Embodiment
The design concept of the present invention is:Many intelligent hardware devices are (for example, intelligent bulbs, intelligent sound, intelligence at presentAlarm clock etc.) there is the demand of connection network, and operation be present in the existing intelligent hardware devices connection network equipment (wireless router)Inconvenience, the technical problem of security difference, it is necessary to the connection letter of wireless router overseas broadcast hotspot by taking wireless network as an exampleCease (such as service set identifier and password), although the password of broadcast is encrypted according to certain cipher mode, due to encryptionMode is not based on different passwords, but based on fixed AES, as long as causing any listener to be aware of encryption sideFormula, you can crack to obtain the password of hotspot, easily by hacker attacks, potential safety hazard be present.If that is, all intelligenceThe identical hotspot that energy hardware device is all broadcasted using wireless router connects, then security can not ensure.
On the other hand, the embodiments of the invention provide a kind of method for controlling access wireless network, referring to Fig. 1, this method includesFollowing steps:
Step S101, the security information of intelligent hardware devices is obtained,
Presupposed information of the security information for instruction with the unique corresponding interim hotspot of intelligent hardware devices;
Step S102, security information is wirelessly transmitted to the network equipment, built for the network equipment according to the security information receivedThe vertical interim hotspot corresponding to intelligent hardware devices;
Step S103, receive the instruction connection that the network equipment is sent when intelligent hardware devices are connected to interim hotspotSuccessful first message;
Step S104, the network equipment is notified to send out the link information of the formal hotspot of the network equipment according to first messageIntelligent hardware devices are delivered to, are established and formal hotspot after the link information of formal hotspot is received for intelligent hardware devicesConnection,
Wherein, the link information of formal hotspot includes the name identification and encrypted message of formal hotspot.
Understand as shown in Figure 1, the method for the control access wireless network of the present embodiment, due to the security information and intelligence of acquisitionEnergy hardware device uniquely corresponds to, so as to which the interim hotspot of network equipment establishment is also uniquely corresponding with intelligent hardware devices, netNetwork equipment is again by sending the link information of formal hotspot with the interim wireless connection of intelligent hardware devices, so, monitorsEven if person is aware of the information cipher mode of hotspot, but due to the security information of intelligent hardware devices can not be known, and thenThe interim wireless connection with the network equipment can not be established, so as to prevent the password of formal hotspot to be cracked, improves networkThe security of connection.
It should be noted that in practical application, the method shown in Fig. 1 is applied to mobile terminal, and the method shown in Fig. 1Middle step S103 and step S104 can be omitted, i.e. mobile terminal need not notify the network equipment to send formal hotspotInformation, but by the network equipment after intelligent hardware devices are connected to interim hotspot, actively or receive Intelligent hardwareThe link information of formal hotspot is sent to intelligent hardware devices after the request of equipment, without according to the logical of mobile terminalKnow.In addition, mobile terminal can receive the instruction that the network equipment is sent when intelligent hardware devices are connected to interim hotspotThe finger that the first message and/or the reception network equipment of successful connection are sent when intelligent hardware devices are connected to formal hotspotShow the second message of successful connection, set according to the Intelligent hardware that first message or the second message statistics network equipment currently connectIt is standby, and export statistical information.
The network equipment in the present embodiment, refer to those network equipments for supporting wireless network protocol, such as wireless routingDevice.
The method of the control access wireless network of the present embodiment also receives the network equipment and is connected to just in intelligent hardware devicesSecond message of the instruction successful connection sent during formula hotspot;Prompting message is exported according to the second message, reminds user.ThisSample, user can know whether intelligent hardware devices are connected on the network equipment in time.
In order to further improve the security of network connection, in an embodiment of the present invention, the network equipment is being determinedAfter the upper formal hotspot of intelligent hardware devices connection, you can close interim hotspot.From the foregoing it will be appreciated that controlled in the present embodimentThe network equipment processed creates the interim hotspot of unique corresponding intelligent hardware devices, with the network equipment in the prior art for allIntelligent hardware devices broadcast identical hotspot is compared, and improves security.That is, interim hotspot is ensureing security sideThe effect in face is most important, so in order to prevent undesirable person from obtaining the security information of intelligent hardware devices, using interim wirelessFocus connects the network equipment, in the present embodiment, after intelligent hardware devices and the network equipment establish formal wireless connection, that is, controlsThe network equipment processed closes interim hotspot, in this way, even if attacker obtains the security information of intelligent hardware devices, but due toInterim hotspot is turned off, so can not also connect the network equipment and then can not obtain the formal wireless heat of network equipment offerThe information of point.
