技术领域technical field
本发明涉及无线网络安全领域,尤其涉及一种识别接入点合法性的方法、装置和终端。The invention relates to the field of wireless network security, in particular to a method, device and terminal for identifying the legitimacy of an access point.
背景技术Background technique
无线热点,也被称为无线访问接入点(Wireless Access Point,Wireless AP),指在公共场所提供无线局域网接入互联网服务的位置。无线热点通常采用采用无线保真(Wi-Fi,WIreless-FIdelity)技术。A wireless hotspot, also known as a wireless access point (Wireless Access Point, Wireless AP), refers to a location that provides wireless local area network access to the Internet in a public place. The wireless hotspot usually adopts a wireless fidelity (Wi-Fi, WIreless-FIdelity) technology.
随着无线热点的广泛普及,其安全性也逐渐成为重要的话题并受到越来越广泛的关注。特别是近年来通过伪热点窃取他人信息的案件频频发生,给普通用户的个人信息和财产安全造成了威胁。例如,伪热点能够很轻易地伪装成为授权接入点,即能够将自身的特征,例如,物理地址(MAC,Media Access Control)地址或其它设置,发布为授权接入点,从而迷惑普通用户。With the widespread popularity of wireless hotspots, their security has gradually become an important topic and has received more and more attention. Especially in recent years, cases of stealing other people's information through fake hotspots have occurred frequently, posing a threat to the personal information and property security of ordinary users. For example, a fake hotspot can easily pretend to be an authorized access point, that is, it can publish its own characteristics, such as a physical address (MAC, Media Access Control) address or other settings, as an authorized access point, thereby confusing ordinary users.
因此,如何识别接入点的合法性成为亟待解决的问题。Therefore, how to identify the legitimacy of the access point becomes an urgent problem to be solved.
发明内容Contents of the invention
有鉴于此,本发明提供了一种识别伪热点的方法、装置和终端,能够识别接入点合法性。In view of this, the present invention provides a method, device and terminal for identifying false hotspots, which can identify the legitimacy of access points.
为了解决上述技术问题,本发明提供了:In order to solve the above technical problems, the invention provides:
第一方面,本发明提供了一种识别热点合法性的方法,包括:获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。In a first aspect, the present invention provides a method for identifying the legitimacy of a hotspot, including: obtaining a login credential corresponding to an access point, where the login credential is obtained when accessing an access point based on a first access password; The point initiates the first connection based on the login credential, wherein the login credential is used to instruct the access point to authenticate the first connection; after receiving the first authentication result from the access point for the first connection, according to the authentication result, Determine the legitimacy of the access point.
优选地,根据认证结果,确定接入点的合法性,包括:当第一认证结果表明认证失败时,则确定接入点为非法接入点。Preferably, determining the legitimacy of the access point according to the authentication result includes: determining that the access point is an illegal access point when the first authentication result indicates that the authentication fails.
优选地,根据认证结果,确定接入点的合法性,包括:当认证结果表明认证成功时,向接入点发起基于第二接入密码的第二连接,第二接入密码不同于第一接入密码;在接收到来自接入点针对第二连接的第二认证结果后,根据第二认证结果确定接入点的合法性。Preferably, determining the legitimacy of the access point according to the authentication result includes: when the authentication result indicates that the authentication is successful, initiating a second connection to the access point based on a second access password, the second access password being different from the first an access password; after receiving a second authentication result from the access point for the second connection, determine the legitimacy of the access point according to the second authentication result.
优选地,根据第二认证结果确定接入点的合法性,包括:当第二认证结果表明认证成功时,则确定接入点为非法接入点;当第二认证结果表明认证失败时,则确定接入点为合法接入点。Preferably, determining the legitimacy of the access point according to the second authentication result includes: when the second authentication result indicates that the authentication is successful, then determining that the access point is an illegal access point; when the second authentication result indicates that the authentication fails, then Make sure the access point is a legitimate access point.
优选地,方法还包括:接收来自接入点的数据包;计算数据包的类开始时间;判断类开始时间是否小于预存的历史开始时间,历史开始时间为接入点之前发送的历史数据包的类开始时间;如果是,则确定接入点为合法接入点;如果否,则确定接入点为非法接入点。Preferably, the method further includes: receiving a data packet from the access point; calculating the class start time of the data packet; judging whether the class start time is less than a pre-stored historical start time, and the historical start time is the historical data packet sent by the access point before class start time; if yes, determine that the access point is a legitimate access point; if not, determine that the access point is an illegal access point.
优选地,在确定接入点为非法接入点之后,方法还包括:用类开始时间更新历史开始时间。Preferably, after determining that the access point is an illegal access point, the method further includes: updating the history start time with the class start time.
优选地,计算数据包的类开始时间,包括:用数据包的接收时间减去数据包中的时间戳字段的值,得到类开始时间。Preferably, calculating the class start time of the data packet includes: subtracting the value of the timestamp field in the data packet from the receiving time of the data packet to obtain the class start time.
