一接入设备和第二接入设备交互信息完成,无需人为参与,提高了接入效率和用户体验。In this embodiment, after detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information, After the second access device successfully authenticates, the first access device sends an authentication response to the first access device, and then the first access device sends a network access request to the second access device, and receives the connection sent by the second access device. After the response is received, the network connection is completed according to the access response. The entire authentication and access network process is completed by the interaction information between the first access device and the second access device, and no human intervention is required, thereby improving access efficiency and user experience.
与前述实施例类似地,鉴权请求还可以包括:唯一性验证参数。唯一性验证参数可以是随机数,和/或,时间戳。Similar to the foregoing embodiment, the authentication request may further include: a uniqueness verification parameter. The uniqueness verification parameter can be a random number, and/or a timestamp.
第二接入设备收到鉴权请求后还根据唯一性参数验证上述鉴权请求的唯一性。每次发的鉴权请求中携带的唯一性验证参数都不同,如果第二接入设备收到了相同的唯一性验证参数,可以拒绝第一接入设备接入,或者进行攻击识别来判断鉴权请求是否被攻击。After receiving the authentication request, the second access device further verifies the uniqueness of the foregoing authentication request according to the uniqueness parameter. The uniqueness verification parameters carried in each authentication request are different. If the second access device receives the same uniqueness verification parameter, the first access device may be denied access, or attack identification may be performed to determine the authentication. Whether the request is attacked.
可选地,鉴权信息包括:预设私钥加密后的约定内容。该约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。可参见图3、图4所示。Optionally, the authentication information includes: an agreed content that is encrypted by the preset private key. The agreement content includes: information other than the authentication information in the authentication request. See Figure 3 and Figure 4.
本实施例具体实施方式与图2-图4所示实施例类似,可参见前述实施例,在此不再赘述。The specific embodiment of the present embodiment is similar to the embodiment shown in FIG. 2 to FIG. 4, and the foregoing embodiments may be referred to, and details are not described herein again.
图6为本申请一实施例提供的接入设备结构示意图,如图6所示,该设备包括:接收模块601、鉴权模块602以及发送模块603,其中:FIG. 6 is a schematic structural diagram of an access device according to an embodiment of the present disclosure. As shown in FIG. 6, the device includes: a receiving module 601, an authentication module 602, and a sending module 603, where:
接收模块601,用于接收第二接入设备检测到所述第一接入设备后发送的鉴权请求,所述鉴权请求包括:所述第二接入设备的标识信息、以及鉴权信息。The receiving module 601 is configured to receive an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information. .
鉴权模块602,用于根据所述鉴权信息对所述第二接入设备进行鉴权。The authentication module 602 is configured to perform authentication on the second access device according to the authentication information.
发送模块603,用于在鉴权成功后根据第二接入设备的标识信息向所述第二接入设备发送鉴权响应。The sending module 603 is configured to send an authentication response to the second access device according to the identifier information of the second access device after the authentication succeeds.
进一步地,接收模块601,还用于接收所述第二接入设备发送的网络接入请求。发送模块603,还用于向所述第二接入设备发送接入响应。Further, the receiving module 601 is further configured to receive a network access request sent by the second access device. The sending module 603 is further configured to send an access response to the second access device.
一种可能的实施方式中,所述鉴权请求还包括:唯一性验证参数。相应地,鉴权模块602,还用于根据所述唯一性参数验证所述鉴权请求的唯一性。In a possible implementation manner, the authentication request further includes: a uniqueness verification parameter. Correspondingly, the authentication module 602 is further configured to verify the uniqueness of the authentication request according to the uniqueness parameter.
可选地,所述唯一性验证参数包括:随机数,和/或,时间戳。Optionally, the uniqueness verification parameter includes: a random number, and/or a timestamp.
又一种可能的实施方式中,所述鉴权信息包括:预设私钥加密后的约定内容。In another possible implementation manner, the authentication information includes: an agreed content that is encrypted by a preset private key.
