Patent Application
20180027025
The present document relates to the field of wireless communication in a mobile communication system, and more particularly, to a hotspot configuration method, access method and device in a wireless local area network (WLAN).
WLAN refers to using wireless communication technologies to interconnect computer devices to constitute into a network system achieving inter-communication and resources sharing. The wireless LAN is characterized by the nature that computers are connected to a network in a wireless manner rather than by using communication cables, so that the construction of the network and the mobility of terminals are more flexible.
The wireless fidelity (WiFi) technology is essentially a commercial certification. Wi-Fi certified products meet the IEEE 802.11b wireless network specification which is currently the most widely used standard in WLAN and the band of which is 2.4 GHz. In the worldwide, the WiFi-based WLAN has become increasingly popular, and its coverage is more and more widespread. The WLAN has become a new lifestyle of more and more people, especially of young people, due to WLAN's charm of infinite freedom. People want to use the WLAN for quickly and easily surfing the Internet, browsing or downloading information in more and more public places.
Faced with the conflict between the growing mobile data needs and the bottleneck of traffic in the mobile data network, operators have been already aware that the WLAN will become an important mobile Internet access service, and they deploy the WLAN in advance and expand the scale of WLAN coverage.
In the related art, the WLAN can be deployed in two ways: the first way, deploying the WLAN in an encrypted manner; and the second way, deploying the WLAN in an unencrypted manner.
In the process of implementing the present document, at least the following drawbacks have been found in the existing WLAN deployment schemes:
1) The first way deploys the WLAN in an encrypted way. When users connect to the WLAN, they need to acquire key information through a certain channel such as a way of inquiry. In such a way, it is not convenient for users to use the WLAN in public places.
2) The second way deploys the WLAN in an unencrypted way, i.e., an Open way. The users do not need a key to connect to the WLAN, and they can use it easily. However, currently most public WiFi environments lack or even have no security and protection measures, so it results in that attackers can easily access the WLAN and intercept data in the WLAN through network monitoring. In this case, any information transferred by the users in the WLAN will be exposed to the attackers, and the attackers can intercept user information such as user name, password, Internet records, device information, chat records and e-mail content. Therefore, using the Open way to deploy the WLAN has a great security risk and seriously threats the information security of the users.
In addition, in the second way, when a user establishes a connection with the WLAN, the user is first redirected to a user login page by a way of WEB Portal, and then the user is asked to enter a user name and a password to authenticate the user identity. However, the identity authentication is mainly used for identifying the user identity and billing processing, but does not help to protect a communication link of the user accessing to the WLAN.
In view of this, embodiments of the present document desires to provide a hotspot configuration method, access method and device in a WLAN to ensure the security of data communication in the WLAN on the premise of not affecting the user experience.
The technical scheme of the present document is implemented as follows.
An embodiment of the present document provides a hotspot configuration method in a WLAN. The method includes: a wireless access point configuring a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, herein a service set identifier, SSID, of the first hotspot is the same as an SSID of the second hotspot; and configuring a switching policy between the first hotspot and the second hotspot, herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
An embodiment of the present document provides an access method in a WLAN. The method includes: configuring a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, and a switching policy between the first hotspot and the second hotspot, herein a service set identifier, SSID, of the first hotspot is the same as an SSID of the second hotspot; and the method further includes: a wireless access point receiving a WPS request message sent by a terminal through a first link; transferring the WPS request message from the first link corresponding to the first hotspot to a second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and establishing a WPS session negotiation procedure with the terminal through the second link; herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot.
According to the abovementioned method, an embodiment of the present document provides a wireless access point. The wireless access point includes: a first configuration module and a second configuration module.
The first configuration module is arranged to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, herein an SSID of the first hotspot is the same as an SSID of the second hotspot.
The second configuration module is arranged to configure a switching policy between the first hotspot and the second hotspot, herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
According to the abovementioned method, an embodiment of the present document also provides a wireless access point. The wireless access point includes: a first configuration module, a second configuration module, a receiving module and a connection management module.
