Authentication method for wireless communication, authentication device for wireless communication, and communication system

Abstract

This application provides an authentication method, device, and system for wireless communication. The method is applied to a site communicating with an access point, and includes: acquiring probe response information from the access point and determining whether to join the access point's network based on the probe response information; if joining the access point's network is determined, acquiring first authentication response information and determining whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, repeatedly sending authentication information within a predetermined time period and receiving multiple second authentication response messages; and determining, based on at least a first number, that the access point's security parameter information contains errors. This method solves the problem of low accuracy in determining whether the access point's security parameter information contains errors in existing technologies.

Description

Technical Field

[0001] This application relates to the field of wireless communication, and more specifically, to a wireless communication authentication method, a wireless communication authentication device, a computer-readable storage medium, and a communication system. Background Technology

[0002] When a site operates in a complex wireless communication environment, such as being subject to radio frequency interference or co-channel interference, it may initiate a connection to the access point using incorrect wireless security parameters. In such cases, the site may not accurately receive error alerts from the access point. Conversely, if a site initiates a connection using correct wireless security parameters, the site may misinterpret it as an error. These situations result in a low accuracy rate in determining whether the access point's security parameter information is incorrect.

[0003] Therefore, there is an urgent need for a method to solve the problem of low accuracy in judging whether the security parameter information of the access point is incorrect in the existing technology. Summary of the Invention

[0004] The main objective of this application is to provide an authentication method, an authentication device, a computer-readable storage medium, and a communication system for wireless communication, so as to at least solve the problem of low accuracy in judging whether the security parameter information of the access point is erroneous in the prior art.

[0005] According to one aspect of this application, an authentication method for wireless communication is provided, the method being applied to a site communicating with an access point, the method comprising: acquiring probe response information of the access point, and determining whether to join the access point's network based on the probe response information, wherein the probe response information is used to characterize the existence of the access point, and the probe response information includes at least security parameter information of the access point; if it is determined that the access point's network has been joined, acquiring first authentication response information, and determining whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, after repeatedly sending authentication information multiple times within a predetermined time period, receiving multiple second authentication response messages, wherein the start time of the predetermined time period is after the time corresponding to the time when the access point authentication fails, the authentication information is used to authenticate the identity of the access point, and the authentication information corresponds one-to-one with the second authentication response messages; determining that the security parameter information of the access point is erroneous based at least on a first quantity, wherein the first quantity is the number of times the second authentication response messages characterize the access point authentication failure within the predetermined time period.

[0006] Optionally, obtaining the probe response information of the access point includes: sending probe request information to the access point, wherein the probe request information is used to characterize the site's request to connect with the access point; receiving response information of the probe request information sent by the access point to obtain the probe response information.

[0007] Optionally, obtaining the first authentication response information includes: sending the authentication information to the access point; receiving the response information of the authentication information sent by the access point, and obtaining the first authentication response information.

[0008] Optionally, the first authentication response information includes an authentication message, the authentication message includes a reason code, and determining whether the access point is successfully authenticated based on the first authentication response information includes: obtaining an error code and determining whether the reason code is the same as the error code, wherein the error code is used to indicate that the connection between the access point and the site timed out during the EAPOL phase; if the reason code and the error code are the same, it is determined that the access point authentication was unsuccessful.

[0009] Optionally, determining that the security parameter information of the access point is erroneous based at least on a first quantity includes: obtaining the total number of the second authentication response information received within the predetermined time period, and calculating the ratio of the first quantity to the total number to obtain a quantity ratio; determining whether the quantity ratio is less than a ratio threshold, and if the quantity ratio is less than the ratio threshold, determining that the security parameter information of the access point is erroneous.

[0010] Optionally, determining that the security parameter information of the access point is erroneous based at least on a first quantity includes: obtaining a second quantity, the second quantity being the number of consecutive second authentication response messages representing unsuccessful authentication of the access point within the first quantity; determining whether the second quantity is greater than a quantity threshold, and if the second quantity is greater than the quantity threshold, determining that the security parameter information of the access point is erroneous.

[0011] Optionally, after determining that the security parameter information of the access point is incorrect, the method further includes: the site not establishing a connection with the access point.

