Method and system for securely accessing portable hotspot for intelligent mobile phones

摘要

A method and a system for securely accessing a portable hotspot for intelligent mobile phones, comprises an intelligent mobile phone used as an AP and another intelligent mobile phone used as an STA. The AP comprises an AP NFC module and a first data transmission module; and the STA comprises an STA NFC module and a second data transmission module. The AP uses the NFC module to perform a WPA security authentication with the STA, and uses the first data transmission module to perform data encrypted transmission with the second data transmission module. In the method and the system of the present disclosure, the common WLAN authentication mechanism is not adopted, and the security authentication process between the AP and the STA is completed in the NFC manner instead.

主权项

1. A method for securely accessing a portable hotspot for intelligent mobile phones, which comprises an intelligent mobile phone used as an access point (AP) and another intelligent mobile phone used as a station (STA), the method comprising following steps of:
A. disposing near field communication (NFC) modules in the AP and the STA respectively; B. enabling the AP and the STA to perform Wi-Fi Protected Access (WPA) security authentication in an NFC manner, wherein the step B specifically comprises following steps of interacting in the NFC manner: B1. obtaining a pre-shared key (PSK) and a pairwise master key (PMK) by the AP according to a password, a service set identifier (SSID), an SSID length and 4096; B2. broadcasting the SSID, a network equipment hardware address of the AP, and a first random number by the AP to the STA; and generating a second random number as well as the PSK and the PMK, obtaining a pairwise transient key (PTK) according to the PMK, the network equipment hardware address of the AP, a network equipment hardware address of the STA, the first random number and the second random number, forming a message integrity check keyword (MIC KEY) according to front 16 bytes of the PTK, and generating an MIC according to the MIC KEY and the 802.1x protocol data by the STA; B3. transmitting the second random number, the network equipment hardware address of the STA, the 802.1x protocol data and the MIC by the STA to the AP; and obtaining the PTK according to the PMK, the network equipment hardware address of the AP, the network equipment hardware address of the STA, the first random number and the second random number, forming the MIC KEY according to the front 16 bytes of the FIXTK, and then calculating an MIC′ according to the MIC KEY and the 802.1x protocol data by the AP, wherein if MIC=MIC′, then the authentication is successful, and otherwise, the authentication fails; C. disposing a first data transmission module and a second data transmission module in the AP and the STA respectively so that data encrypted transmission is performed between the AP and the STA via the first data transmission module and the second data transmission module.