第二方面,本发明提供了一种识别热点合法性的装置,包括:获取模块,用于获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;发起模块,用于向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;确定模块,用于在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。In a second aspect, the present invention provides a device for identifying the legitimacy of a hotspot, including: an acquisition module, configured to obtain a login credential corresponding to an access point, where the login credential is obtained when accessing the access point based on the first access password an initiating module, configured to initiate a first connection based on a login credential to an access point, wherein the login credential is used to instruct the access point to authenticate the first connection; a determination module, configured to After the first authentication result for the first connection is obtained, the legitimacy of the access point is determined according to the authentication result.
第三方面,本发明提供了一种终端,其特征在于,包括:存储器和处理器其中,存储器用于存储一条或多条计算机指令,其中,一条或多条计算机指令被处理器执行以上述识别热点合法性的方法的步骤。In a third aspect, the present invention provides a terminal, which is characterized by including: a memory and a processor, wherein the memory is used to store one or more computer instructions, wherein one or more computer instructions are executed by the processor to identify Steps in a method of hotspot legality.
第四方面,本发明提供了一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现上述识别热点合法性的方法的步骤。In a fourth aspect, the present invention provides a computer-readable storage medium on which a computer program is stored, which is characterized in that, when the program is executed by a processor, the steps of the above-mentioned method for identifying hotspot legality are implemented.
本发明实施例所提供的识别接入点合法性的方法、装置及终端。首先,获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;其次,向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;最后,在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。如此,能够对所连接的接入点的合法性进行识别,从而防止终端用户连接到非法接入点上,避免了用户的个人信息的泄露,保障了用户信息安全。The method, device and terminal for identifying the legitimacy of an access point provided by the embodiments of the present invention. Firstly, obtain the login credential corresponding to the access point, and the login credential is obtained when accessing the access point based on the first access password; secondly, initiate a first connection based on the login credential to the access point, wherein the login credential uses Instructing the access point to authenticate the first connection; finally, after receiving the first authentication result for the first connection from the access point, determine the legitimacy of the access point according to the authentication result. In this way, the legitimacy of the connected access point can be identified, thereby preventing the end user from connecting to an illegal access point, avoiding leakage of the user's personal information, and ensuring user information security.
附图说明Description of drawings
图1为本发明实施例中的识别热点合法性的方法的第一种实施流程示意图;FIG. 1 is a schematic diagram of the first implementation flow of a method for identifying hotspot legality in an embodiment of the present invention;
图2为本发明实施例中的识别热点合法性的方法的第二种实施流程示意图;FIG. 2 is a schematic diagram of a second implementation flow of a method for identifying hotspot legality in an embodiment of the present invention;
图3为本发明实施例中的识别热点合法性的方法的第三种实施流程示意图;FIG. 3 is a schematic diagram of a third implementation flow of a method for identifying hotspot legality in an embodiment of the present invention;
图4为本发明实施例中的识别热点合法性的装置的第一种结构示意图;FIG. 4 is a first structural schematic diagram of a device for identifying hotspot legality in an embodiment of the present invention;
图5为本发明实施例中的识别热点合法性的装置的第二种结构示意图;FIG. 5 is a second structural schematic diagram of a device for identifying hotspot legality in an embodiment of the present invention;
图6为本发明实施例中的终端的结构示意图。FIG. 6 is a schematic structural diagram of a terminal in an embodiment of the present invention.
具体实施方式Detailed ways
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作以简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1为本发明实施例中的识别热点合法性的方法的第一种实施流程示意图,如图1所示,该方法可以包括:Fig. 1 is a schematic flow chart of the first implementation of the method for identifying hotspot legality in an embodiment of the present invention. As shown in Fig. 1, the method may include:
S101:获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;S101: Obtain a login credential corresponding to the access point, where the login credential is obtained when accessing the access point based on the first access password;
随着无线接入点技术的不断发展和广泛应用,越来越多的终端可接入到无线接入点以访问网络。这些终端可以是台式电脑、便携式电脑、智能手机、平板电脑、智能手表等终端,特别地,上述终端还可以为嗅探器(sniffer)。当终端首次向接入点发起连接时,需要输入针对接入点预置的账号和第一接入密码。第一接入密码可以是任意字符串,例如,12345678。接入点对从终端接收的账号和第一接入密码进行验证。当账号和第一接入密码通过验证时,终端成功接入到接入点。与此同时,终端从接入点获得登录凭证。这里,登录凭证用于终端在之后连接到该接入点,不需要再次输入账号和第一接入密码。With the continuous development and wide application of the wireless access point technology, more and more terminals can be connected to the wireless access point to access the network. These terminals may be terminals such as desktop computers, portable computers, smart phones, tablet computers, and smart watches. In particular, the above-mentioned terminals may also be sniffers. When the terminal initiates a connection to the access point for the first time, it needs to input an account and a first access password preset for the access point. The first access password can be any character string, for example, 12345678. The access point verifies the account and the first access password received from the terminal. When the account number and the first access password pass the verification, the terminal successfully accesses the access point. At the same time, the terminal obtains login credentials from the access point. Here, the login credential is used for the terminal to connect to the access point later, without inputting the account number and the first access password again.
需要说明的是,上述接入点对应的登录凭证是来源于官方接入点建立时候的登记。管理员会维护一个包含所有内部热点凭证的列表,依据此列表进行之后的测试。It should be noted that the login credentials corresponding to the above access points are derived from the registration when the official access point was established. The administrator maintains a list of all internal hotspot credentials against which subsequent tests are performed.