[0012] According to another aspect of this application, a wireless communication authentication device is provided. The device is applied to a site that communicates with an access point. The device includes: an acquisition unit, configured to acquire probe response information of the access point and determine whether to join the network of the access point based on the probe response information, wherein the probe response information is used to characterize the existence of the access point and includes at least security parameter information of the access point; a receiving unit, configured to acquire first authentication response information when it is determined that the access point has joined the network, and determine whether the access point has been successfully authenticated based on the first authentication response information; and, if the access point authentication fails, receive multiple second authentication response messages after repeatedly sending authentication information within a predetermined time period, wherein the start time of the predetermined time period is after the time corresponding to the time when the access point authentication fails, the authentication information is used to authenticate the identity of the access point, and the authentication information corresponds one-to-one with the second authentication response information; and a determination unit, configured to determine that the security parameter information of the access point is erroneous based on at least a first quantity, wherein the first quantity is the number of times the second authentication response information characterizes the access point authentication failure within the predetermined time period.

[0013] According to another aspect of this application, a computer-readable storage medium is provided, the computer-readable storage medium including a stored program, wherein, when the program is executed, it controls the device on which the computer-readable storage medium is located to perform any of the methods described.

[0014] According to another aspect of this application, a communication system is provided, comprising: one or more processors, a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including methods for performing any one of the methods described.

[0015] Applying the technical solution of this application, firstly, the probe response information of the access point is obtained, and based on the probe response information, it is determined whether to join the access point's network; then, if it is determined that the access point's network has been joined, first authentication response information is obtained, and based on the first authentication response information, it is determined whether the access point has been successfully authenticated; if the access point authentication fails, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received; finally, based on at least a first number, it is determined that the access point's security parameter information contains errors. The above method, based on determining whether the access point authentication has succeeded based on the first authentication response information, and within a period of retrying the connection, uses the second authentication response information representing the number of unsuccessful authentication attempts within that time period to determine whether the access point's security parameter information contains errors, can improve the accuracy of the judgment and solve the problem of low accuracy in judging whether the access point's security parameter information contains errors in the prior art. Attached Figure Description

[0016] The accompanying drawings, which form part of this application, are used to provide a further understanding of this application. The illustrative embodiments and descriptions of this application are used to explain this application and do not constitute an undue limitation of this application. In the drawings:

[0017] Figure 1 A hardware structure block diagram of a mobile terminal performing an authentication method for wireless communication according to an embodiment of this application is shown.

[0018] Figure 2 A flowchart illustrating an authentication method for wireless communication provided according to an embodiment of this application is shown.

[0019] Figure 3 A detailed flowchart of an authentication method for wireless communication provided according to an embodiment of this application is shown.

[0020] Figure 4 A structural block diagram of a wireless communication authentication device provided according to an embodiment of this application is shown.

[0021] The above figures include the following reference numerals:

[0022] 102. Processor; 104. Memory; 106. Transmission device; 108. Input / output device. Detailed Implementation

[0023] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other. This application will now be described in detail with reference to the accompanying drawings and embodiments.

[0024] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0025] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate for the embodiments of this application described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0026] As described in the background section, the accuracy of determining whether the security parameter information of the access point is incorrect is low in the prior art. To solve the above problem, the embodiments of this application provide a wireless communication authentication method, a wireless communication authentication device, a computer-readable storage medium, and a communication system.

[0027] The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

[0028] The methods and embodiments provided in this application can be executed on a mobile terminal, computer terminal, or similar computing device. Taking running on a mobile terminal as an example, Figure 1 This is a hardware structure block diagram of a mobile terminal for a wireless communication authentication method according to an embodiment of the present invention. Figure 1 As shown, a mobile terminal may include one or more ( Figure 1 Only one is shown in the diagram. A processor 102 (which may include, but is not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.) and a memory 104 for storing data are also shown. The mobile terminal may further include a transmission device 106 for communication functions and an input / output device 108. Those skilled in the art will understand that... Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the mobile terminal described above. For example, the mobile terminal may also include components that are more... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown.

[0029] The memory 104 can be used to store computer programs, such as application software programs and modules, like the computer program corresponding to the wireless communication authentication method in this embodiment of the invention. The processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, thereby implementing the above-described method. The memory 104 may include high-speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor 102, and these remote memories can be connected to the mobile terminal via a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof. The transmission device 106 is used to receive or send data via a network. Specific examples of the aforementioned networks may include wireless networks provided by the mobile terminal's communication provider. In one example, the transmission device 106 includes a network interface controller (NIC), which can be connected to other network devices via a base station to communicate with the Internet. In one example, the transmission device 106 may be a radio frequency (RF) module, which is used to communicate with the Internet wirelessly.