Explanation is needed exist for, interim hotspot is intelligence of the network equipment (such as wireless router) according to receptionWhat the security information of hardware device was established, and the user that formal hotspot is router is set on interface in wireless routerSet.Typically, formal hotspot is created first, and interim hotspot is created rear, for example, user's indoor location hasWireless router, and formal hotspot is created for the wireless router, including the services set mark of formal hotspot is setKnow the information such as SSID and Crypted password.Subsequently, after user has purchased intelligent hardware devices such as intelligent bulbs, it is desirable to establish intelligenceThe connection of the formal hotspot of energy bulb and wireless router, at this moment first passes through foundation and intelligence according to the method for the present embodimentThe mode of the interim hotspot of bulb sends the information of the formal hotspot of wireless router to intelligent bulbs, then by intelligenceEnergy bulb is connected to wireless router.
In addition, service set SSID (Service Set Identifier) here refers to uniquely to name wireless officeA string of characters of domain net (WLAN), the mark, which allows website to be connected to when multiple separate networks work in same physical region, to be neededThe network wanted.
In the present embodiment, security information is uniquely corresponding with intelligent hardware devices, including instruction creates and corresponds to Intelligent hardwareThe presupposed information of the interim hotspot of equipment;Presupposed information specifically includes (1) transient service set identifier SSID, and (2) take temporarilyBusiness set identifier SSID cipher mode, (3) transient service set identifier SSID channel number, (4) transient service set identifier SSIDCrypted password.
In practical application, each intelligent hardware devices can distribute an independent safety certificate, the safety when dispatching from the factoryAbove- mentioned information (1) to (4) is have recorded on certificate.That is, the safety certificate of each intelligent hardware devices is different.Based on this, netNetwork equipment receives the interim hotspot created after security information and also differed, and corresponding interim hotspot can only be with intelligenceHardware device connects, and can not be connected by other intelligent hardware devices, improves network completeness.
In addition, also include before security information is wirelessly transmitted into the network equipment in the present embodiment:Pass through WPA2-PSKCipher mode security information is encrypted.According to Wi-Fi technology specification, Wi-Fi access protections, there are WPA and WPA2 twoStandard, WPA2 are the WPA second editions, and WPA2 employs safer algorithm.PSK (Pre-Shared key, wildcard mouldFormula, also known as personality frame) it is design to can't afford the cost of 802.1X authentication servers and the family of complexity and small-sizedCorporate networks, each user must input cipher to take network, and talk secretly can be 8 to 63 ascii characters,Or 64 16 bit digitals (256).
By using WPA2-PSK cipher modes, and utilize Advanced Encryption Standard AES (Advanced EncryptionStandard, abbreviation AES) AES is used as, further enhance security.
In view of many intelligent hardware devices in the prior art (such as:Intelligent bulbs, intelligent sound) without display screen etc.Input equipment, or the smaller operation inconvenience of display screen, are connected, user's operation for the wireless network of this kind of intelligent hardware devicesIt is very inconvenient, for example, user inputs the hotspot for inputting wireless router like that without the image of Buddha on the screen of smart mobile phone, enterAnd wireless network is accessed, present inventor expects the method shown in Fig. 1 of the present embodiment being applied to smart mobile phone, orThe mobile terminals such as pad, using the security information of acquisition for mobile terminal intelligent hardware devices, security information is sent to movement eventuallyOn the wireless router for holding wireless connection, wireless router creates interim hotspot again, broadcasts the focus of interim hotspotInformation, i.e. the path using interim hotspot as the link information of the formal hotspot of transmission wireless router, intelligence are hardPart equipment can also obtain the information of the formal hotspot of wireless router even if no screen by monitor channel, so as to send outThe connection request with formal hotspot is played, establishes the connection with formal hotspot, accesses wireless network.From the foregoing, it will be observed that thisThe method of embodiment realizes conveniently accesses wireless network by intelligent hardware devices, improves Consumer's Experience.