S102:向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;S102: Initiate a first connection based on a login credential to the access point, where the login credential is used to instruct the access point to authenticate the first connection;
在首次成功接入到接入点之后,终端再次向接入点发起连接。具体地,该终端可以向接入点发送发起消息,该消息中包括将之前获得的登录凭证。After successfully accessing the access point for the first time, the terminal initiates a connection to the access point again. Specifically, the terminal may send an initiation message to the access point, where the message includes the previously obtained login credential.
相对地,接入点对第一连接进行认证。具体地,接入点在接收到该发起消息之后,将该发起消息中的登录凭证与该接入点中存储的登录凭证进行比较。若二者一致,则确定该第一连接通过认证。若二者不一致,则确定该第一连接未通过认证,认证失败。之后,接入点将认证结果发送给终端。In contrast, the access point authenticates the first connection. Specifically, after receiving the initiation message, the access point compares the login credential in the initiation message with the login credential stored in the access point. If the two are consistent, it is determined that the first connection passes the authentication. If the two are inconsistent, it is determined that the first connection has not passed the authentication, and the authentication fails. Afterwards, the access point sends the authentication result to the terminal.
S103:在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。S103: After receiving the first authentication result for the first connection from the access point, determine legitimacy of the access point according to the authentication result.
这里,终端接收来自接入点对针对第一连接的认证结果。若该认证结果表明认证成功,则终端确定该接入点是合法接入点;若该认证结果表明认证失败,则终端确定该接入点是非法接入点。Here, the terminal receives an authentication result for the first connection from the access point. If the authentication result indicates that the authentication is successful, the terminal determines that the access point is a legitimate access point; if the authentication result indicates that the authentication fails, the terminal determines that the access point is an illegal access point.
进一步地,为了增加识别的精确度,提高准确性,图2为本发明实施例中的识别热点合法性的方法的第二种实施流程示意图,如图2所示,在S103之后,该方法还包括:Further, in order to increase the accuracy of recognition and improve the accuracy, Fig. 2 is a schematic diagram of the second implementation flow of the method for identifying the legality of hotspots in the embodiment of the present invention. As shown in Fig. 2, after S103, the method also include:
S104:当认证结果表明认证成功时,向接入点发起基于第二接入密码的第二连接,第二接入密码不同于第一接入密码;S104: When the authentication result indicates that the authentication is successful, initiate a second connection based on the second access password to the access point, where the second access password is different from the first access password;
若在终端向接入点发起基于登录凭证的第一连接的认证成功时,终端进一步向接入点发起基于第二接入密码的第二连接。第二接入密码与第一接入密码不同。例如,第二接入密码可以是不同于第一接入密码的“错误”密码。也就是说,采用第二接入密码无法成功接入到接入点。举例来说,若第一接入密码为12345678,则第二接入密码则是除12345678之外的字符串,例如,12345677。If the authentication of the first connection based on the login credential initiated by the terminal to the access point is successful, the terminal further initiates a second connection based on the second access password to the access point. The second access code is different from the first access code. For example, the second access code may be a "wrong" code that is different from the first access code. That is to say, the access point cannot be successfully accessed by using the second access password. For example, if the first access password is 12345678, then the second access password is a character string other than 12345678, for example, 12345677.
相对地,接入点在接收到来自终端的第二接入密码后,对该第二接入密码进行认证。具体地,接入点将第二接入密码与自身保存的第一接入密码进行比较。若二者一致,则认证成功;否则,认证失败。Relatively, after receiving the second access password from the terminal, the access point authenticates the second access password. Specifically, the access point compares the second access password with the first access password stored by itself. If the two are consistent, the authentication is successful; otherwise, the authentication fails.
S105:在接收到来自接入点针对第二连接的第二认证结果后,根据第二认证结果确定接入点的合法性。S105: After receiving the second authentication result from the access point for the second connection, determine legitimacy of the access point according to the second authentication result.
具体地,当第二认证结果表明认证成功时,则终端确定接入点为非法接入点;当第二认证结果表明认证失败时,则终端确定接入点为合法接入点。Specifically, when the second authentication result indicates that the authentication is successful, the terminal determines that the access point is an illegal access point; when the second authentication result indicates that the authentication fails, the terminal determines that the access point is a legitimate access point.
图3为本发明实施例中的识别热点合法性的方法的第三种实施流程示意图,如图3中实线所示,该方法还可以包括:Fig. 3 is a schematic diagram of the third implementation flow of the method for identifying hotspot legality in the embodiment of the present invention, as shown by the solid line in Fig. 3, the method may also include:
S301:接收来自接入点的数据包;S301: Receive a data packet from an access point;
这里,在终端成功连接到接入点之后,可以从接入点接收数据包,并记录该数据包的接收时间。Here, after the terminal is successfully connected to the access point, it can receive the data packet from the access point, and record the receiving time of the data packet.
在本发明实施例中,上述数据包为信标(Beacon)数据包,在该数据包中携带有时间戳字段(TSF,Time Stamp Field)。这里,时间戳字段的值用于表示其所在的数据包的发送时间。In the embodiment of the present invention, the above data packet is a beacon (Beacon) data packet, and the data packet carries a time stamp field (TSF, Time Stamp Field). Here, the value of the timestamp field is used to indicate the sending time of the data packet in which it is located.
S302:计算数据包的类开始时间;S302: Calculate the class start time of the data packet;
这里,S302具体可以包括:用数据包的接收时间减去数据包中的时间戳字段的值,得到类开始时间。Here, S302 may specifically include: subtracting the value of the timestamp field in the data packet from the receiving time of the data packet to obtain the class start time.
这里,数据包在从接入点发出时会记录发送时间,即携带在数据包中的TSF,当数据包发送至终端时,终端接收数据包的同时又会记录下数据包的接收时间,那么,用数据包的接收时间减去数据包的发送时间就是数据包的传输时间,即类开始时间。Here, when the data packet is sent from the access point, the sending time will be recorded, that is, the TSF carried in the data packet. When the data packet is sent to the terminal, the terminal will record the receiving time of the data packet while receiving the data packet. Then , subtracting the sending time of the data packet from the receiving time of the data packet is the transmission time of the data packet, that is, the class start time.
S303:判断类开始时间是否小于预存的历史开始时间;S303: judging whether the class start time is less than the pre-stored historical start time;
其中,历史开始时间为接入点之前发送的历史数据包的类开始时间。Wherein, the historical start time is the class start time of the historical data packets sent by the access point before.
具体来说,上述历史开始时间是由接入点之前发送的数据包的接收时间减去该数据包的TSF计算出来的类开始时间。Specifically, the aforementioned history start time is the class start time calculated by subtracting the TSF of the data packet sent by the access point from the reception time of the data packet before.
这里,终端将S302获得的类开始时间与预存的历史开始时间进行比较,判断前者是否小于后者。在实际应用中,可以设置误差范围,如1s、3s、10s等,本发明实施例不作具体限定。Here, the terminal compares the class start time obtained in S302 with the pre-stored historical start time, and judges whether the former is smaller than the latter. In practical applications, an error range may be set, such as 1s, 3s, 10s, etc., which are not specifically limited in this embodiment of the present invention.
S304a:如果是,则确定接入点为合法接入点;S304a: If yes, determine that the access point is a legitimate access point;
S304b:如果否,则确定接入点为非法接入点。S304b: If not, determine that the access point is an illegal access point.
进一步地,如图3中虚线所示,在S304b之后,上述方法还可以包括:S305:用类开始时间更新历史开始时间。这样,更新后的历史开始时间有可以用于后续的接入点合法性的识别。需要注意的是,上述接入点需具有相同的MAC地址,接入点可以由一个或者多个路由器组成。Further, as shown by the dotted line in FIG. 3 , after S304b, the above method may further include: S305: Update the history start time with the class start time. In this way, the updated historical start time can be used for subsequent identification of the legitimacy of the access point. It should be noted that the above access points need to have the same MAC address, and the access points can be composed of one or more routers.
本发明实施例所提供的识别接入点合法性的方法,获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。如此,能够对所连接的接入点的合法性进行识别,从而防止终端用户连接到非法接入点上,避免了用户的个人信息的泄露,保障了财产安全。The method for identifying the legitimacy of the access point provided by the embodiment of the present invention obtains the login credential corresponding to the access point, and the login credential is obtained when the access point is accessed based on the first access password; The first connection of the login credential, wherein the login credential is used to instruct the access point to authenticate the first connection; after receiving the first authentication result for the first connection from the access point, according to the authentication result, determine the access point of legitimacy. In this way, the legitimacy of the connected access point can be identified, thereby preventing the terminal user from connecting to an illegal access point, avoiding leakage of the user's personal information, and ensuring property safety.
基于同一发明构思,作为上述方法的实现,本发明实施例还提供了一种识别接入点合法性的装置。Based on the same inventive concept, as an implementation of the above method, an embodiment of the present invention also provides an apparatus for identifying the legitimacy of an access point.
图4为本发明实施例中的识别热点合法性的装置的第一种结构示意图,如图4所示,识别接入点合法性的装置400包括:获取模块410、发起模块420、确定模块430。其中,获取模块410,用于获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;发起模块420,用于向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;确定模块430,用于在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。Fig. 4 is a schematic diagram of the first structure of the device for identifying the legitimacy of a hotspot in an embodiment of the present invention. As shown in Fig. 4 , the device 400 for identifying the legitimacy of an access point includes: an acquisition module 410, an initiation module 420, and a determination module 430 . Among them, the obtaining module 410 is used to obtain the login credential corresponding to the access point, and the login credential is obtained when accessing the access point based on the first access password; The first connection, wherein the login credential is used to instruct the access point to authenticate the first connection; the determination module 430 is configured to, after receiving the first authentication result for the first connection from the access point, according to the authentication result , to determine the legitimacy of the access point.
在本发明的一个实施例中,确定模块,用于当第一认证结果表明认证失败时,确定接入点为非法接入点。In one embodiment of the present invention, the determining module is configured to determine that the access point is an illegal access point when the first authentication result indicates that the authentication fails.
在本发明的另一实施例中,发起模块,还用于当第一认证结果表明认证成功时,向接入点发起基于第二接入密码的第二连接;第二接入密码不同于第一接入密码;确定模块,还用于在接收到来自接入点针对第二连接的第二认证结果后,根据第二认证结果确定接入点的合法性。In another embodiment of the present invention, the initiating module is further configured to initiate a second connection based on a second access password to the access point when the first authentication result indicates that the authentication is successful; the second access password is different from the first An access password; a determining module, further configured to determine the legitimacy of the access point according to the second authentication result after receiving the second authentication result from the access point for the second connection.
具体地,确定模块,用于当第二认证结果表明认证成功时,则确定接入点为非法接入点;当第二认证结果表明认证失败时,则确定接入点为合法接入点。Specifically, the determining module is configured to determine that the access point is an illegal access point when the second authentication result indicates that the authentication is successful; and determine that the access point is a legitimate access point when the second authentication result indicates that the authentication fails.
图5为本发明实施例中的识别热点合法性的装置的第二种结构示意图,如图5所示,上述识别接入点合法性的装置500包括:接收计算模块540;那么,接收计算模块540,用于接收来自接入点的数据包;计算数据包的类开始时间;对应地,确定模块530,还用于判断类开始时间是否小于预存的历史开始时间;如果是,则确定接入点为合法接入点;如果否,则确定接入点为非法接入点。Fig. 5 is a schematic diagram of the second structure of the device for identifying the legitimacy of a hotspot in an embodiment of the present invention. As shown in Fig. 5, the device 500 for identifying the legitimacy of an access point includes: a receiving calculation module 540; 540, for receiving data packets from the access point; calculating the class start time of the data packet; correspondingly, the determination module 530 is also used for judging whether the class start time is less than the prestored history start time; The point is a legal access point; if not, it is determined that the access point is an illegal access point.
在本发明的其他实施例中,上述装置还包括更新模块,用于用类开始时间更新历史开始时间。In other embodiments of the present invention, the above device further includes an update module, configured to update the history start time with the class start time.
在本发明的其他实施例中,接收计算模块,用于用数据包的接收时间减去数据包中的时间戳字段的值,得到类开始时间。In other embodiments of the present invention, the receiving calculation module is configured to subtract the value of the timestamp field in the data packet from the receiving time of the data packet to obtain the class start time.
这里需要指出的是,以上装置实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果。对于本发明装置实施例中未披露的技术细节,请参照本发明方法实施例的描述而理解。It should be pointed out here that the description of the above device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects as the method embodiment. For technical details not disclosed in the device embodiments of the present invention, please refer to the description of the method embodiments of the present invention for understanding.
基于同一发明构思,本发明实施例提供了一种终端。图6为本发明实施例中的终端的结构示意图,如图6所示,终端600包括存储器610和处理器620。存储器610用于存储一条或多条计算机指令。处理器620用于执行该一条或多条计算机指令以实现以下步骤:获得接入点对应的登录凭证,登录凭证是在基于第一接入密码接入接入点时获得的;向接入点发起基于登录凭证的第一连接,其中,登录凭证用于指示接入点对第一连接进行认证;在接收到来自接入点对针对第一连接的第一认证结果后,根据认证结果,确定接入点的合法性。Based on the same inventive concept, an embodiment of the present invention provides a terminal. FIG. 6 is a schematic structural diagram of a terminal in an embodiment of the present invention. As shown in FIG. 6 , a terminal 600 includes a memory 610 and a processor 620 . Memory 610 is used to store one or more computer instructions. The processor 620 is configured to execute the one or more computer instructions to implement the following steps: obtain a login credential corresponding to the access point, where the login credential is obtained when accessing the access point based on the first access password; Initiating a first connection based on a login credential, wherein the login credential is used to instruct the access point to authenticate the first connection; after receiving a first authentication result from the access point for the first connection, according to the authentication result, determine Access point legitimacy.
在另一实施例中,处理器执行计算机指令以实现以下步骤:当第一认证结果表明认证失败时,则确定接入点为非法接入点。In another embodiment, the processor executes computer instructions to implement the following steps: when the first authentication result indicates that the authentication fails, then determine that the access point is an illegal access point.
在另一实施例中,处理器执行计算机指令以实现以下步骤:当第一认证结果表明认证成功时,向接入点发起基于第二接入密码的第二连接,第二接入密码不同于第一接入密码;在接收到来自接入点针对第二连接的第二认证结果后,根据第二认证结果确定接入点的合法性。In another embodiment, the processor executes computer instructions to implement the following steps: when the first authentication result indicates that the authentication is successful, initiate a second connection to the access point based on a second access password, the second access password is different from a first access password; after receiving a second authentication result from the access point for the second connection, determining the legitimacy of the access point according to the second authentication result.
在另一实施例中,处理器执行计算机指令以实现以下步骤:当第二认证结果表明认证成功时,则确定接入点为非法接入点;当第二认证结果表明认证失败时,则确定接入点为合法接入点。In another embodiment, the processor executes computer instructions to implement the following steps: when the second authentication result indicates that the authentication is successful, then determine that the access point is an illegal access point; when the second authentication result indicates that the authentication fails, then determine The access point is a legitimate access point.
在另一实施例中,处理器执行计算机指令以实现以下步骤:接收来自接入点的第一数据包并记录第一数据包的接收时间;接收来自接入点的第二数据包并记录第二数据包的接收时间;根据第一数据包的接收时间和第二数据包的接收时间,确定对接入点的合法性。In another embodiment, the processor executes computer instructions to implement the following steps: receiving the first data packet from the access point and recording the receiving time of the first data packet; receiving the second data packet from the access point and recording the receiving time of the first data packet; The receiving time of the second data packet; according to the receiving time of the first data packet and the receiving time of the second data packet, determine the legitimacy of the access point.
在另一实施例中,处理器执行计算机指令以实现以下步骤:获取第二数据包中的用于表示发送时间的时间戳字段,并使用第二数据包中的时间戳字段的值计算类开始时间;如果类开始时间小于或等于第一数据包的接收时间,且小于或等于第二数据包的接收时间,则计算第一数据包的接收时间和第二数据包的接收时间之间的第一差值,以及计算第一数据包中的时间戳字段的值和第二数据包中的时间戳字段的值之间的第二差值;当第一差值不等于第二差值时,确定接入点为非法接入点;当第一差值等于第二差值时,确定接入点为合法接入点。In another embodiment, the processor executes computer instructions to implement the following steps: obtain the timestamp field used to indicate the sending time in the second data packet, and use the value of the timestamp field in the second data packet to calculate the class start time; if the class start time is less than or equal to the receive time of the first packet and less than or equal to the receive time of the second packet, calculate the first A difference, and calculating the second difference between the value of the timestamp field in the first data packet and the value of the timestamp field in the second data packet; when the first difference is not equal to the second difference, Determining that the access point is an illegal access point; when the first difference is equal to the second difference, determining that the access point is a legal access point.
在另一实施例中,处理器执行计算机指令以实现以下步骤:用第二数据包的接收时间减去第二数据包中的时间戳字段的值,得到类开始时间。In another embodiment, the processor executes computer instructions to implement the following steps: subtracting the value of the timestamp field in the second data packet from the receiving time of the second data packet to obtain the class start time.
这里需要指出的是,以上终端实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果。对于本发明装置实施例中未披露的技术细节,请参照本发明方法实施例的描述而理解。It should be pointed out here that the descriptions of the above terminal embodiments are similar to the descriptions of the above method embodiments, and have similar beneficial effects as those of the method embodiments. For technical details not disclosed in the device embodiments of the present invention, please refer to the description of the method embodiments of the present invention for understanding.
相应地,本发明实施例还提供了一种计算机可读存储介质,该计算机存储介质中存储有计算机程序,该计算机程序被处理器执行时用于实现本发明实施例中识别热点合法性的方法的步骤。Correspondingly, an embodiment of the present invention also provides a computer-readable storage medium, where a computer program is stored in the computer storage medium, and when the computer program is executed by a processor, it is used to implement the method for identifying hotspot legality in the embodiment of the present invention A step of.
这里需要指出的是,以上计算机可读存储介质实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果。对于本发明装置实施例中未披露的技术细节,请参照本发明方法实施例的描述而理解。It should be pointed out here that the above description of the computer-readable storage medium embodiment is similar to the description of the above method embodiment, and has similar beneficial effects as the method embodiment. For technical details not disclosed in the device embodiments of the present invention, please refer to the description of the method embodiments of the present invention for understanding.
本发明实施例,还提供了A1、一种识别热点合法性的方法,所述方法包括:The embodiment of the present invention also provides A1, a method for identifying the legitimacy of a hotspot, the method comprising:
获得接入点对应的登录凭证,所述登录凭证是在基于第一接入密码接入所述接入点时获得的;Obtain a login credential corresponding to the access point, where the login credential is obtained when accessing the access point based on the first access password;
向所述接入点发起基于所述登录凭证的第一连接,其中,所述登录凭证用于指示所述接入点对所述第一连接进行认证;Initiating a first connection based on the login credentials to the access point, wherein the login credentials are used to instruct the access point to authenticate the first connection;
在接收到来自所述接入点对针对所述第一连接的第一认证结果后,根据所述认证结果,确定所述接入点的合法性。After receiving the first authentication result for the first connection from the access point, determine the legitimacy of the access point according to the authentication result.
A2、根据A1所述的方法,所述根据所述认证结果,确定所述接入点的合法性,包括:A2. According to the method described in A1, determining the legitimacy of the access point according to the authentication result includes:
当所述第一认证结果表明认证失败时,则确定所述接入点为非法接入点。When the first authentication result indicates that the authentication fails, it is determined that the access point is an illegal access point.
A3、根据A1所述的方法,所述根据所述认证结果,确定所述接入点的合法性,包括:A3. According to the method described in A1, determining the legitimacy of the access point according to the authentication result includes:
当所述第一认证结果表明认证成功时,向所述接入点发起基于第二接入密码的第二连接,所述第二接入密码不同于所述第一接入密码;When the first authentication result indicates that the authentication is successful, initiate a second connection based on a second access password to the access point, where the second access password is different from the first access password;
在接收到来自所述接入点针对所述第二连接的第二认证结果后,根据所述第二认证结果确定所述接入点的合法性。After receiving the second authentication result from the access point for the second connection, determine the legitimacy of the access point according to the second authentication result.
A4、根据A3所述的方法,所述根据所述第二认证结果确定所述接入点的合法性,包括:A4. According to the method described in A3, the determining the legitimacy of the access point according to the second authentication result includes:
当所述第二认证结果表明认证成功时,则确定所述接入点为非法接入点;When the second authentication result indicates that the authentication is successful, then determine that the access point is an illegal access point;
当所述第二认证结果表明认证失败时,则确定所述接入点为合法接入点。When the second authentication result indicates that the authentication fails, it is determined that the access point is a legitimate access point.
A5、根据A1所述的方法,所述方法还包括:A5, according to the method described in A1, described method also comprises:
接收来自所述接入点的数据包;receiving a data packet from the access point;
计算所述数据包的类开始时间;calculating a class start time for said packet;
判断所述类开始时间是否小于预存的历史开始时间,所述历史开始时间为所述接入点之前发送的历史数据包的类开始时间;Judging whether the class start time is less than a prestored historical start time, the historical start time being the class start time of the historical data packets sent by the access point before;
如果是,则确定所述接入点为合法接入点;If yes, then determining that the access point is a legitimate access point;
如果否,则确定所述接入点为非法接入点。If not, it is determined that the access point is an illegal access point.
A6、根据A5所述的方法,在所述确定所述接入点为非法接入点之后,所述方法还包括:A6. According to the method described in A5, after the determination that the access point is an illegal access point, the method further includes:
用所述类开始时间更新所述历史开始时间。The historical start time is updated with the class start time.
A7、根据权利要求5或6所述的方法,所述计算所述数据包的类开始时间,包括:A7. The method according to claim 5 or 6, said calculating the class start time of said data packet, comprising:
用所述数据包的接收时间减去所述数据包中的时间戳字段的值,得到所述类开始时间。The value of the timestamp field in the data packet is subtracted from the receiving time of the data packet to obtain the class start time.
本发明实施例还提供了B1、一种识别热点合法性的装置,包括:The embodiment of the present invention also provides B1, a device for identifying the legitimacy of hotspots, including:
获取模块,用于获得接入点对应的登录凭证,所述登录凭证是在基于第一接入密码接入所述接入点时获得的;An obtaining module, configured to obtain a login credential corresponding to the access point, where the login credential is obtained when accessing the access point based on the first access password;
发起模块,用于向所述接入点发起基于所述登录凭证的第一连接,其中,所述登录凭证用于指示所述接入点对所述第一连接进行认证;An initiating module, configured to initiate a first connection based on the login credential to the access point, wherein the login credential is used to instruct the access point to authenticate the first connection;
确定模块,用于在接收到来自所述接入点对针对所述第一连接的第一认证结果后,根据所述认证结果,确定所述接入点的合法性。The determining module is configured to determine the legitimacy of the access point according to the authentication result after receiving the first authentication result for the first connection from the access point.
B2、根据B1所述的装置,所述确定模块,用于当所述第一认证结果表明认证失败时,则确定所述接入点为非法接入点。B2. The device according to B1, the determining module is configured to determine that the access point is an illegal access point when the first authentication result indicates that the authentication fails.
B3、根据B1所述的装置,所述发起模块,还用于当所述第一认证结果表明认证成功时,向所述接入点发起基于第二接入密码的第二连接,所述第二接入密码不同于所述第一接入密码;确定模块,还用于在接收到来自所述接入点针对所述第二连接的第二认证结果后,根据所述第二认证结果确定所述接入点的合法性。B3. The device according to B1, the initiating module is further configured to initiate a second connection based on a second access password to the access point when the first authentication result indicates that the authentication is successful, and the first The second access password is different from the first access password; the determining module is further configured to, after receiving a second authentication result from the access point for the second connection, determine according to the second authentication result The legitimacy of the access point.
B4、根据B3所述的装置,所述确定模块,用于当所述第二认证结果表明认证成功时,则确定所述接入点为非法接入点;当所述第二认证结果表明认证失败时,则确定所述接入点为合法接入点。B4. The device according to B3, the determination module is configured to determine that the access point is an illegal access point when the second authentication result indicates that the authentication is successful; when the second authentication result indicates that the authentication When it fails, it is determined that the access point is a legitimate access point.
B5、根据B1所述的装置,所述装置还包括:接收计算模块340,用于接收来自所述接入点的数据包;计算所述数据包的类开始时间;对应地,确定模块330,还用于判断所述类开始时间是否小于预存的历史开始时间,所述历史开始时间为所述接入点之前发送的历史数据包的类开始时间;如果是,则确定所述接入点为合法接入点;如果否,则确定所述接入点为非法接入点。B5. The device according to B1, the device further comprising: a receiving calculation module 340, configured to receive the data packet from the access point; calculate the class start time of the data packet; correspondingly, the determination module 330, It is also used to judge whether the class start time is less than the pre-stored history start time, and the history start time is the class start time of the historical data packet sent before the access point; if yes, then determine that the access point is legal access point; if not, then determine that the access point is an illegal access point.
B6、根据B5所述的装置,所述装置还包括:更新模块,用于用所述类开始时间更新所述历史开始时间。B6. The device according to B5, further comprising: an update module, configured to use the class start time to update the history start time.
B7、根据B5或B6所述的装置,所述接收计算模块,用于用所述数据包的接收时间减去所述数据包中的时间戳字段的值,得到所述类开始时间。B7. According to the device described in B5 or B6, the receiving calculation module is configured to subtract the value of the timestamp field in the data packet from the receiving time of the data packet to obtain the class start time.
本发明实施例还提供C1、一种终端,包括:存储器和处理器其中,所述存储器用于存储一条或多条计算机指令,其中,所述一条或多条计算机指令被所述处理器执行以实现A1-A7任一项所述方法的步骤。The embodiment of the present invention also provides C1, a terminal, including: a memory and a processor, wherein the memory is used to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor to Realize the steps of any one of the methods described in A1-A7.
本发明实施例还提供D1、一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现A1-A7任一项所述方法的步骤。The embodiment of the present invention also provides D1, a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the steps of any one of the methods described in A1-A7 are implemented.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明实施例的方法、终端(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, terminals (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal processor to produce a machine such that the instructions executed by the computer or other programmable data processing terminal processor produce a machine An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing terminal to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理终端上,使得在计算机或其他可编程终端上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing terminal, so that a series of operational steps are performed on the computer or other programmable terminal to produce a computer-implemented process, so that the process executed on the computer or other programmable terminal The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711481858.4ACN107948980A (en) | 2017-12-29 | 2017-12-29 | A kind of method, apparatus and terminal for identifying access point legitimacy |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711481858.4ACN107948980A (en) | 2017-12-29 | 2017-12-29 | A kind of method, apparatus and terminal for identifying access point legitimacy |
| Publication Number | Publication Date |
|---|---|
| CN107948980Atrue CN107948980A (en) | 2018-04-20 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711481858.4APendingCN107948980A (en) | 2017-12-29 | 2017-12-29 | A kind of method, apparatus and terminal for identifying access point legitimacy |
| Country | Link |
|---|---|
| CN (1) | CN107948980A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243490A (en)* | 2014-09-30 | 2014-12-24 | 北京金山安全软件有限公司 | Method and device for identifying pseudo wireless network access point and mobile terminal |
| CN105188057A (en)* | 2015-08-26 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Method and system for enhancing network access authentication security |
| CN106790183A (en)* | 2016-12-30 | 2017-05-31 | 广州华多网络科技有限公司 | Logging on authentication method of calibration, device |
| CN107148019A (en)* | 2017-05-12 | 2017-09-08 | 上海掌门科技有限公司 | A kind of method and apparatus for being used to connect WAP |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243490A (en)* | 2014-09-30 | 2014-12-24 | 北京金山安全软件有限公司 | Method and device for identifying pseudo wireless network access point and mobile terminal |
| CN105188057A (en)* | 2015-08-26 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Method and system for enhancing network access authentication security |
| CN106790183A (en)* | 2016-12-30 | 2017-05-31 | 广州华多网络科技有限公司 | Logging on authentication method of calibration, device |
| CN107148019A (en)* | 2017-05-12 | 2017-09-08 | 上海掌门科技有限公司 | A kind of method and apparatus for being used to connect WAP |
| Publication | Publication Date | Title |
|---|---|---|
| CN105188055B (en) | wireless network access method, wireless access point and server | |
| US11451959B2 (en) | Authenticating client devices in a wireless communication network with client-specific pre-shared keys | |
| US10437985B2 (en) | Using a second device to enroll a secure application enclave | |
| EP3061027B1 (en) | Verifying the security of a remote server | |
| CN113920616B (en) | Method for safe connection between vehicle and bluetooth key, bluetooth module, bluetooth key | |
| US8214890B2 (en) | Login authentication using a trusted device | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| CN104144163B (en) | Auth method, apparatus and system | |
| CN107612889B (en) | Method for preventing user information leakage | |
| US20110252227A1 (en) | Methods and systems to bind a device to a computer system | |
| US9602537B2 (en) | Systems and methods for providing secure communication | |
| US20170289159A1 (en) | Security support for free wi-fi and sponsored connectivity for paid wi-fi | |
| CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
| CN107786515B (en) | Method and device for certificate authentication | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| CN106330828A (en) | Method for network secure access, terminal device and authentication server | |
| CN112805702B (en) | Counterfeit APP identification method and device | |
| CN105578464A (en) | An Enhanced WLAN Certificate Authentication Method, Device and System | |
| CN109995783A (en) | A kind of cut-in method of trustable network, equipment and storage medium | |
| CN106454826B (en) | Method and device for AP to access AC | |
| CN106790036A (en) | An information tamper-proof method, device, server and terminal | |
| CN106912049B (en) | Method for improving user authentication experience | |
| CN106162644B (en) | A kind of WiFi system and its safe verification method preventing camouflage equipment | |
| CN113766496A (en) | Cross-platform binding method and system of intelligent equipment and related equipment | |
| CN107948980A (en) | A kind of method, apparatus and terminal for identifying access point legitimacy |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20180420 |