[0030] This embodiment provides an authentication method for wireless communication that runs on a mobile terminal, computer terminal, or similar computing device. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0031] Figure 2 This is a flowchart of a wireless communication authentication method according to an embodiment of this application. Figure 2 As shown, this method is applied to a site that communicates with an access point. The method includes the following steps:

[0032] Step S201: Obtain the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0033] Specifically, an access point (AP) is a physical or logical location connected to a network or system for data transmission and exchange. For example, in the Internet, an access point can be a router, switch, or modem. A station (STA) can be a wireless module such as a mobile phone or computer.

[0034] Step S202: If it is determined that the network to join the above access point is to be joined, first authentication response information is obtained, and it is determined whether the above access point is successfully authenticated based on the first authentication response information. If the above access point is not successfully authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received. The start time of the predetermined time period is after the time corresponding to the time when the above access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the above access point, and the authentication information corresponds one-to-one with the above second authentication response information.

[0035] Specifically, if the access point authentication fails, the site will send authentication information to the access point multiple times to attempt reconnection. This reconnection process takes approximately one minute. During this minute, the site will send multiple authentication messages and receive multiple corresponding second authentication response messages. These second authentication response messages may indicate successful authentication or authentication failure.

[0036] Step S203: Determine that the security parameter information of the access point is incorrect, at least based on a first quantity, wherein the first quantity is the number of access point authentication failures represented by the second authentication response information within the predetermined time period.

[0037] Specifically, the first quantity mentioned above refers to the number of access point authentication failures determined based on the second authentication response information during the reconnection process.

[0038] In this embodiment, firstly, the probe response information of the access point is obtained, and based on the probe response information, it is determined whether to join the access point's network. Then, if joining the access point's network is confirmed, first authentication response information is obtained, and based on the first authentication response information, it is determined whether the access point authentication is successful. If the access point authentication fails, authentication information is repeatedly sent multiple times within a predetermined time period, and multiple second authentication response messages are received. Finally, based on at least a first number, it is determined that the access point's security parameter information contains errors. This method, based on determining whether the access point authentication is successful according to the first authentication response information, and retrying the connection for a period of time, uses the second authentication response information within that time period to represent the number of unsuccessful access point authentications, thereby determining whether the access point's security parameter information contains errors. This improves the accuracy of the judgment and solves the problem of low accuracy in judging whether the access point's security parameter information contains errors in the prior art.

[0039] In specific implementation, step S201 can be achieved through the following steps: Step S2011, sending probe request information to the access point, wherein the probe request information is used to indicate that the site requests to connect with the access point; Step S2012, receiving the response information of the probe request information sent by the access point, and obtaining the probe response information. This method can further quickly obtain the probe request information.

[0040] Specifically, the wireless connection between the site and the access point consists of four phases: scanning, association, authentication, and DHCP IP address acquisition. In fact, the process of obtaining probe request and response information is the scanning process described above. During the scanning phase, the wireless device actively or passively scans for surrounding wireless networks to find available networks. When actively scanning, the device sends a radio beacon request to receive broadcast beacons from nearby networks. When passively scanning, the device receives beacons from nearby networks and selects one to connect to.

[0041] To further expedite the acquisition of the aforementioned first authentication information, step S202 of this application can be implemented through the following steps: Step S2021, sending the aforementioned authentication information to the aforementioned access point; Step S2022, receiving the response information of the aforementioned authentication information sent by the aforementioned access point, thereby obtaining the aforementioned first authentication response information.

[0042] Specifically, in the association phase between the site and the access point, after the site selects a network to connect to, it sends an association request to the network's access point. The access point confirms the device's association request and sends an association response to the device to establish a connection between the device and the network. Next, the authentication phase begins, where the site and the network's access point authenticate each other to confirm whether the device has permission to connect to the network. This typically involves the device sending an authentication request to the access point, which then performs authentication upon receiving the request and sends an authentication response to the site.

[0043] The aforementioned first authentication response information includes an authentication message, which includes a reason code. Step S202 can also be implemented in other ways, such as: step S2023, obtaining an error code and determining whether the reason code and the error code are the same, wherein the error code is used to indicate that the connection between the access point and the site timed out during the EAPOL phase; step S2024, if the reason code and the error code are the same, determining that the access point authentication failed. This method, based on the reason code of the authentication message, can further quickly determine that the access point authentication failed.