相应地,鉴权模块602,具体用于采用预设公钥对所述鉴权信息进行解密,获取解密后的信息;判断所述解密后的信息与所述约定内容是否相同。Correspondingly, the authentication module 602 is specifically configured to decrypt the authentication information by using a preset public key to obtain the decrypted information, and determine whether the decrypted information is identical to the agreed content.
可选地,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。Optionally, the agreed content includes: information other than the authentication information in the authentication request.
图7为本申请另一实施例提供的接入设备结构示意图,如图7所示,该设备包括:发送模块701和接收模块702,其中:FIG. 7 is a schematic structural diagram of an access device according to another embodiment of the present disclosure. As shown in FIG. 7, the device includes: a sending module 701 and a receiving module 702, where:
发送模块701,用于在检测到第二接入设备后,向所述第二接入设备发送鉴权请求,所述鉴权请求包括:所述第一接入设备的标识信息、以及鉴权信息。The sending module 701 is configured to send an authentication request to the second access device after detecting the second access device, where the authentication request includes: identifier information of the first access device, and authentication information.
接收模块702,用于接收所述第二接入设备根据第一接入设备的标识信息发送的鉴权响应,所述鉴权响应用于指示所述第二接入设备根据所述鉴权信息鉴权成功。The receiving module 702 is configured to receive an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the authentication information. The authentication was successful.
发送模块701,还用于向所述第二接入设备发送网络接入请求。The sending module 701 is further configured to send a network access request to the second access device.
接收模块702,还用于接收所述第二接入设备发送的接入响应,根据所述接入响应完成网络连接。The receiving module 702 is further configured to receive an access response sent by the second access device, and complete a network connection according to the access response.
可选地,所述鉴权请求还包括:唯一性验证参数。Optionally, the authentication request further includes: a uniqueness verification parameter.
一种可能的实施方式中,唯一性验证参数包括:随机数,和/或,时间戳。In a possible implementation manner, the uniqueness verification parameter includes: a random number, and/or a timestamp.
又一种实施方式中,所述鉴权信息包括:预设私钥加密后的约定内容。In still another implementation manner, the authentication information includes: an agreed content after the preset private key is encrypted.
可选地,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。Optionally, the agreed content includes: information other than the authentication information in the authentication request.
上述设备用于执行前述方法实施例,其实现原理和技术效果类似,在此不再赘述。The foregoing device is used to perform the foregoing method embodiments, and the implementation principle and technical effects are similar, and details are not described herein again.
需要说明的是,应理解以上设备的各个模块的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。且这些模块可以全部以软件通过处理元件调用的形式实现;也可以全部以硬件的形式实现;还可以部分模块通过处理元件调用软件的形式实现,部分模块通过硬件的形式实现。例如,鉴权模块可以为单独设立的处理元件,也可以集成在上述设备的某一个芯片中实现,此外,也可以以程序代码的形式存储于上述设备的存储器中,由上述设备的某一个处理元件调用并执行以上鉴权模块的功能。其它模块的实现与之类似。此外这些模块全部或部分可以集成在一起,也可以独立实现。这里所述的处理元件可以是一种集成电路,具有信号的处理能力。在实现过程中,上述方法的各步骤或以上各个模块可以通过处理器元件中的硬件的集成逻辑电路或者软件形式的指令完成。It should be noted that the division of each module of the above device is only a division of a logical function, and the actual implementation may be integrated into one physical entity in whole or in part, or may be physically separated. And these modules can all be implemented by software in the form of processing component calls; or all of them can be implemented in hardware form; some modules can be realized by processing component calling software, and some modules are realized by hardware. For example, the authentication module may be a separately set processing element, or may be integrated in one of the above-mentioned devices, or may be stored in the memory of the above device in the form of program code, and processed by one of the devices. The component invokes and executes the functions of the above authentication module. The implementation of other modules is similar. In addition, all or part of these modules can be integrated or implemented independently. The processing elements described herein can be an integrated circuit that has signal processing capabilities. In the implementation process, each step of the above method or each of the above modules may be completed by an integrated logic circuit of hardware in the processor element or an instruction in a form of software.
