CN101454767B - Dynamic authentication in secured wireless networks - Google Patents
Dynamic authentication in secured wireless networks Download PDFInfo
- Publication number
- CN101454767B CN101454767B CN200780019389.2A CN200780019389A CN101454767B CN 101454767 B CN101454767 B CN 101454767B CN 200780019389 A CN200780019389 A CN 200780019389A CN 101454767 B CN101454767 B CN 101454767B
- Authority
- CN
- China
- Prior art keywords
- password
- key
- radio interface
- interface equipment
- security key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 claims abstract description 37
- 238000009795 derivation Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 244000025254 Cannabis sativa Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.
Description
The cross reference of related application
The application requires in the U.S. Provisional Patent Application 60/794 that is entitled as " Mechanisms andApparatus to Provide Pre-Shared Key Authentication with DynamicSecret on Wireless Networks " of submission on April 24th, 2006,625 and the right of priority of the U.S. Provisional Patent Application 60/796,845 that is entitled as " Mechanisms and Apparatus for AutomaticWireless Connection Based on Provisioned Configuration " submitted on May 2nd, 2006.The open of these two applications merges to this by reference.
Technical field
The present invention relates in general to information network security.More particularly, the present invention relates to authenticate for the user-friendly low maintainability of safety wireless network.
Background technology
A lot of professional associations it was suggested that the various users that are used for wireless network authenticate and security measures.These professional associations comprise Institute of Electrical and Electric Engineers (IEEE) 802.11 working groups, Wi-Fi Alliance, internet engineering duty group (IETF).Realize these propose usually very complicated, be difficult to safeguard, and need those to realize the concrete people's who proposes technical knowledge.Therefore, because a lot of establishment (for example small company and medium-sized company) lacks expert and/or full-time professional technique support, so they can't dispose such measure.
In the wireless network in early days (for example IEEE 802.11 or Wi-Fi), system realizes security by Wired Equivalent Privacy (WEP).Disposing the WEP system only needs the network manager at access point or access device place definition wep encryption key collection.The user can visit the WEP safety wireless network by the identical wep encryption key collection that has manual configuration in the client computer station (for example laptop devices or mobile device) this user arbitrarily.To use shared wep encryption key collection to come the wireless data communications between client computer station and the access point is encrypted by the cryptographic algorithm of definition.
Although WEP can prevent accidental invader and visit wireless network that WEP can not keep out more serious security attack.For example, by using publicly available software can find wep encryption key at an easy rate.In addition, because all users share same key, so WEP can not the protecting network user avoids attack each other.Because based on these defectives in the security ststem of WEP, the security measures that substitutes so develop.These new measures need wireless network user certified at first in some way usually, and the key derivation collection also is used for wireless traffic encryption then.These authentication measures of having proposed can be divided into two groups usually: Extensible Authentication Protocol (EAP) and wildcard (PSK).
The security measures of EAP group adopts IEEE 802.1x standard usually, and it uses Extensible Authentication Protocol.Security ststem based on EAP makes it possible to authenticate mutually between certificate server and its user.Certificate server can reside in access point, base station or the external unit.Usually, certificate server provides the pairwise master key of deriving, to share between access point and user's client computer station.Pairwise master key can be used for the key derivation collection, and key set can be used for data encryption.
Realization is their complicacy based on the major obstacle of the security ststem of EAP or IEEE 802.1x.Disposing such system needs the advanced techniques expert and the user is continued technical support.For example, a lot of systems based on EAP need be installed to certificate server with security certificates.Really be essential according to the system based on EAP and ask, the client computer station may also need to be authorized to establish certificate update, and/or pre-installs security certificates before can going through to visit wireless network.
It is shared and password that store at client computer station and access point between the two that contrast with it, PSK security ststem are based on client computer station and access point.This password can be long bit stream (phrase that for example reaches a standard, password, sexadecimal string etc.) for example.Be used for also can being used for generating encryption key set to the password that authenticates each other by client computer station and access point.