[0044] Specifically, EAPOL (Extensible Authentication Protocol over LAN) is a protocol used in wireless network connections for authentication and key management between clients and access points. The EAPOL phase refers to the stage during the connection process where the client and access point perform an EAPOL handshake and exchange EAP messages. During this phase, the client and access point authenticate each other and negotiate encryption keys by exchanging EAPOL messages to ensure a secure connection to the wireless network. Typically, error code 15 is used to indicate a connection timeout during the EAPOL phase for the aforementioned access point and site.

[0045] In some embodiments, step S203 can be implemented through the following steps: Step S2031, obtaining the total number of the second authentication response information received within the predetermined time period, and calculating the ratio of the first quantity to the total number to obtain a quantity ratio; Step S2032, determining whether the quantity ratio is less than a ratio threshold, and if the quantity ratio is less than the ratio threshold, determining that the security parameter information of the access point is erroneous. This method can further improve the accuracy of determining whether the security parameter information of the access point is erroneous.

[0046] In one specific embodiment, the aforementioned first quantity is the number of authentication messages with error code 15 during the reconnection process. The aforementioned ratio threshold can range from 60% to 80%.

[0047] In some embodiments, step S203 can be further implemented through the following steps: Step S2033, obtaining a second quantity, wherein the second quantity is the number of consecutive second authentication response messages representing unsuccessful authentication of the access point from the first quantity; Step S2034, determining whether the second quantity is greater than a quantity threshold, and if the second quantity is greater than the quantity threshold, determining that the security parameter information of the access point is erroneous. This method can further improve the accuracy of determining whether the security parameter information of the access point is erroneous.

[0048] In one specific embodiment, the second quantity refers to the number of consecutive authentication messages with error code 15 that occur during the reconnection process. The threshold for this quantity can be 3 to 5.

[0049] In another embodiment, step S203 is followed by step S204, whereby the site does not establish a connection with the access point. This method can further improve the communication quality between the site and the access point.

[0050] Specifically, since the above method can determine that the wireless security parameters sent by the site are incorrect, it indicates that the site may be in a complex wireless communication environment, such as receiving significant radio frequency interference or co-channel interference. Therefore, it is advisable to choose not to connect to this access point and instead select another access point, or to select another site to connect to this access point. Alternatively, technicians can manually reconfigure the wireless security parameters to ensure compatibility between the access point and the site.

[0051] To enable those skilled in the art to better understand the technical solution of this application, the implementation process of the wireless communication authentication method of this application will be described in detail below with reference to specific embodiments.

[0052] This embodiment relates to a specific authentication method for wireless communication, such as... Figure 3 As shown, it includes the following steps:

[0053] Step S1: The module initiates a connection to the router;

[0054] Step S2: Enter the EAPOL stage;

[0055] Step S3: Determine if the reason code is 15, where 15 is used to indicate a four-way handshake timeout;

[0056] Step S4: A password error is determined if one of the following conditions is met: Collect the reason code values ​​within 1 minute of reconnection. If the weight of reason code value 15 is greater than 70%, it is determined to be a password error; If the reason code value corresponding to four consecutive reconnection processes is 15 during the module's reconnection to the router, it is determined to be a password error.

[0057] This application also provides a wireless communication authentication device. It should be noted that the wireless communication authentication device of this application can be used to execute the wireless communication authentication method provided in this application. This device is used to implement the above embodiments and preferred embodiments; details already described will not be repeated. As used below, the term "module" can refer to a combination of software and / or hardware that implements a predetermined function. Although the device described in the following embodiments is preferably implemented in software, hardware implementation, or a combination of software and hardware, is also possible and contemplated.

[0058] The following describes the wireless communication authentication device provided in the embodiments of this application.

[0059] Figure 4 This is a schematic diagram of a wireless communication authentication device according to an embodiment of this application. Figure 4 As shown, the device includes:

[0060] The acquisition unit 10 is used to acquire the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0061] Specifically, an access point (AP) is a physical or logical location connected to a network or system for data transmission and exchange. For example, in the Internet, an access point can be a router, switch, or modem. A station (STA) can be a wireless module such as a mobile phone or computer.