The first configuration module is arranged to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, herein an SSID of the first hotspot is the same as an SSID of the second hotspot.
The second configuration module is arranged to configure a switching policy between the first hotspot and the second hotspot, herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
The receiving module is arranged to receive a WPS request message sent by the terminal through a first link.
The connection management module is arranged to transfer the WPS request message from the first link corresponding to the first hotspot to a second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and establish a WPS session negotiation procedure with the terminal through the second link; herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot.
In the hotspot configuration method, access method and device in the WLAN provided by the embodiments of the present document, a wireless access point configures a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, and an SSID of the first hotspot is the same as an SSID of the second hotspot; and configures a switching policy between the first hotspot and the second hotspot. Herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot. In such a way, with the embodiments of the present document, the first hotspot with the unencrypted attribute is configured for users easily accessing the WLAN; the second hotspot with the encrypted attribute is configured to further ensure the security of the communication link in the WLAN; and, a communication connection can be established between the first hotspot and the second hotspot through the switching policy between the first hotspot and the second hotspot.
Alternatively, in an embodiment of the present document, after configuring the first hotspot, the second hotspot and the switching policy between the first hotspot and the second hotspot, a WPS request message sent by the terminal can be received through a first link, and the WPS request message is transferred from the first link corresponding to the first hotspot to a second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and a WPS session negotiation procedure is established with the terminal through the second link. Herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot. In this way, the embodiment of the present document automatically switches the terminal from the first link with a lower security level to the second link with a higher security level, so that the security of the communication link in the WLAN can be guaranteed on the premise of not affecting the user experience.
In the embodiments of the present document, a wireless access point (AP) first configures a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, and an SSID of the first hotspot is the same as an SSID of the second hotspot. The wireless AP configures a switching policy between the first hotspot and the second hotspot. The switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot. Thereafter, when a user accesses the WLAN, a WPS request message sent by the terminal is received through a first link. Then WPS request message is transferred from the first link corresponding to the first hotspot to the second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and a WPS session negotiation procedure is established with the terminal through the second link. Herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot.
Herein, one hotspot corresponds to one virtual local area network (VLAN) in the WLAN, and network parameters of the hotspot include: an SSID, a security type, a network type, and the like. The network parameters of the first hotspot with the unencrypted attribute include: an SSID1, the security type which is an unencrypted type, and the network type which is a broadcasting type. The network parameters of the second hotspot with the encrypted attribute include: an SSID2, the security type which is an encrypted type, and the network type which is a non-broadcasting type. The SSID1 is the same as the SSID2.
In the following, the method and device of the present document will be further described in combination with the accompanying drawings and specific embodiments.
An embodiment of the present document provides a hotspot configuration method in a WLAN, and as shown in
In step S100: the wireless AP configures a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, and a service set identifier of the first hotspot is the same as a service set identifier of the second hotspot.
Herein, the network parameters of the first hotspot are configured as: an SSID1, a security type being an unencrypted type, and a network type being a broadcasting type. The network parameters of the second hotspot are: an SSID2, a security type being an encrypted type, and a network type being a non-broadcasting type. The SSID1 is the same as the SSID2.
Herein, the unencrypted type may be thane Open type. The encrypted type may be a WiFi Protected Access (WPA) or a WPA2 encrypted type. The unencrypted type and the encrypted type are not particularly limited.
Herein, the SSID1 of the first hotspot which is configured with the broadcasting type is visible, and the SSID2 of the second hotspot which is configured with the non-broadcasting type is invisible. When the terminal is within the network range of the public WLAN deployed by an operator, the user opens a WiFi connection function of the terminal, and the terminal can automatically searches out the first hotspot with the Open type by the WiFi connection function. Since the second hotspot is configured with a network type that does not broadcast the SSID, the terminal cannot search out the second hotspot by the conventional WiFi connection function.