Here, the safety that the security information of intelligent hardware devices includes obtaining the intelligent hardware devices of user's input is obtainedInformation, or the coding pattern of the security information of scanning indicating intelligent hardware device obtain the security information of intelligent hardware devices.That is the security information for obtaining intelligent hardware devices includes two ways, a kind of mode is that user directly inputs, and another kind isUtilize the scan function of mobile terminal.Specifically, mobile terminal is provided with the input equipments such as touch-screen, user sets Intelligent hardwareStandby security information is input to mobile terminal, and mobile terminal is wirelessly transmitted to the network equipment.Or mobile terminal has barcode scanning work(Can, using barcode scanning function, the Quick Response Code of the security information of indicating intelligent hardware device intelligent hardware devices is scanned, gets intelligenceThe security information of hardware device.It can need to be selected in practice, acquisition modes are not restricted in the present embodiment.
Furthermore, it is contemplated that user is to the regulatory requirement of the intelligent hardware devices connected on wireless router, the present embodimentThe method of control access wireless network also includes the quantity for the intelligent hardware devices that statistics network equipment currently connects, output statisticsThe list of identification information of value and each intelligent hardware devices currently connected.For example, output " currently attached three Intelligent hardwaresEquipment, it is respectively:Intelligent bracelet 1, intelligent alarm clock 2, intelligent bulbs 3 ".So as to conveniently control and monitor which equipment is integrated intoOn wireless router, facilitate network management.
The embodiment of the present invention additionally provides a kind of method for accessing wireless network, and referring to Fig. 2, this method includes following stepSuddenly:
Step S201, monitoring wireless channel;
Step S202, when listening to the beacon signal of the network equipment, initiate and the interim hotspot of the network equipmentConnection,
Wherein, beacon signal is the network equipment in the security information of acquisition intelligent hardware devices and based in security informationIndicate wide with after intelligent hardware devices uniquely interim hotspot corresponding to the presupposed information foundation of corresponding interim hotspotBroadcast, and beacon signal includes the hot information of interim hotspot;
Step S203, after interim hotspot is connected to, the connection for inquiring about formal hotspot is sent to the network equipmentThe inquiry request of information;The link information of formal hotspot includes the name identification and encrypted message of formal hotspot;
Step S204, receive the link information for the formal hotspot that the network equipment returns and according to formal wireless heatThe link information of point establishes the connection with formal hotspot.
Method shown in Fig. 2 is applied to intelligent hardware devices.
The method of the access wireless network of the present embodiment, the letter that monitoring wireless router is sent by way of drive sweepSignal is marked, the connection with interim hotspot is established according to beacon signal, and obtain just based on the connection with interim hotspotThe link information of formula hotspot, so as to establish the connection with formal hotspot, complete wireless network access.By Intelligent hardwareEquipment is being established with after the connection of the interim hotspot of the network equipment, inquiry request, the network equipment are sent to the network equipmentBy the connecting path based on interim hotspot, by (cipher mode WPA2-PSK, AES are, for example, AES) of encryptionThe link information of formal hotspot is sent to intelligent hardware devices, is avoided the network equipment and is broadcasted the possible quilt of formal hotspotInformation leakage problem caused by hacker eavesdrops and attacked, also, the link information of formal hotspot have passed through encryption,Improve the security of network.
The hardware such as wireless network card are installed, intelligent hardware devices are in foundation and net when actually realizing, in intelligent hardware devicesAfter the connection of the interim hotspot of network equipment, the wireless network card of bottom perceives the change of this connection status, and to intelligenceThe upper level applications of energy hardware device send instruction and are successfully established the notification message being connected, Intelligent hardware with interim hotspotThe upper level applications of equipment with network device communications, send inquiry request, come on the basis of the interim wireless connection of foundationThe link information of the formal hotspot of the network equipment is inquired about, is connected for subsequently being established with the formal hotspot.
Preferably, after the connection with formal hotspot is established, the automatic connection disconnected with interim hotspot.Due toThe cut-in operation that wireless network is completed on formal hotspot is already connected to, can subsequently disconnect the company with interim hotspotConnect, facilitate the network equipment to close interim hotspot, avoid attacker from connecting the network equipment by interim hotspot, improve netNetwork security.