例如,以上这些模块可以是被配置成实施以上方法的一个或多个集成电路,例如:一个或多个特定集成电路(Application Specific Integrated Circuit,ASIC),或,一个或多个微处理器(Digital Signal Processor,DSP),或,一个或者多个现场可编程门阵列(Field Programmable Gate Array,FPGA)等。再如,当以上某个模块通过处理元件调度程序代码的形式实现时,该处理元件可以是通用处理器,例如中央处理器For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (Digital) Signal Processor, DSP), or one or more Field Programmable Gate Arrays (FPGAs). As another example, when one of the above modules is implemented in the form of a processing component scheduler code, the processing component can be a general purpose processor, such as a central processing unit.
(Central Processing Unit,CPU)或其它可以调用程序代码的处理器。再如,这些模块 可以集成在一起,以片上系统(system-on-a-chip,SOC)的形式实现。(Central Processing Unit, CPU) or other processor that can call program code. As another example, these modules can be integrated and implemented in the form of a system-on-a-chip (SOC).
图8为本申请再一实施例提供的接入设备结构示意图,如图8所示,该设备包括:存储器10和处理器11。FIG. 8 is a schematic structural diagram of an access device according to another embodiment of the present disclosure. As shown in FIG. 8, the device includes: a memory 10 and a processor 11.
存储器10可以是独立的物理单元,与处理器11可以通过总线连接。存储器10、处理器11也可以集成在一起,通过硬件实现等。The memory 10 can be a separate physical unit and can be connected to the processor 11 via a bus. The memory 10 and the processor 11 can also be integrated together, implemented by hardware or the like.
存储器10用于存储实现以上方法实施例,或者图6-图7所示实施例各个模块的程序,处理器11调用该程序,执行以上方法实施例的操作。The memory 10 is configured to store a program for implementing the above method embodiments, or the modules of the embodiments shown in FIG. 6 to FIG. 7, and the processor 11 calls the program to perform the operations of the above method embodiments.
可选地,当上述实施例的接入设备配对连接方法中的部分或全部通过软件实现时,接入设备也可以只包括处理器。用于存储程序的存储器位于接入设备之外,处理器通过电路/电线与存储器连接,用于读取并执行存储器中存储的程序。Optionally, when part or all of the access device pairing connection method of the foregoing embodiment is implemented by software, the access device may also include only the processor. The memory for storing the program is located outside the access device, and the processor is connected to the memory through the circuit/wire for reading and executing the program stored in the memory.
处理器可以是中央处理器(Central Processing Unit,CPU),网络处理器(Network Processor,NP)或者CPU和NP的组合。The processor may be a Central Processing Unit (CPU), a Network Processor (NP) or a combination of a CPU and an NP.
处理器还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(Application-specific Integrated Circuit,ASIC),可编程逻辑器件(Programmable Logic Device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(Complex Programmable Logic Device,CPLD),现场可编程逻辑门阵列(Field-programmable Gate Array,FPGA),通用阵列逻辑(Generic Array Logic,GAL)或其任意组合。The processor may further include a hardware chip. The hardware chip may be an Application-specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field-Programmable Gate Array (FPGA), a Generic Array Logic (GAL), or any combination thereof.
存储器可以包括易失性存储器(volatile memory),例如随机存取存储器(Random-Access Memory,RAM);存储器也可以包括非易失性存储器(non-volatile memory),例如快闪存储器(flash memory),硬盘(Hard Disk Drive,HDD)或固态硬盘(Solid-State Drive,SSD);存储器还可以包括上述种类的存储器的组合。The memory may include a volatile memory such as a random access memory (RAM); the memory may also include a non-volatile memory such as a flash memory. A hard disk drive (HDD) or a solid state drive (SSD); the memory may also include a combination of the above types of memories.
本申请实施例还提供了一种计算机存储介质,存储有计算机程序,该计算机程序用于执行上述实施例提供的接入设备配对连接方法。The embodiment of the present application further provides a computer storage medium, which is stored with a computer program, which is used to perform the access device pairing connection method provided by the foregoing embodiment.
本申请实施例还提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述实施例提供的接入设备配对连接方法。The embodiment of the present application further provides a computer program product including instructions, which when executed on a computer, causes the computer to perform the access device pairing connection method provided by the foregoing embodiment.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware. Moreover, the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定 方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Claims (20)