Major defect based on the system of PSK is, password manually must be input to the client computer station, and shares this password by the All Clients station.In case the password of sharing is known by undelegated personnel, then jeopardizes the security of whole network.This may have problems need providing access to netwoks to the grass hand or have in labour's the tissue of high fluidity.In order to safeguard the security based on the system of PSK, leave tissue or no longer be authorized to accesses network as long as know the people of password, all must change the password on the All Clients station.
Though a lot of measures can be used for guaranteeing wireless network secure, realize in these measures any one all may be very complicated, difficult, and/or need a large amount of the maintenance.Therefore, this area needs improved method and system, and it provides security to user-friendly and easy maintenance for wireless network, and does not need advanced techniques expert and lasting technical support.
Summary of the invention
Example system of the present invention and method are provided in the safety wireless network matches to dynamic password.Generate random cipher for each authenticated.This password is unique to described user, and other user in the network cannot use this password to visit network.In addition, or the binding related with the wave point that belongs to described user with described password, thus other wave point that belongs to other user cannot use this password to visit network.
Each embodiment of the present invention comprises for described dynamic password is carried out method of matching.Generate described password and/or with it with after access profile is related, password is namely related with wave point, perhaps password is related with described wave point afterwards postponing.Some embodiment is by generating executable instruction and disposing wave point visit wireless network and password is related with wave point.Configuration can comprise: any security key of deriving together with the copy of described password, from described password and user's access profile are sent to described wave point with the copy of described executable instruction.Each embodiment of the present invention further comprises: upgrade described key, this need authenticate described wave point before to the connection of described wireless network again allowing described wave point to reconnect to described wireless network or continue it.
Embodiments of the invention comprise the system of dynamic password being matched at safety wireless network.Described system can comprise: password generation module, binding module, password database.Described password is generated by the password generation module, and by binding module with its related with wave point (binding).Described code data library storage about password, with the incidence relation of user profiles, with the information of incidence relation of wave point etc.Some embodiment further comprises: access profile generation module, executable instruction generation module etc.Described access profile generation module generates the access profile that is used for the user.Described executable instruction generation module generates and is used for the configuration wave point so that the executable instruction of visit wireless network.
Certain embodiments of the invention comprise: computer media and instruction, it is used at safety wireless network dynamic password being matched.Some embodiment further comprises: the instruction that is used for the described password of renewal and requires wave point is authenticated again.
Description of drawings
Fig. 1 is the diagram that is used for the Verification System of safety wireless network according to an exemplary embodiment of the present invention.
Fig. 2 is illustrated in the process flow diagram that uses the method for paired password in the safety wireless network.
Fig. 3 is illustrated in the process flow diagram that uses the alternative method of paired password in the safety wireless network.
Fig. 4 is the process flow diagram that is illustrated in the method for safety in utilization key in the safety wireless network.
Embodiment
The present invention includes by using dynamic password in safety wireless network, to use the system and method that user-friendly low maintainability is authenticated.Password is shared between client computer station and access point in pairs.Dynamically generate these passwords at each authenticated, and these passwords are related with user's access profile.These passwords can also be related with the specific client station or the wave point that belong to this user.In certain embodiments of the invention, at the expired time point of password, the user must authenticate again, to continue the visit wireless network.
Fig. 1 is the diagram that is used for the Verification System 100 of safety wireless network 170 according to an exemplary embodiment of the present invention.Certificate server 100 shown in Figure 1 comprises: authentication module 110, access profile generation module 120, password generation module 130, password database 140, binding module 150, executable instruction generation module 160.Certificate server 100 can be used for the security of maintaining network 170.Various client devices (for example wireless stations 180a, laptop computer 180b and mobile device 180c) belong to the potential user of network 170.