For step S201 monitoring wireless channel, at present, any hardware is linked into wireless network and is required for inside to have classLike the hardware of wireless network card, the institute that wireless network card is completed to communicate with wireless router is functional.Wireless network card has two kinds of Working mouldsFormula, active scan and drive sweep.The purpose of scanning will find a wireless network, be then added in the wireless network.
Active scan (active scanning) be intelligent hardware devices (work station STA) in an active manner, eachProbe Request frames are sent on channel, ask some ad hoc wireless networks to be responded.Active scan is actively to find netNetwork, rather than wait for peacefully the wireless network statement presence of itself.
Drive sweep (passive scanning) is that intelligent hardware devices are listed in channel list (channel list)The each channel channel of instruction (for example, channel number 1-11) between constantly switch, and wait for peacefully Beacon frames (i.e. beacon letterNumber) arrival.During drive sweep, intelligent hardware devices can constantly switch in interchannel, and can record from instituteAny Beacon received information.Beacon is to add some BSS (Basic to allow work station to know in designService Set, Basic Service Set) required for parameter to be communicated.By monitoring from some access pointBeacon frames, intelligent hardware devices drive sweep find out all BSS in the area, and in the security information that can be preserved based on itselfService set SSID establish and the connection of corresponding WAP (that is, hotspot).Drive sweep mode, it is scannedAny signal need not be transmitted in journey, more saves energy consumption.
A kind of method for controlling access wireless network is additionally provided in the embodiment of the present invention, referring to Fig. 3, including following stepSuddenly:
S301, receives the security information of the intelligent hardware devices sent by mobile terminal, and security information is instruction and intelligenceThe presupposed information of interim hotspot corresponding to hardware device is unique;
S302, interim hotspot is established according to the security information received, and broadcast the hot information of interim hotspot;
S303, receive intelligent hardware devices and receive the first connection request initiated after the hot information of interim hotspot,Establish the interim wireless connection with intelligent hardware devices;
S304, the inquiry request that the intelligent hardware devices are sent after the interim hotspot is connected to is received, willThe link information of formal hotspot is wirelessly transmitted to intelligent hardware devices, and receives intelligent hardware devices and receive formally wirelesslyThe second connection request initiated after the link information of focus, establish the formal wireless connection with intelligent hardware devices.
Method shown in Fig. 3 is applied to the network equipment, such as wireless router.The wireless router of the present embodiment receive byThe security information for the intelligent hardware devices that mobile terminal is sent, broadcasts after establishing interim hotspot, is built for intelligent hardware devicesThe vertical connection with interim hotspot, and after being connected with intelligent hardware devices by interim hotspot, send formal nothingThe information of line focus, so as to be connected to for intelligent hardware devices on formal hotspot, realizes wireless network to intelligent hardware devicesNetwork accesses.
Further to improve internet security, method also includes shown in Fig. 3:Passing through formal hotspot and Intelligent hardwareAfter equipment connection, interim hotspot is closed, avoids attacker from establishing the connection with the network equipment by interim hotspot.
Fig. 4 is the interaction figure of the method for the control access wireless network of one embodiment of the invention, referring to Fig. 4, this implementationThe method of the control control access wireless network of example includes tripartite's main body, is mobile terminal, the network equipment and Intelligent hardware respectivelyEquipment.
Specifically, mobile terminal performs step 401:Obtain the security information of intelligent hardware devices;
Acquisition modes are for example foregoing can to include two kinds, and a kind of is the safety letter for the intelligent hardware devices for obtaining user's inputBreath, another way are that the coding pattern (such as Quick Response Code) for the security information for scanning indicating intelligent hardware device obtains Intelligent hardwareThe security information of equipment.
Mobile terminal performs step 402:Transmit wirelessly security information;
That is, mobile terminal, by the wireless connection with the network equipment, safety is believed after security information is obtainedBreath is sent to the network equipment.
The network equipment performs step 403:The interim hotspot according to corresponding to creating security information;
Here security information includes (1) transient service set identifier SSID, (2) transient service set identifier SSID encryption sideFormula, (3) transient service set identifier SSID channel number and (4) transient service set identifier SSID Crypted password.That is, with interimTitles of the service set SSID as interim hotspot, with transient service set identifier SSID cipher mode, transient serviceThe cipher mode of set identifier SSID channel number and transient service set identifier SSID Crypted password as interim hotspot,Channel number and Crypted password.
The network equipment performs step 404:Broadcast interim hotspot;
The purpose of broadcast is in order to which intelligent hardware devices can listen to interim hotspot, and foundation and interim wireless heatThe connection of point.
Intelligent hardware devices perform step 405:Monitoring wireless channel, obtain the hot information of interim hotspot;
Intelligent hardware devices obtain the hot information of interim hotspot in a manner of drive sweep, interim nothing hereThe hot information of line focus includes the name identification of interim hotspot, password, the essential information such as channel number and password.
Intelligent hardware devices perform step 406:Initiate to establish the first connection request with interim hotspot;
Intelligent hardware devices, according to the security information that itself is preserved, initiate first after interim hotspot is listened toConnection request, establish the connection with interim hotspot.
The network equipment performs step 407:Interim wireless connection with intelligent hardware devices is established according to the first connection request;
For example, after the network equipment receives the first connection request, to information (title, the password carried in the first connection requestEtc. information) verified, it is verified the interim wireless connection then established with intelligent hardware devices.
Intelligent hardware devices perform step 408:The inquiry request for the link information for inquiring about formal hotspot is sent,
Intelligent hardware devices send inquiry request after interim hotspot is connected to, to the network equipment, formal to inquire aboutThe link information of hotspot;Here the link information of formal hotspot includes:The name identification of formal hotspot andEncrypted message.
The network equipment performs step 409:The link information of formal hotspot is wirelessly transmitted to intelligent hardware devices;
After the network equipment receives inquiry request, the link information of formal hotspot is passed through based on interim wireless connectionThe path of foundation, sent after encryption to intelligent hardware devices.
Intelligent hardware devices perform step 410:According to the link information of formal hotspot, the second connection request is sent;
Intelligent hardware devices are initiated and formal wireless according to the link information of the formal hotspot of the network equipment of acquisitionThe connection of focus, i.e. send the second connection request.
The network equipment performs step 411:Formal wireless connection with intelligent hardware devices is established according to the second connection request;
For example, after the network equipment receives the second connection request, to information (title, the password carried in the second connection requestEtc. information) verified, it is verified, then establishes the connection of formal hotspot and intelligent hardware devices.
So far, the flow of wireless network access is controlled to be finished.
For convenience to the management and control of the intelligent hardware devices accessed on the network equipment, in the present embodiment
The network equipment also performs step 413:Count the intelligent hardware devices currently connected;
For example, the quantity of statistics intelligent hardware devices.
The network equipment performs step 414:Send statistical information;
The network equipment sends the intelligent hardware devices information of statistics to mobile terminal, for example, the number of intelligent hardware devicesAmount and list, list include the name identification of intelligent hardware devices.
Mobile terminal performs step 415:Export statistical information;
Mobile terminal exports the statistical information received to user, facilitates user to check and manage.
It is corresponding with preceding method, as shown in figure 5, being a kind of hardware structure diagram of the application mobile terminal, except Fig. 5 institutesOutside the processor and memory that show, according to the actual functional capability of the mobile terminal, other hardware can also be included, it is no longer superfluous to thisState.
In Fig. 5, memory:Store machine-executable instruction code.
Processor:With memory communication, the instruction code stored in memory is read and performed, is realized in the applicationState the extraction operation of numeric type index disclosed in example.
Here, memory can be any electronics, magnetic, optics or other physical storage devices, can include or storeInformation, such as executable instruction, data, etc..For example, machinable medium can be:RAM(Radom AccessMemory, random access memory), volatile memory, nonvolatile memory, flash memory, memory driver (such as hard driveDevice), solid state hard disc, any kind of storage dish (such as CD, DVD), either similar storage medium or their groupClose.