Alternatively, it can be expanded to configure N mutually independent hotspots, where N is a positive integer. Correspondingly, corresponding network parameters are configured for each hotspot. Herein, the SSIDs of respective hotspots are the same. The network parameters corresponding to at least one hotspot in the N mutually independent hotspots are configured as: the network type which is the broadcasting type, and the security type which is the unencrypted type, so that the user can easily access the WLAN. The network parameters corresponding to at least one hotspot are configured as: the network type which is the non-broadcasting type, and the security type which is the encrypted type, so as to ensure the security of the communication link in the WLAN.
In step S101: a switching policy between the first hotspot and the second hotspot is configured, and the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
Herein, the switching policy is a connection switching policy between network parameters corresponding to the first hotspot and the second hotspot, and a connection channel is established between a network corresponding to the first hotspot and a network corresponding to the second hotspot according to the switching policy, so as to transfer messages in a WPS session negotiation procedure subsequently.
In the embodiment of the present document, the first hotspot of which the network type is the broadcasting type and the security type is the unencrypted type is configured to facilitate the user to access the WLAN. The second hotspot of which the network type is the non-broadcasting type and the security type is the encrypted type is configured to ensure the security of the communication link in the WLAN. And, a communication connection between the first hotspot and the second hotspot can be established based on the switching policy between the first hotspot and the second hotspot to subsequently transfer the messages in the WPS session negotiation procedure.
Based on the abovementioned method, an embodiment of the present document provides an access method in a WLAN. The wireless AP pre-configures a first hotspot, a second hotspot, and a switching policy between the first hotspot and the second hotspot; thereafter, when a user accesses the WLAN, the following steps are included as shown in
In step S201: the wireless AP receives a WPS request message sent by a terminal through a first link.
Herein, the first link is a link established between the terminal and the first hotspot.
In step S202: a connection channel between a network corresponding to the first hotspot and a network corresponding to the second hotspot is established according to the switching policy between the first hotspot and the second hotspot, and the WPS request message is sent from the first link corresponding to the first hotspot to a second link corresponding to the second hotspot through the connection channel.
Herein, the connection channel between the network corresponding to the first hotspot and the network corresponding to the second hotspot is established according to the switching policy between the first hotspot and the second hotspot. The WPS request message is transferred from the first link corresponding to the first hotspot to the second link corresponding to the second hotspot through the connection channel.
Herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot.
Alternatively, before receiving through the first link the WPS request message sent by the terminal, the method further includes: in step S200: a user identity of the terminal is verified in legality when receiving through the first link the network connection request sent by the terminal. If the verification is passed, a WPS session negotiation procedure is established with the terminal through the first link, and step S201 is proceeded. If the verification is not passed, the first link between the terminal and the first hotspot is disconnected, and the processing flow ends.
Herein, the specific implementation of verifying the user identity of the terminal in legality is as follows.
The network connection request is redirected to a Web authentication server set by the operator for access. At this time, the terminal can enter into a Web authentication website through a Web browser, and input a user name and a password of a WiFi service for verifying the WiFi service. The Web authentication server obtains the user name and the password input by the user, verifies the user identity of the terminal in legality according to the obtained user name and password, and then notifies the wireless AP and the terminal of a verification result.
In the embodiment of the present document, after configuring the first hotspot, the second hotspot, and the switching policy between the first hotspot and the second hotspot, the WPS request message sent by the terminal can be received through the first link, the WPS request message is transferred from the first link corresponding to the first hotspot to the second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and a WPS session negotiation procedure is established with the terminal through the second link. Herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot. Thus, the embodiment of the present document automatically switches from the first link with a lower security level to the second link with a higher security level, thereby the security of the communication link in the WLAN can be ensured on the premise of not affecting the user experience.
In order to explain the embodiments of the present document more clearly, the access flow in the WLAN according to the embodiments of the present document will be described in detail by taking an Embodiment One and an Embodiment Two hereinafter.