The module of indication among the present invention (or application) should be broadly interpreted as the set of the program of carrying out various system level functions, and can dynamically be loaded or be unloaded by hardware and equipment as required.Modular software parts described herein also can be merged into the part of bigger software platform, or are integrated into a part of using specific features.
110 couples of users of authentication module (for example laptop computer 180b) authenticate, and verify whether this user is the user that they claim, otherwise verify whether they are authorized to accesses network 170.Authentication module 110 can be used for the user name and password that the checking user provides.Can by with authentication database in the user name and password stored compare to verify that authentication database can be independent of authentication module 110, perhaps be integrated into authentication module 110.In certain embodiments, authentication database can be integrated with password database 140 as described below.In case authenticated by authentication module 110, the user just can based on by network manager definition and security clearance rank that can further be subjected to the user of paired password or key derivation control, the role of user in tissue parameter network 170 in visit data and carry out and move.
Access profile generation module 120 generates access profile at the user that authentication module 110 authenticates.User access profile can comprise at random password and executable instruction in pairs at least, further describes at this.Access profile may further include the information about the user, for example authentication information, security information, consumer taste etc.For accesses network 170, the user is with user access profile copy, download or be sent to user's client devices (for example laptop computer 180b) in addition.Can obtain access profile safely by utilizing the public web browser based on the HTML (Hypertext Markup Language) (HTTPS) of Secure Socket Layer (SSL).Executable instruction disposes wireless device automatically, thereby they can visit wireless network 170.
Password generation module 130 generates the random cipher that is used for each user.Can use various algorithms and formula to generate password randomly by password generation module 130.By random cipher is provided, password generation module 130 has increased to the potential intruder deduces or definite difficulty of also illegally obtaining the visit of network 170 specific cryptosystem.Password generation module 130 further is configured to: determine that each password is unique to each user, thereby each password can only be used by a user.Password can boundly be the part of access profile.Password will make wireless device can visit wireless network 170 for wireless device is authenticated.In certain embodiments, password generation module 130 can be derived one or more security keys for the user from specific cryptosystem.Be similar to password, security key can with wireless device association, and be used for the configuration wave point, thereby it can visit wireless network 170.Be similar to password equally, do not have other wireless device can use these same security keys to visit network 170 thereafter.
Password database 140 is stored the information about the various passwords that generated by password generation module 130.Password database 140 can also be stored the information about following aspect: if which user and specific cryptosystem, any security key of deriving from password are related any wireless device arranged, then which wireless device and user's password or security key are related etc.Password database 140 can further be stored the information about user name, password, safety approval rank etc.Password database 140 can be operated in conjunction with authentication module 110, with to the user and belong to this user the interface of network 170 is authenticated.
Binding module 150 is configured to: with user's cryptographic association (binding) to the radio interface equipment that belongs to this user (for example workstation 180a, laptop computer 180b or mobile device 180c).For wave point, require the incidence relation between the password that formed by binding module 150 and user's the radio interface equipment is authenticated and allow to visit wireless network 170.In some cases, generate and/or with after access profile is related, binding module 150 is associated with user cipher user's radio interface equipment (if the user is just using radio interface equipment) immediately or distributes to the profile of this interfacing equipment at password.At once the operation of binding module 150 can be called as quick binding.Perhaps, the operation of binding module 150 can postpone, and initiates first wireless connections up to the user via wave point, and the MAC Address of user's wireless device can be determined.The delay operation of binding module 150 can be called as delayed binding.
Executable instruction generation module 160 generates can carry out application, and its configuration is used for the wave point of visit wireless network 170.The executable instruction that is generated by executable instruction generation module 160 can be copied, downloads or be sent in addition the wave point that belongs to the user then.Executable instruction can boundly be the part of access profile.Executable instruction will be installed to wireless device by the access profile of access profile generation module 120 generations and the password that is generated by password generation module 130.Further disclose the generation of this executable instruction and aforementioned access profile in U.S. Provisional Patent Application 60/796,845, the disclosure had before merged to this by reference.