[0062] The receiving unit 20 is configured to, upon determining that the network to which the access point has joined is to acquire first authentication response information and determine whether the access point has been successfully authenticated based on the first authentication response information; if the access point has failed to be authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, receive multiple second authentication response information; wherein the start time of the predetermined time period is after the time corresponding to the time when the access point has failed to be authenticated is determined; the authentication information is used to authenticate the identity of the access point; and the authentication information corresponds one-to-one with the second authentication response information.

[0063] Specifically, if the access point authentication fails, the site will send authentication information to the access point multiple times to attempt reconnection. This reconnection process takes approximately one minute. During this minute, the site will send multiple authentication messages and receive multiple corresponding second authentication response messages. These second authentication response messages may indicate successful authentication or authentication failure.

[0064] The determining unit 30 is configured to determine, at least based on a first quantity, that the security parameter information of the access point is erroneous, wherein the first quantity is the number of times the second authentication response information indicates that the access point authentication failed within the predetermined time period.

[0065] Specifically, the first quantity mentioned above refers to the number of access point authentication failures determined based on the second authentication response information during the reconnection process.

[0066] In this embodiment, the acquisition unit acquires the probe response information of the access point and determines whether to join the access point's network based on the probe response information; the receiving unit, if it determines that it will join the access point's network, acquires the first authentication response information and determines whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, it repeatedly sends authentication information multiple times within a predetermined time period and receives multiple second authentication response information; the determining unit determines that the access point's security parameter information is erroneous based on at least a first number. The above device, based on determining whether the access point authentication is successful according to the first authentication response information, determines that the access point's security parameter information is erroneous during a retry connection period by using the second authentication response information within that time period to represent the number of unsuccessful access point authentications, thereby improving the accuracy of the judgment and solving the problem of low accuracy in judging whether the access point's security parameter information is erroneous in the prior art.

[0067] In its specific implementation, the acquisition unit includes a first sending module and a first receiving module. The first sending module sends probe request information to the access point, wherein the probe request information indicates that the site requests to connect to the access point. The first receiving module receives response information from the access point to the probe request information, thereby obtaining the probe response information. This device can further acquire the probe request information more quickly.

[0068] Specifically, the wireless connection between the site and the access point consists of four phases: scanning, association, authentication, and DHCP IP address acquisition. In fact, the process of obtaining probe request and response information is the scanning process described above. During the scanning phase, the wireless device actively or passively scans for surrounding wireless networks to find available networks. When actively scanning, the device sends a radio beacon request to receive broadcast beacons from nearby networks. When passively scanning, the device receives beacons from nearby networks and selects one to connect to.

[0069] To further expedite the acquisition of the aforementioned first authentication information, the receiving unit of this application includes a second sending module and a third receiving module. The second sending module is used to send the authentication information to the access point; the second receiving module is used to receive the response information of the authentication information sent by the access point, thereby obtaining the aforementioned first authentication response information.

[0070] Specifically, in the association phase between the site and the access point, after the site selects a network to connect to, it sends an association request to the network's access point. The access point confirms the device's association request and sends an association response to the device to establish a connection between the device and the network. Next, the authentication phase begins, where the site and the network's access point authenticate each other to confirm whether the device has permission to connect to the network. This typically involves the device sending an authentication request to the access point, which then performs authentication upon receiving the request and sends an authentication response to the site.

[0071] The aforementioned first authentication response information includes an authentication message, which includes a reason code. The receiving unit further includes a first acquisition module and a first determination module. The first acquisition module is used to acquire an error code and determine whether the reason code and the error code are the same. The error code indicates that the connection between the access point and the site timed out during the EAPOL phase. The first determination module is used to determine that the access point authentication failed if the reason code and the error code are the same. Based on the reason code in the authentication message, the device can further quickly determine that the access point authentication failed.

[0072] Specifically, EAPOL (Extensible Authentication Protocol over LAN) is a protocol used in wireless network connections for authentication and key management between clients and access points. The EAPOL phase refers to the stage during the connection process where the client and access point perform an EAPOL handshake and exchange EAP messages. During this phase, the client and access point authenticate each other and negotiate encryption keys by exchanging EAPOL messages to ensure a secure connection to the wireless network. Typically, error code 15 is used to indicate a connection timeout during the EAPOL phase for the aforementioned access point and site.