  1. 一种接入设备配对连接方法,其特征在于,包括:An access device pairing connection method, comprising:
    第一接入设备接收第二接入设备检测到所述第一接入设备后发送的鉴权请求,所述鉴权请求包括:所述第二接入设备的标识信息、以及鉴权信息;The first access device receives an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information;
    所述第一接入设备根据所述鉴权信息对所述第二接入设备进行鉴权;The first access device performs authentication on the second access device according to the authentication information;
    所述第一接入设备在鉴权成功后根据所述第二接入设备的标识信息向所述第二接入设备发送鉴权响应;After the authentication succeeds, the first access device sends an authentication response to the second access device according to the identifier information of the second access device;
    所述第一接入设备接收所述第二接入设备发送的网络接入请求;Receiving, by the first access device, a network access request sent by the second access device;
    所述第一接入设备向所述第二接入设备发送接入响应。The first access device sends an access response to the second access device.
  2. 根据权利要求1所述的方法,其特征在于,所述鉴权请求还包括:唯一性验证参数;The method according to claim 1, wherein the authentication request further comprises: a uniqueness verification parameter;
    所述方法还包括:The method further includes:
    所述第一接入设备根据所述唯一性参数验证所述鉴权请求的唯一性。The first access device verifies the uniqueness of the authentication request according to the uniqueness parameter.
  3. 根据权利要求2所述的方法,其特征在于,所述唯一性验证参数包括:随机数,和/或,时间戳。The method of claim 2, wherein the uniqueness verification parameter comprises: a random number, and/or a timestamp.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述鉴权信息包括:预设私钥加密后的约定内容;The method according to any one of claims 1-3, wherein the authentication information comprises: an agreed content encrypted by a preset private key;
    所述第一接入设备根据所述鉴权信息对所述第二接入设备进行鉴权,包括:The first access device performs authentication on the second access device according to the authentication information, including:
    所述第一接入设备采用预设公钥对所述鉴权信息进行解密,获取解密后的信息;The first access device decrypts the authentication information by using a preset public key, and obtains the decrypted information;
    所述第一接入设备判断所述解密后的信息与所述约定内容是否相同。The first access device determines whether the decrypted information is the same as the agreed content.
  5. 根据权利要求4所述的方法,其特征在于,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。The method according to claim 4, wherein the agreed content comprises: information other than the authentication information in the authentication request.
  6. 一种接入设备配对连接方法,其特征在于,包括:An access device pairing connection method, comprising:
    第一接入设备检测到第二接入设备后,向所述第二接入设备发送鉴权请求,所述鉴权请求包括:所述第一接入设备的标识信息、以及鉴权信息;After detecting the second access device, the first access device sends an authentication request to the second access device, where the authentication request includes: identifier information of the first access device, and authentication information;
    所述第一接入设备接收所述第二接入设备根据所述第一接入设备的标识信息发送的鉴权响应,所述鉴权响应用于指示所述第二接入设备根据所述鉴权信息鉴权成功;The first access device receives an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the Successful authentication of authentication information;
    所述第一接入设备向所述第二接入设备发送网络接入请求;The first access device sends a network access request to the second access device;
    所述第一接入设备接收所述第二接入设备发送的接入响应,根据所述接入响应完成网络连接。The first access device receives an access response sent by the second access device, and completes a network connection according to the access response.
  7. 根据权利要求6所述的方法,其特征在于,所述鉴权请求还包括:唯一性验证参数。The method according to claim 6, wherein the authentication request further comprises: a uniqueness verification parameter.
  8. 根据权利要求7所述的方法,其特征在于,所述唯一性验证参数包括:随机数,和/或,时间戳。The method of claim 7, wherein the uniqueness verification parameter comprises: a random number, and/or a timestamp.
  9. 根据权利要求6-8任一项所述的方法,其特征在于,所述鉴权信息包括:预设私钥加密后的约定内容。The method according to any one of claims 6-8, wherein the authentication information comprises: an agreed content encrypted by a preset private key.
  10. 根据权利要求9所述的方法,其特征在于,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。The method according to claim 9, wherein the agreed content comprises: information other than the authentication information in the authentication request.
  11. 一种接入设备,其特征在于,包括:An access device, comprising:
    接收模块,用于接收第二接入设备检测到所述第一接入设备后发送的鉴权请求,所述鉴权请求包括:所述第二接入设备的标识信息、以及鉴权信息;a receiving module, configured to receive an authentication request that is sent by the second access device after detecting the first access device, where the authentication request includes: identifier information of the second access device, and authentication information;