Network 170 can be configured to: send various electromagnetic waves (comprising for example radio signal).Network 170 can be IEEE 802.11 (Wi-Fi or WLAN) network, IEEE 802.16 (WiMax) network, IEEE 802.16c network etc.Network 170 can send various information to interfacing equipment (for example client interface 180a-180c).Network 170 can be local private network, perhaps can be the part of bigger wide area network.Various auxiliary networks can reside in the field than macroreticular 170 (for example peer-to-peer network or wireless mesh network).
Client interface 180a-180c illustrates the various interfaces that wireless capability is arranged, and comprises desktop PC, laptop computer, handheld computer etc.Expectation for example can be carried out this operation in the following manner by the user of wave point 180a visit wireless network 170: the user's that will be generated by access profile generation module 120 access profile, the password and the installation executable instruction copy that is generated by executable instruction generation module 160 that are generated by password generation module 130, download or be sent in addition wave point 180a.As the part of whole authentication operation, executable instruction configuration wave point 180a makes wave point 180a can use access profile and paired password to visit wireless network 170.Can dispose wave point 180b and wave point 180c with similar manner.
Can be periodically or upgrade user's password in response to network manager's request.Can generate the new password that is used for the user by password generation module 130, this password is related with user's access profile, and is saved to password database 140.If previous password is expired, then must authenticate again wave point.The user must or authenticate immediately again, or authenticates again when next wireless connections.Wireless device is authenticated again and can comprise: the user is authenticated again, transmit the copy of user's new password, access profile and/or new executable instruction, and use binding module 140, form the new incidence relation between wave point and the new password.
Fig. 2 is illustrated in the process flow diagram that uses the method 200 of paired password in the safety wireless network 170.In method 200, the user is authenticated, generate at random and unique paired password at the user, password is related with the access profile that belongs to the user, and it is password is further related with the wave point that belongs to this user, and further related with particular access profile.
In step 210, utilize 110 couples of users of authentication module to authenticate.Initial authentication can comprise: provide the user name and password of user ID for the specific user.This user can be authorized to accesses network 170, perhaps can not be authorized to accesses network 170, as determining with respect to paired password.If can not authenticate the user by simple user name and password match (perhaps follow-up about paired password), then can not allow the user to visit wireless network 170.
In step 220, generate password at the interim user who authenticated.Can determine the password that generated by password generation module 130 by various algorithms and formula, thereby be user's generation of authenticate password of generation at random.In addition, in network 170, password is unique for each user.Password provides each user of protection to avoid all other users' interference in the network 170 for each user's uniqueness.Because each user has unique password that is tied to this specific user (or their profile and/or interfacing equipment), so this user can't use another user's password.In addition, when no longer authorizing the specific user to use network 170, user's releasing mandate is not influenced the ability that other user continues to use network 170, as the situation in a lot of prior art internet security solutions.Further, specific user's releasing mandate is come the security of maintaining network 170 without any need for particular technology expert or technical support.In addition, in step 220, can generate the out of Memory entity (for example certificate of authority) related with wireless authentication mechanism.
In step 230, will be related with this user's access profile for the password that authenticated generates, it can also be further and the special interface device association.Information about the incidence relation between password and the user access profile can be kept in the password database 150.
In step 240, this password with belong to the wave point of this authenticated, their profile and/or device association (binding).This incidence relation can be formed by binding module 140, and allows radio interface equipment visit wireless network 170.Described incidence relation or binding can comprise: download access profile, the in pairs security key of password and related derivation, and executable instruction, and to be used for the configuration radio interface equipment and with itself and cryptographic association.Can be by password is related and password and wave point is related with the particular radio of wave point, MAC Address of wave point etc.Information about the incidence relation between paired password and the wave point can be kept in the password database 150.