Functionally dividing, the mobile terminal shown in Fig. 5 is used to control access wireless network, including:
Acquisition module, obtains the security information of intelligent hardware devices, and security information is unique with intelligent hardware devices to indicateThe presupposed information of corresponding interim hotspot;
Communication module, security information is wirelessly transmitted to the network equipment, built for the network equipment according to the security information receivedThe vertical interim hotspot corresponding to intelligent hardware devices;Receive the network equipment and be connected to interim wireless heat in intelligent hardware devicesThe first message of the instruction successful connection sent during point;
Control module, the network equipment is notified to send out the link information of the formal hotspot of the network equipment according to first messageIntelligent hardware devices are delivered to, are established and formal hotspot after the link information of formal hotspot is received for intelligent hardware devicesConnection, wherein the link information of formal hotspot includes the name identification and encrypted message of formal hotspot.
Present invention also provides a kind of device for controlling access wireless network, applied in the network equipment, including processorAnd machinable medium, machinable medium are stored with the machine-executable instruction that can be executed by processor, placeReason device performs machine-executable instruction and promoted:Realize the method and step of control access wireless network.Functionally divide, the controlThe device of access wireless network includes:
Receiving module, for receiving the security information of the intelligent hardware devices sent by mobile terminal, security information is fingerShow the presupposed information with the unique corresponding interim hotspot of intelligent hardware devices;
Interim hotspot creation module, for establishing interim hotspot according to the security information received, and broadcast and faceWhen hotspot hot information;
Interim wireless connection module, is initiated after the hot information of interim hotspot is received for receiving intelligent hardware devicesThe first connection request, establish and the interim wireless connections of intelligent hardware devices;
Formal wireless connection module, the inquiry sent after interim hotspot is being connected to for receiving intelligent hardware devicesRequest, the link information of formal hotspot is wirelessly transmitted to intelligent hardware devices, and receives intelligent hardware devices and receiveThe second connection request initiated after the link information of formal hotspot, establishes the formal wireless connection with intelligent hardware devices.
In addition, the application provides a kind of device for controlling access wireless network, include applied to intelligent hardware devices:
Module is monitored, for monitoring wireless channel, when listening to the beacon signal of the network equipment, initiation and the network equipmentInterim hotspot connection,
Wherein, beacon signal is the network equipment in the security information of acquisition intelligent hardware devices and based in security informationIndicate wide with after intelligent hardware devices uniquely interim hotspot corresponding to the presupposed information foundation of corresponding interim hotspotBroadcast, and beacon signal includes the information of interim hotspot;
AM access module, for after interim hotspot is connected to, being sent to the network equipment and inquiring about formal hotspotThe inquiry request of link information;The link information of formal hotspot includes the name identification and message in cipher of formal hotspotBreath, receive the link information for the formal hotspot that the network equipment returns and built according to the link information of formal hotspotThe vertical connection with formal hotspot.
In summary, the technical scheme of the control access wireless network of the embodiment of the present invention, facilitates intelligent hardware devices to connectEnter wireless network and provide the user more preferable service, and the foundation of the security information based on each intelligent hardware devices is interim wirelessFocus, established by interim hotspot after interim wireless connection and resettle formal wireless connection, improve internet security, it is excellentConsumer's Experience is changed.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to methodApply the part explanation of example.Device embodiment described above is only schematical, wherein described be used as separating componentThe unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can alsoIt is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to realityNeed to select some or all of module therein to realize the purpose of this embodiment scheme.Those of ordinary skill in the art are notIn the case of paying creative work, you can to understand and implement.
It should be noted that herein, such as first and second or the like relational terms are used merely to a realityBody or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operationIn any this actual relation or order.Term " comprising ", "comprising" or its any other variant are intended to non-rowHis property includes, so that process, method, article or equipment including a series of elements not only include those key elements, andAnd also include the other element being not expressly set out, or also include for this process, method, article or equipment institute inherentlyKey element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including instituteState in process, method, article or the equipment of key element and other identical element also be present.
The foregoing is only a specific embodiment of the invention, under the above-mentioned teaching of the present invention, those skilled in the artOther improvement or deformation can be carried out on the basis of above-described embodiment.It will be understood by those skilled in the art that above-mentioned toolThe purpose of the present invention is simply preferably explained in body description, and protection scope of the present invention is defined by scope of the claims.