    鉴权模块,用于根据所述鉴权信息对所述第二接入设备进行鉴权;An authentication module, configured to authenticate the second access device according to the authentication information;
    发送模块,用于在鉴权成功后根据所述第二接入设备的标识信息向所述第二接入设备发送鉴权响应;a sending module, configured to send an authentication response to the second access device according to the identifier information of the second access device after the authentication succeeds;
    所述接收模块,还用于接收所述第二接入设备发送的网络接入请求;The receiving module is further configured to receive a network access request sent by the second access device;
    所述发送模块,还用于向所述第二接入设备发送接入响应。The sending module is further configured to send an access response to the second access device.
  12. 根据权利要求11所述的接入设备,其特征在于,所述鉴权请求还包括:唯一性验证参数;The access device according to claim 11, wherein the authentication request further comprises: a uniqueness verification parameter;
    所述鉴权模块,还用于根据所述唯一性参数验证所述鉴权请求的唯一性。The authentication module is further configured to verify the uniqueness of the authentication request according to the uniqueness parameter.
  13. 根据权利要求12所述的接入设备,其特征在于,所述唯一性验证参数包括:随机数,和/或,时间戳。The access device according to claim 12, wherein the uniqueness verification parameter comprises: a random number, and/or a timestamp.
  14. 根据权利要求11-13任一项所述的接入设备,其特征在于,所述鉴权信息包括:预设私钥加密后的约定内容;The access device according to any one of claims 11 to 13, wherein the authentication information comprises: an agreed content after the preset private key is encrypted;
    所述鉴权模块,具体用于采用预设公钥对所述鉴权信息进行解密,获取解密后的信息;判断所述解密后的信息与所述约定内容是否相同。The authentication module is specifically configured to decrypt the authentication information by using a preset public key, obtain the decrypted information, and determine whether the decrypted information is the same as the agreed content.
  15. 根据权利要求14所述的接入设备,其特征在于,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。The access device according to claim 14, wherein the agreed content comprises: information other than the authentication information in the authentication request.
  16. 一种接入设备,其特征在于,包括:An access device, comprising:
    发送模块,用于在检测到第二接入设备后,向所述第二接入设备发送鉴权请求,所述鉴权请求包括:所述第一接入设备的标识信息、以及鉴权信息;a sending module, configured to send an authentication request to the second access device after detecting the second access device, where the authentication request includes: identifier information of the first access device, and authentication information ;
    接收模块,用于接收所述第二接入设备根据所述第一接入设备的标识信息发送的鉴权响应,所述鉴权响应用于指示所述第二接入设备根据所述鉴权信息鉴权成功;a receiving module, configured to receive an authentication response that is sent by the second access device according to the identifier information of the first access device, where the authentication response is used to indicate that the second access device is configured according to the authentication Successful information authentication;
    所述发送模块,还用于向所述第二接入设备发送网络接入请求;The sending module is further configured to send a network access request to the second access device;
    所述接收模块,还用于接收所述第二接入设备发送的接入响应,根据所述接入响应完成网络连接。The receiving module is further configured to receive an access response sent by the second access device, and complete a network connection according to the access response.
  17. 根据权利要求16所述的接入设备,其特征在于,所述鉴权请求还包括:唯一性验证参数。The access device according to claim 16, wherein the authentication request further comprises: a uniqueness verification parameter.
  18. 根据权利要求17所述的接入设备,其特征在于,所述唯一性验证参数包括:随机数,和/或,时间戳。The access device according to claim 17, wherein the uniqueness verification parameter comprises: a random number, and/or a timestamp.
  19. 根据权利要求16-18任一项所述的接入设备,其特征在于,所述鉴权信息包括:预设私钥加密后的约定内容。The access device according to any one of claims 16 to 18, wherein the authentication information comprises: an agreed content encrypted by a preset private key.
  20. 根据权利要求19所述的接入设备,其特征在于,所述约定内容包括:所述鉴权请求中除所述鉴权信息以外的信息。The access device according to claim 19, wherein the agreed content comprises: information other than the authentication information in the authentication request.
PCT/CN2018/086305 2017-10-18 2018-05-10 Method for paired connection of access devices, and access devices WO2019076041A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710969501.4A CN109688580A (en) 2017-10-18 2017-10-18 Access device matches connection method and access device
CN201710969501.4 2017-10-18