Fig. 3 is the process flow diagram that is illustrated in the alternative method that accesses to your password in the safety wireless network 170.In described method 300, as generable by initial username and password verification process, the user is authenticated, generate access profile, and generate password.If known wave point is connected to network 170, then this wave point and cryptographic association (binding).If current do not have known wave point to be connected to network 170, then can preserve not related password, and can be after a while that it is related with wave point.
In step 310,110 couples of users authenticate by authentication module.Can carry out this authentication by the mode similar to the authentication operation of in step 210, carrying out.
In step 320, generate access profile at authenticated.The access profile that is generated by access profile generation module 120 can be used for the wave point that configuration belongs to the user, makes that they can accesses network 170.
In step 330, generate password at the user.Can carry out the generation of password by the mode similar to the step 220 of Fig. 2.
In step 340, determine whether current network connects is by known wave point.Thisly determine to be based on authentication information, user's input etc.
In step 350, determine that (for example) connection is not to have had under the situation of the known wireless interface of bound secret, the password that generates recently is saved in the table.This table can be included in the password database 150.Under following situation, password can be saved in the described table for using after a while: the user is not using wave point, this wave point is not the expectation interface that will use in many wave points (radio) equipment, the user is not using user's self radio interface, and perhaps the user does not prepare wave point and cryptographic association..
In step 360, being confirmed as when this connection is not have bound secret, have expired password or need under the situation of known wireless interface of bound secret, with password and wave point binding.Can form this incidence relation by the mode similar to the incidence relation that in step 240, forms.
Fig. 4 is the process flow diagram that is illustrated in the method 400 of safety in utilization key in the safety wireless network 170.In the method, receive authentication request from wave point, determine then security key whether with interface conjunctionn, if related, determine then whether this security key effective.If security key is effective, then wave point is by success identity.If security key is invalid, then refuse authentication request.If with the security key of interface conjunctionn, then do not determine whether any not related security key at the user.If there is not related security key, then obtain next not related security key, determine then whether security key is effective.If security key is invalid, then determine whether to exist not related security key arbitrarily again.If do not stay not related security key, then refuse authentication request.If exist available not related security key and its effective, then security key be tied to interface, and successfully authenticated wave point.
In step 410, receive the authentication request from the wave point that belongs to the user.At security key expired wave point, wave point of being terminated at connection etc., when wave point when being new for network 170, can produce this request.
In step 420, determine whether to exist the security key related with wave point.Can determine according to the information in the wave point authentication processing.If there is related security key, then this method enters step 430.If there is no related security key, then this method enters step 440.
In step 430, determining under the security key situation related with wave point, determine and then whether this security key is effective.By comparing to determine from the security key information of authentication request and the security key in the password database 150.
In step 440, under the situation of not related with wireless network 170 security key, determine whether to be useful on any not related security key of user.Can be based on determining from the information of authentication request, security key information related with the user access profile of preservation in the password database 150 etc.If there is available not related security key, then this method enters step 450.If there is no available not related security key, then this method enters step 490.
In step 450, exist under the situation of available not related security key determining, obtain next not related security key.The security key that all are not related is saved in table, as described in the step 350.In certain embodiments, described table is included in the password database 150.In step 450, consider next the available not related security key from this table.
In step 460, determine whether the security key under considering is effective.Whether security key is effectively determined and is carried out really phasing in step 430 seemingly.If security key is invalid, then this method is returned step 440.If security key is effective, then this method enters step 470.
In step 470, security key is tied to wave point.Be similarly constructed described binding or incidence relation with the incidence relation that in step 240 and 360, forms.
In step 480, the authentication of the wave point that is undertaken by security key is successful.In certain embodiments, this method can continue further authenticating step.For example, in step 500, can determine whether relevant security key is expired.If key is expired, the then processing that can produce key again in step 520 beginning.Yet at interim, the user may stand limited visit or without any visit.In certain embodiments, when the user had limited access rights or do not have access rights, the processing that produces key again can be the part of different disposal.Yet in step 510, if key is still effective, the user can enjoy whole service access.Yet, wave point is authenticated permission wave point visit wireless network 170.