[0073] In some embodiments, the determining unit includes a second acquisition module and a second determining module. The second acquisition module is used to acquire the total number of the second authentication response information received within the predetermined time period, and calculate the ratio of the first quantity to the total number to obtain a quantity ratio. The second determining module is used to determine whether the quantity ratio is less than a ratio threshold. If the quantity ratio is less than the ratio threshold, it is determined that the security parameter information of the access point is erroneous. This device can further improve the accuracy of determining whether the security parameter information of the access point is erroneous.

[0074] In one specific embodiment, the aforementioned first quantity is the number of authentication messages with error code 15 during the reconnection process. The aforementioned ratio threshold can range from 60% to 80%.

[0075] In some embodiments, the determining unit includes a third acquisition module and a third determining module. The third acquisition module acquires a second quantity, which is the number of consecutive second authentication response messages representing unsuccessful authentication of the access point within the first quantity. The third determining module determines whether the second quantity is greater than a quantity threshold. If the second quantity is greater than the quantity threshold, it determines that the security parameter information of the access point is erroneous. This device can further improve the accuracy of determining whether the security parameter information of the access point is erroneous.

[0076] In one specific embodiment, the second quantity refers to the number of consecutive authentication messages with error code 15 that occur during the reconnection process. The threshold for this quantity can be 3 to 5.

[0077] In another embodiment, the apparatus further includes a processing unit for the site to not establish a connection with the access point. This apparatus can further improve the communication quality between the site and the access point.

[0078] Specifically, since the above method can determine that the wireless security parameters sent by the site are incorrect, it indicates that the site may be in a complex wireless communication environment, such as receiving significant radio frequency interference or co-channel interference. Therefore, it is advisable to choose not to connect to this access point and instead select another access point, or to select another site to connect to this access point. Alternatively, technicians can manually reconfigure the wireless security parameters to ensure compatibility between the access point and the site.

[0079] The aforementioned wireless communication authentication device includes a processor and a memory. The acquisition unit, receiving unit, and determining unit are all stored as program units in the memory, and the processor executes these program units to achieve their respective functions. All of the above modules reside in the same processor; alternatively, the modules may be located in different processors in any combination.

[0080] The processor contains a kernel, which retrieves the corresponding program units from memory. One or more kernels can be configured, and authentication for wireless communication is performed by adjusting kernel parameters.

[0081] The memory may include non-permanent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.

[0082] This invention provides a computer-readable storage medium including a stored program, wherein, when the program is executed, it controls the device containing the computer-readable storage medium to perform the wireless communication authentication method.

[0083] Specifically, authentication methods for wireless communication include:

[0084] Step S201: Obtain the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0085] Specifically, an access point (AP) is a physical or logical location connected to a network or system for data transmission and exchange. For example, in the Internet, an access point can be a router, switch, or modem. A station (STA) can be a wireless module such as a mobile phone or computer.

[0086] Step S202: If it is determined that the network to join the above access point is to be joined, first authentication response information is obtained, and it is determined whether the above access point is successfully authenticated based on the first authentication response information. If the above access point is not successfully authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received. The start time of the predetermined time period is after the time corresponding to the time when the above access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the above access point, and the authentication information corresponds one-to-one with the above second authentication response information.

[0087] Specifically, if the access point authentication fails, the site will send authentication information to the access point multiple times to attempt reconnection. This reconnection process takes approximately one minute. During this minute, the site will send multiple authentication messages and receive multiple corresponding second authentication response messages. These second authentication response messages may indicate successful authentication or authentication failure.

[0088] Step S203: Determine that the security parameter information of the access point is incorrect, at least based on a first quantity, wherein the first quantity is the number of access point authentication failures represented by the second authentication response information within the predetermined time period.

[0089] Specifically, the first quantity mentioned above refers to the number of access point authentication failures determined based on the second authentication response information during the reconnection process.

[0090] This invention provides a processor for running a program, wherein the program executes the authentication method for wireless communication.

[0091] Specifically, authentication methods for wireless communication include:

[0092] Step S201: Obtain the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0093] Specifically, an access point (AP) is a physical or logical location connected to a network or system for data transmission and exchange. For example, in the Internet, an access point can be a router, switch, or modem. A station (STA) can be a wireless module such as a mobile phone or computer.

[0094] Step S202: If it is determined that the network to join the above access point is to be joined, first authentication response information is obtained, and it is determined whether the above access point is successfully authenticated based on the first authentication response information. If the above access point is not successfully authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received. The start time of the predetermined time period is after the time corresponding to the time when the above access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the above access point, and the authentication information corresponds one-to-one with the above second authentication response information.

[0095] Specifically, if the access point authentication fails, the site will send authentication information to the access point multiple times to attempt reconnection. This reconnection process takes approximately one minute. During this minute, the site will send multiple authentication messages and receive multiple corresponding second authentication response messages. These second authentication response messages may indicate successful authentication or authentication failure.

[0096] Step S203: Determine that the security parameter information of the access point is incorrect, at least based on a first quantity, wherein the first quantity is the number of access point authentication failures represented by the second authentication response information within the predetermined time period.

[0097] Specifically, the first quantity mentioned above refers to the number of access point authentication failures determined based on the second authentication response information during the reconnection process.

[0098] This invention provides a device including a processor, a memory, and a program stored in the memory and executable on the processor. When the processor executes the program, it performs at least the following steps:

[0099] Step S201: Obtain the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0100] Step S202: If it is determined that the network to join the above access point is to be joined, first authentication response information is obtained, and it is determined whether the above access point is successfully authenticated based on the first authentication response information. If the above access point is not successfully authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received. The start time of the predetermined time period is after the time corresponding to the time when the above access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the above access point, and the authentication information corresponds one-to-one with the above second authentication response information.

[0101] Step S203: Determine that the security parameter information of the access point is incorrect, at least based on a first quantity, wherein the first quantity is the number of access point authentication failures represented by the second authentication response information within the predetermined time period.

[0102] The devices mentioned in this article can be servers, PCs, tablets, mobile phones, etc.

[0103] This application also provides a computer program product, which, when executed on a data processing device, is suitable for executing an initialization program having at least the following method steps:

[0104] Step S201: Obtain the detection response information of the access point and determine whether to join the network of the access point based on the detection response information. The detection response information is used to characterize the existence of the access point and includes at least the security parameter information of the access point.

[0105] Step S202: If it is determined that the network to join the above access point is to be joined, first authentication response information is obtained, and it is determined whether the above access point is successfully authenticated based on the first authentication response information. If the above access point is not successfully authenticated, after repeatedly sending authentication information multiple times within a predetermined time period, multiple second authentication response information is received. The start time of the predetermined time period is after the time corresponding to the time when the above access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the above access point, and the authentication information corresponds one-to-one with the above second authentication response information.

[0106] Step S203: Determine that the security parameter information of the access point is incorrect, at least based on a first quantity, wherein the first quantity is the number of access point authentication failures represented by the second authentication response information within the predetermined time period.

[0107] It is obvious to those skilled in the art that the modules or steps of the present invention described above can be implemented using general-purpose computing devices. They can be centralized on a single computing device or distributed across a network of multiple computing devices. They can be implemented using computer-executable program code, and thus can be stored in a storage device for execution by a computing device. In some cases, the steps shown or described can be performed in a different order than those described herein, or they can be fabricated as separate integrated circuit modules, or multiple modules or steps can be fabricated as a single integrated circuit module. Thus, the present invention is not limited to any particular combination of hardware and software.

[0108] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0109] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0110] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0111] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0112] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0113] Memory may include non-persistent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0114] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0115] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0116] As can be seen from the above description, the embodiments of this application achieve the following technical effects:

[0117] 1) The wireless communication authentication method of this application first obtains the probe response information of the access point and determines whether to join the access point's network based on the probe response information; then, if it is determined that the access point's network has been joined, it obtains the first authentication response information and determines whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, it repeatedly sends authentication information multiple times within a predetermined time period and receives multiple second authentication response information; finally, it determines that the access point's security parameter information is erroneous based at least on a first quantity. The above method, based on determining whether the access point authentication is successful according to the first authentication response information, and retrying the connection for a period of time, uses the second authentication response information within that time period to represent the number of unsuccessful access point authentications, thereby determining whether the access point's security parameter information is erroneous. This improves the accuracy of the judgment and solves the problem of low accuracy in judging whether the access point's security parameter information is erroneous in the prior art.

[0118] 2) The wireless communication authentication device of this application includes an acquisition unit that acquires the probe response information of an access point and determines whether to join the access point's network based on the probe response information; a receiving unit that, upon determining that it will join the access point's network, acquires first authentication response information and determines whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, it repeatedly sends authentication information multiple times within a predetermined time period and receives multiple second authentication response information; and a determining unit determines that the access point's security parameter information is erroneous based on at least a first number. This device, based on determining whether the access point authentication is successful according to the first authentication response information, determines that the access point's security parameter information is erroneous during a retry connection period by using the second authentication response information within that time period to represent the number of unsuccessful access point authentications. This improves the accuracy of the judgment and solves the problem of low accuracy in judging whether the access point's security parameter information is erroneous in the prior art.

[0119] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.

Claims

1. A method for authenticating a wireless communication, the method comprising: The method is applied to a site that communicates with an access point, and the method includes: Obtain the probe response information of the access point, and determine whether to join the network of the access point based on the probe response information, wherein the probe response information is used to characterize the existence of the access point, and the probe response information includes at least the security parameter information of the access point; If the network to which the access point is to be joined is determined, a first authentication response is obtained, and the access point is determined to be successfully authenticated based on the first authentication response. If the access point is not successfully authenticated, the authentication information is repeatedly sent multiple times within a predetermined time period, and then multiple second authentication response messages are received. The start time of the predetermined time period is after the time corresponding to the time when the access point is not successfully authenticated is determined. The authentication information is used to authenticate the identity of the access point, and the authentication information corresponds one-to-one with the second authentication response information. Based on at least a first quantity, it is determined that the security parameter information of the access point is erroneous, wherein the first quantity is the number of times the second authentication response information indicates that the access point authentication failed within the predetermined time period.

2. The method of claim 1, wherein, Obtaining the detection response information of the access point includes: Send a probe request message to the access point, wherein the probe request message is used to indicate that the site requests to connect to the access point; The system receives the response information of the probe request information sent by the access point, and obtains the probe response information.

3. The method of claim 1, wherein, Obtain the first authentication response information, including: Send the authentication information to the access point; The system receives the response information of the authentication information sent by the access point to obtain the first authentication response information.

4. The method of claim 1, wherein, The first authentication response information includes an authentication message, the authentication message including a reason code. Determining whether the access point is successfully authenticated based on the first authentication response information includes: Obtain the error code and determine whether the reason code is the same as the error code, wherein the error code is used to characterize the connection timeout between the access point and the site during the EAPOL phase; If the reason code and the error code are the same, it is determined that the access point authentication failed.

5. The method according to any one of claims 1 to 4, characterized in that, Based on at least a first quantity, it is determined that the security parameter information of the access point contains errors, including: Obtain the total number of the second authentication response information received within the predetermined time period, and calculate the ratio of the first quantity to the total number to obtain the quantity ratio; Determine whether the quantity ratio is less than a ratio threshold. If the quantity ratio is less than the ratio threshold, determine that the security parameter information of the access point is incorrect.

6. The method of claim 1, wherein, Based on at least a first quantity, it is determined that the security parameter information of the access point contains errors, including: Obtain a second quantity, which is the number of consecutive second authentication response messages representing unsuccessful authentication of the access point from the first quantity; Determine whether the second quantity is greater than a quantity threshold. If the second quantity is greater than the quantity threshold, determine that the security parameter information of the access point is incorrect.

7. The method of claim 1, wherein, After determining that the security parameter information of the access point is incorrect, the method further includes: the site not establishing a connection with the access point.

8. An authentication device for wireless communication, characterized in that, The device is applied to a site that communicates with an access point, and the device includes: An acquisition unit is configured to acquire the probe response information of the access point and determine whether to join the network of the access point based on the probe response information, wherein the probe response information is used to characterize the existence of the access point and the probe response information includes at least the security parameter information of the access point; The receiving unit is configured to, upon determining that the network to which the access point has joined is joined, acquire first authentication response information and determine whether the access point has been successfully authenticated based on the first authentication response information; if the access point authentication fails, after repeatedly sending authentication information multiple times within a predetermined time period, receive multiple second authentication response information, wherein the start time of the predetermined time period is after the time corresponding to the time when the access point authentication fails is determined; the authentication information is used to authenticate the identity of the access point; and the authentication information corresponds one-to-one with the second authentication response information. A determining unit is configured to determine, based at least a first quantity, that the security parameter information of the access point contains errors, wherein the first quantity is the number of times the second authentication response information indicates that the access point authentication failed within the predetermined time period.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a stored program, wherein, when the program is executed, it controls the device on which the computer-readable storage medium is located to perform the method according to any one of claims 1 to 7.

10. A communication system, characterized by include: One or more processors, a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising methods for performing any one of claims 1 to 7.

Images