Publications (1)

Publication Number Publication Date
WO2019076041A1 true WO2019076041A1 (en) 2019-04-25

Family

ID=66174285

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/086305 WO2019076041A1 (en) 2017-10-18 2018-05-10 Method for paired connection of access devices, and access devices

Country Status (2)

Country Link
CN (1) CN109688580A (en)
WO (1) WO2019076041A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621796A (en) * 2009-07-22 2010-01-06 中兴通讯股份有限公司 Method and device for access point automatic alignment in wireless distribution system
CN101645814A (en) * 2008-08-04 2010-02-10 上海华为技术有限公司 Method, equipment and system for enabling access points to access mobile core network
CN102685745A (en) * 2012-04-23 2012-09-19 深圳市江波龙电子有限公司 Wireless access point (AP) equipment authentication method and system
CN104519517A (en) * 2013-09-30 2015-04-15 深圳市群云网络有限公司 Method and system for automatically configuring wireless access points AP in wireless local area networks
US20170265081A1 (en) * 2016-03-14 2017-09-14 Fujitsu Limited Wireless communication device, wireless communication method, and computer readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645814A (en) * 2008-08-04 2010-02-10 上海华为技术有限公司 Method, equipment and system for enabling access points to access mobile core network
CN101621796A (en) * 2009-07-22 2010-01-06 中兴通讯股份有限公司 Method and device for access point automatic alignment in wireless distribution system
CN102685745A (en) * 2012-04-23 2012-09-19 深圳市江波龙电子有限公司 Wireless access point (AP) equipment authentication method and system
CN104519517A (en) * 2013-09-30 2015-04-15 深圳市群云网络有限公司 Method and system for automatically configuring wireless access points AP in wireless local area networks
US20170265081A1 (en) * 2016-03-14 2017-09-14 Fujitsu Limited Wireless communication device, wireless communication method, and computer readable storage medium

Also Published As

Publication number Publication date
CN109688580A (en) 2019-04-26

Similar Documents

Publication Publication Date Title
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
CN113225176B (en) Key acquisition method and device
Shen et al. Secure key establishment for device-to-device communications
US8126145B1 (en) Enhanced association for access points
WO2022111187A1 (en) Terminal authentication method and apparatus, computer device, and storage medium
EP3057351B1 (en) Access method, system, and device of terminal, and computer storage medium
WO2019104124A1 (en) Secure authentication of devices for internet of things
CN105764058B (en) Method, device and system for accessing a network
US11082843B2 (en) Communication method and communications apparatus
WO2023283789A1 (en) Secure communication method and apparatus, terminal device, and network device
CN112514436B (en) Secure authenticated communication between initiator and responder
US9735970B1 (en) Techniques for secure voice communication
KR20180057665A (en) Access method, device and system for user equipment (UE)
WO2017133021A1 (en) Security processing method and relevant device
CN112602290B (en) Identity authentication method and device and readable storage medium
CN110996322B (en) A method for realizing terminal secondary authentication
WO2014127751A1 (en) Wireless terminal configuration method, apparatus and wireless terminal
CN109756324A (en) Cryptographic key negotiation method, terminal and gateway in a kind of Mesh network
WO2020147602A1 (en) Authentication method, apparatus and system
CN115022850A (en) A D2D communication authentication method, device, system, electronic device and medium
CN105340353A (en) Device-to-device communication security
CN108966214A (en) Authentication method, the wireless network safety communication method and device of wireless network
CN107070659B (en) Certification of Base Stations and Headsets
CN113285805B (en) Communication method and device
TW202037110A (en) Method of obtain attacking in wireless communication and electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18868242

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18868242

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载