In step 490, the refusal authentication request.Do not allow wave point visit wireless network 170, perhaps, if there is existing connection, then can stop this connection.
Though described the present invention in conjunction with a series of preferred embodiments, these descriptions are not to be intended to limit the scope of the present invention to the particular form of setting forth at this.On the contrary, this invention is intended to cover by claims limited and other the spirit and scope of the present invention understood by one of ordinary skill in the art in included these replacements, modification and equivalent.
Claims (10)
1. one kind is carried out method of matching to security key in safety wireless network, and described method comprises:
Receive authentication request from radio interface equipment, described authentication request is relevant with the visit to described safety wireless network;
After authentication success, generate the random cipher unique to authenticated, wherein, described password is related with the access profile that belongs to described authenticated;
Derive one or more security key from described password;
Upgrade not related security key table with the described one or more security key that derive from described password;
From described not related security key table, obtain the effective and safe key;
Described effective and safe key is offered described radio interface equipment, wherein, carry out executable instruction at described radio interface equipment, use described access profile and described effective and safe key to dispose described radio interface equipment to visit described safety wireless network; And
Allow described radio interface equipment to use described effective and safe key to visit described safety wireless network, wherein, use described effective and safe key to be limited to the radio interface equipment that belongs to the user who is identified by described access profile.
2. the method for claim 1, wherein, one or more effective and safe keys are saved in table, and wherein, described table comprises about following information: whether each key, each key be related with radio interface equipment and related for which radio interface equipment of each key and its.
3. after the section renewal of described password taking place the method for claim 1, wherein, thereby upgrades the one or more security key that derive from described password at the fixed time.
4. the method for claim 1, wherein the renewal of described password takes place when the system manager asks, thereby upgrades the one or more security key that derive from described password.
5. as claim 3 or 4 described methods, wherein, when thereby the one or more security key that derives from described password is upgraded in the renewal that described password takes place, stop the wireless connections between described radio interface equipment and the described safety wireless network, and require described radio interface equipment is authenticated again.
6. system of in safety wireless network security key being matched comprises:
Authentication module, it receives authentication request from radio interface equipment, and described authentication request is relevant with the visit to described safety wireless network;
The password generation module, it is after authentication success, the random cipher that generation is unique to authenticated, wherein, described password is related with the access profile that belongs to described authenticated, derive one or more security key from described password, use from described one or more security key of described password derivation and upgrade not related security key table, and from described not related security key table, obtain the effective and safe key; And
Binding module, it offers described radio interface equipment with described effective and safe key, wherein, carries out executable instruction at described radio interface equipment, use described access profile and described effective and safe key to dispose described radio interface equipment to visit described safety wireless network, wherein
Allow described radio interface equipment to use described effective and safe key to visit described safety wireless network, wherein, use described effective and safe key to be limited to the radio interface equipment that belongs to the user who is identified by described access profile.
7. system as claimed in claim 6, wherein, described password generation module further can be carried out for one or more effective and safe keys are saved in table, wherein, described table comprises about following information: whether each key, each key be related with radio interface equipment and related for which radio interface equipment of each key and its.
8. system as claimed in claim 6, wherein, described password generation module further can be carried out for upgrading described password after the section at the fixed time, thereby upgrades the one or more security key that derive from described password.
9. system as claimed in claim 6, wherein, described password generation module further can be carried out for upgrading described password when the system manager asks, thereby upgrades the one or more security key that derive from described password.