In the Embodiment One, a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, and a switching policy between the first hotspot and the second hotspot are pre-configured. Herein, the network parameters of the first hotspot are configured as: an SSID1 is Chinanet, a security type is an Open type, and a network type is a broadcasting type. The network parameters of the second hotspot are configured as: an SSID2 is Chinanet, a security type is a WAP2 encrypted type, and a network type is a non-broadcasting type.
When the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user opens a WiFi function of the terminal, and automatically searches out and displays visible hotspots within the current WLA network range through the WiFi function. The user selects and connects to the first hotspot of which the service set identifier is Chinanet, and establishes an Open link with the first hotspot.
The access flow in the WLAN according to the Embodiment One specifically includes, as shown in
In step S300: the wireless AP receives the network connection request sent by the terminal through the Open link.
In step S301: when receiving the network connection request sent by the terminal, the user identity of the terminal is verified in legality; if the verification is passed, the WPS session negotiation procedure is established with the terminal through the Open link, and step S302 is proceeded; if the verification is not passed, the Open link between the terminal and the first hotspot is disconnected, and the processing flow ends.
Herein, the specific implementation of verifying the user identity of the terminal in legality is as follows.
The network connection request is redirected to a Web authentication server set by the operator for access. At this time, the terminal can enter into a Web authentication website through a Web browser, and input a user name and a password of a WiFi service for verifying the WiFi service. The Web authentication server obtains the user name and the password input by the user, verifies the user identity of the terminal in legality according to the obtained user name and password, and then notifies the wireless AP and the terminal of a verification result to instruct the terminal to initiate a WPS processing flow.
Herein, when receiving a verification passed message, the terminal itself initiates the WPS processing flow, and sends the WPS request message to the wireless AP based on the established Open link at the same time.
In step S302: the WPS request message sent by the terminal is received through the Open link.
Herein, first the WPS session negotiation procedure is established with the terminal through the Open link, and the WPS request message sent by the terminal is received.
In step S303: the WPS request message is transferred from the Open link corresponding to the first hotspot to the WAP2 encrypted link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and the WPS session negotiation procedure is established with the terminal through the WAP2 encrypted link.
Herein, negotiating a key with the terminal and establishing data connection in the second link can ensure the security of the communication link in the WLAN.
In the network connection process of the Embodiment One of the present document, the operation procedure of the terminal is consistent with the operation procedure of connecting to the existing Open hotspot, and the terminal can establish a corresponding WPA2 protected encrypted link with the second hotspot without inputting the password of the second hotspot, then data are transmitted through the WPA2-protected encrypted link. In this way, the terminal can automatically switch from the Open link corresponding to the first hotspot to which is initially connected to the WPA2-protected encrypted link corresponding to the second hotspot, and perform the data transmission through the WPA2-protected encrypted link, so as to ensure the security of the communication link in the WLAN on the premise of not affecting the user experience.
Based on the configurations in the abovementioned Embodiment One, when the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user opens the WiFi function of the terminal and automatically searches out and displays visible hotspots within the current WLA network range through the WiFi function. The user selects and connects to the first hotspot of which the service set identifier is Chinanet, and establishes an Open link with the first hotspot.
The access flow in the WLAN in the Embodiment Two specifically includes, as shown in
In step S400: the wireless AP receives the network connection request sent by the terminal through the Open link.
In step S401: the WPS session negotiation procedure is established with the terminal through the Open link when the network connection request sent by the terminal is received.
In step S402: the WPS request message sent by the terminal is received through the first link.
In step S403: the WPS request message is transferred from the Open link corresponding to the first hotspot to the WAP2 encrypted link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and the WPS session negotiation procedure is established with the terminal through the WAP2 encrypted link. In order to realize the abovementioned methods, the embodiments of the present document further provide two kinds of wireless APs. Since the principles and methods for the wireless APs solving the problems are similar, the implementation process and implementation principle of the wireless AP can refer to the implementation process and implementation principle described above, and will not be repeated here.
As shown in
The first configuration module 500 is arranged to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, herein an SSID of the first hotspot is the same as an SSID of the second hotspot.
Herein, the network parameters of the first hotspot include: an SSID1, a security type being an unencrypted type, and a network type being a broadcasting type; network parameters of the second hotspot include: an SSID2, a security type being an encrypted type, and a network type being a non-broadcasting type; wherein the SSID1 is the same as the SSID2.
Herein, the unencrypted network type is an Open type; and the encrypted network type is a WPA2 type.
The second configuration module 501 is arranged to configure a switching policy between the first hotspot and the second hotspot, herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
For convenience to describe, various parts of the abovementioned wireless access point are functionally divided into various modules or units respectively based on functions. The division of the above functional units or modules is only an alternative implementation provided by the embodiments of the present document, and the division of the functional units or modules is not construed as limiting the present document.
As shown in
The first configuration module 500 is arranged to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, herein, the SSID of the first hotspot is the same as the SSID of the second hotspot.
The second configuration module 501 is arranged to configure a switching policy between the first hotspot and the second hotspot, herein the switching policy is used for switching a communication between a terminal and the first hotspot to a communication between the terminal and the second hotspot.
The receiving module 600 is arranged to receive a WPS request message sent by the terminal through a first link.
The connection management module 601 is arranged to transfer the WPS request message from the first link corresponding to the first hotspot to a second link corresponding to the second hotspot according to the switching policy between the first hotspot and the second hotspot, and establish a WPS session negotiation procedure with the terminal through the second link; herein, the first link is a link established between the terminal and the first hotspot, and the second link is a link established between the terminal and the second hotspot.
In a specific implementation, the wireless AP further includes:
a verification module, arranged to verify a user identity of the terminal in legality when receiving a network connection request sent by the terminal through the first link, and establish a WPS session negotiation procedure with the terminal through the first link after the verification is passed.
For convenience to describe, various parts of the abovementioned wireless access point are functionally divided into various modules or units respectively based on functions. The division of the above functional units or modules is only an alternative implementation provided by the embodiments of the present document, and the division of the functional units or modules is not construed as limiting the present document.
In a practical application, the wireless AP may be a simple wireless access point, a wireless router, a wireless gateway, or a wireless bridge, etc., with the automatic switching link function.
In a practical application, the first configuration module 500 and the second configuration module 501 may be implemented by a central processor unit (CPU), a microprocessor unit (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA) located in the wireless AP. The first configuration module 500, the second configuration module 501, the receiving module 600, and the connection management module 601 are implemented by a central processor unit (CPU), a microprocessor unit (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA) located in the wireless access point.
The method according to the present document is not limited to the examples in the specific embodiments. Other embodiments that are obtained by those skilled in the art according to the technical scheme of the present document are within the scope of the technical innovation of the present document.
It is apparent to those skilled in the art that, various changes and modifications can be made to the present document without departing from the spirit and scope of the present document. Thus, the present document is construed as including such changes and modifications insofar as they are within the scope of the appended claims of the present document and their equivalents.
Synthesized the embodiments of the present document, a wireless access point configures a first hotspot with an unencrypted attribute for users easily accessing the WLAN, configures a second hotspot with an encrypted attribute to further ensure the security of the communication link in the WLAN, and can establish a communication connection between the first hotspot and the second hotspot through a switching policy between the first hotspot and the second hotspot. Moreover, it can automatically switch a terminal from a first link with the lower security level to a second link with the higher security level, so that the security of the communication link in the WLAN can be guaranteed on the premise of not affecting the user experience.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201410356304.1 | Jul 2014 | CN | national |
This application is the U.S. national phase of PCT Application No. PCT/CN2015/074785 filed Mar. 20, 2015, which claims priority to Chinese Application No. 201410356304.1 filed Jul. 24, 2014, the disclosures of which are incorporated in their entirety by reference herein.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2015/074785 | 3/20/2015 | WO | 00 |