10. system as claimed in claim 8 or 9, wherein, when thereby described password generation module upgrades described password and upgrades the one or more security key that derives from described password, stop the wireless connections between described radio interface equipment and the described safety wireless network, and require described radio interface equipment is authenticated again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310291285.4A CN103441984B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in safety wireless network |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US79462506P | 2006-04-24 | 2006-04-24 | |
US60/794,625 | 2006-04-24 | ||
US79684506P | 2006-05-02 | 2006-05-02 | |
US60/796,845 | 2006-05-02 | ||
US11/788,371 US7788703B2 (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
US11/788,371 | 2007-04-18 | ||
PCT/US2007/009503 WO2007127120A2 (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310291285.4A Division CN103441984B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in safety wireless network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101454767A CN101454767A (en) | 2009-06-10 |
CN101454767B true CN101454767B (en) | 2013-08-14 |
Family
ID=40735930
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200780019389.2A Active CN101454767B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
CN2007800190748A Active CN101455063B (en) | 2006-04-24 | 2007-04-23 | Provisioned configuration for automatic wireless connection |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007800190748A Active CN101455063B (en) | 2006-04-24 | 2007-04-23 | Provisioned configuration for automatic wireless connection |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN101454767B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102009029828B4 (en) * | 2009-06-18 | 2011-09-01 | Gigaset Communications Gmbh | DEFAULT encryption |
CN112511558B (en) * | 2020-12-01 | 2023-04-07 | 东方世纪科技股份有限公司 | Electromechanical device measurement and control system based on Internet of things |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1708162A (en) * | 2004-06-04 | 2005-12-14 | 上海环达计算机科技有限公司 | Identification method and system for mobile equipment |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7266369B2 (en) * | 2000-04-04 | 2007-09-04 | Samsung Electronics Co., Ltd. | System and method for provisioning or updating a mobile station using over-the-air transfer of interpreted byte-code program |
CN1759550A (en) * | 2003-03-14 | 2006-04-12 | 汤姆森特许公司 | WLAN session management techniques with secure rekeying and logoff |
-
2007
- 2007-04-18 CN CN200780019389.2A patent/CN101454767B/en active Active
- 2007-04-23 CN CN2007800190748A patent/CN101455063B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1708162A (en) * | 2004-06-04 | 2005-12-14 | 上海环达计算机科技有限公司 | Identification method and system for mobile equipment |
Also Published As
Publication number | Publication date |
---|---|
CN101455063B (en) | 2012-07-25 |
CN101454767A (en) | 2009-06-10 |
CN101455063A (en) | 2009-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103441984B (en) | Dynamic authentication in safety wireless network | |
US9769655B2 (en) | Sharing security keys with headless devices | |
CN1685694B (en) | Session key management for public wireless lan supporitng multiple virtual operators | |
JP3961462B2 (en) | Computer apparatus, wireless LAN system, profile updating method, and program | |
JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
CN100456725C (en) | Network system and method for obtaining the public key certificate for WAPI | |
WO2011017924A1 (en) | Method, system, server, and terminal for authentication in wireless local area network | |
US20070165582A1 (en) | System and method for authenticating a wireless computing device | |
CN102970299A (en) | File safe protection system and method thereof | |
CN101695022B (en) | Management method and device for service quality | |
CN101237325B (en) | Ethernet access authentication method, downlink authentication method and Ethernet device | |
KR101319586B1 (en) | Cloud computing network system and method for authenticating client | |
KR101572598B1 (en) | Secure User Authentication Scheme against Credential Replay Attack | |
JP4574122B2 (en) | Base station and control method thereof | |
CN101454767B (en) | Dynamic authentication in secured wireless networks | |
KR100901279B1 (en) | Wire/Wireless Network Access Authentication Method using Challenge Message based on CHAP and System thereof | |
KR20100053703A (en) | System and method for authenticating a user to public wireless lan service networking of otp client based | |
JP4018584B2 (en) | Wireless connection device authentication method and wireless connection device | |
JP2000224162A (en) | Client authentication method using irreversible function | |
US20040225709A1 (en) | Automatically configuring security system | |
Lee et al. | A secure wireless lan access technique for home network | |
KR100924315B1 (en) | Authentification system of wireless-lan with enhanced security and authentifiaction method thereof | |
CN114793335A (en) | Wireless local area network access method based on password dynamic change |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |