(19)
(11)EP 3 200 421 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
26.06.2019 Bulletin 2019/26

(21)Application number: 17151620.6

(22)Date of filing:  16.01.2017
(51)International Patent Classification (IPC): 
H04W 12/06(2009.01)
H04W 12/08(2009.01)
H04L 29/06(2006.01)
H04W 84/12(2009.01)

(54)

METHOD, APPARATUS AND SYSTEM FOR ACCESSING WIRELESS LOCAL AREA NETWORK

VERFAHREN, VORRICHTUNG UND SYSTEM FÜR ZUGRIFF AUF EIN LOKALES DRAHTLOSES NETZWERK

PROCÉDÉ, APPAREIL ET SYSTÈME D'ACCÈS À UN RÉSEAU LOCAL SANS FIL


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 29.01.2016 CN 201610065643

(43)Date of publication of application:
02.08.2017 Bulletin 2017/31

(73)Proprietor: Beijing Xiaomi Mobile Software Co., Ltd.
Beijing 100085 (CN)

(72)Inventors:
  • CHEN, Yong
    Haidian District, Beijing 100085 (CN)
  • HUANG, Qiuzhi
    Haidian District, Beijing (CN)
  • QIAN, Zhuang
    Haidian District, Beijing 100085 (CN)

(74)Representative: Loustalan, Paul William 
Reddie & Grose LLP The White Chapel Building 10 Whitechapel High Street
London E1 8QS
London E1 8QS (GB)


(56)References cited: : 
US-A1- 2014 093 079
US-B1- 8 937 971
US-A1- 2015 350 910
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    TECHNICAL FIELD



    [0001] The present disclosure generally relates to a communication technology field, and more particularly relates to a method, apparatus and system for accessing a wireless local area network (LAN).

    BACKGROUND



    [0002] In the past, a coordination of a computer is often needed when photos are exported from a camera. As cameras having wireless fidelity (Wi-Fi) modules grow in popularity, a user may read photos in a camera directly by a smart device (such as a mobile phone) via Wi-Fi. The network card of a camera is set as an access point (AP) mode when camera mobile phone is coupled to the camera via Wi-Fi. In the AP mode, the camera may be used as a hotspot to enable the mobile phone to access the camera, such that the data in the camera may be read by the mobile phone after the mobile phone accesses a Wi-Fi generated by the camera, however, a network may not be accessed by the mobile phone. The camera may be set as a station mode (STA) mode, and other Wi-Fi may be coupled for accessing network in the STA mode.

    [0003] US 2014/0093079 relates to a method for securely joining a secure wireless communications network wherein a temporary wireless network is established between a new joiner device and a second wireless communications device which is already a member of a secure home wireless network and used to transfer credentials of the secure home network to the new joiner device.

    [0004] US8937971 describes a dual mode WLAN device for dense user environments that may switch between a station mode and an access point mode based on a detected threshold condition.

    SUMMARY



    [0005] According to the present invention, there are provided methods, apparatuses, computer programs and computer readable storage mediums which overcome the problems existing in the related art according to the independent claims.

    [0006] Where functional modules are referred to in apparatus embodiments for carrying out various steps of the described method(s) it will be understood that these modules may be implemented in hardware, in software, or a combination of the two. When implemented in hardware, the modules may be implemented as one or more hardware modules, such as one or more application specific integrated circuits. When implemented in software, the modules may be implemented as one or more computer programs that are executed on one or more processors.

    [0007] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure, as claimed.

    BRIEF DESCRIPTION OF THE DRAWINGS



    [0008] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and, together with the description, serve to explain the principles of the disclosure.

    Fig. 1 is a schematic diagram showing an implementation environment involved in each embodiment of the present disclosure.

    Fig. 2 is a flow chart showing a method for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 3 is a flow chart showing another method for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 4 is a flow chart showing yet another method for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 5 is a flow chart showing a method for accessing a wireless LAN according to another exemplary embodiment.

    Fig. 6A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 6B is a block diagram showing a decrypting module according to the embodiment shown in Fig. 6A.

    Fig. 6C is a block diagram showing another apparatus for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 6D is a block diagram showing a device identifying module according to the embodiment shown in Fig. 6C.

    Fig. 7A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 7B is a block diagram showing a judging/determining module according to the embodiment shown in Fig. 7A.

    Fig. 8A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 8B is a block diagram showing an acquiring module according to the embodiment shown in Fig. 8A.

    Fig. 8C is a block diagram showing a judging/determining module according to the embodiment shown in Fig. 8A.

    Fig. 9 is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment.

    Fig. 10 is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment.


    DETAILED DESCRIPTION



    [0009] Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments do not represent all implementations consistent with the disclosure. Instead, they are merely examples of apparatuses and methods consistent with aspects related to the disclosure as recited in the appended claims.

    [0010] At first, an application scene involved in the present disclosure is introduced before introductions of a method for accessing a wireless LAN according to the present disclosure are made. Fig. 1 is a schematic diagram showing an implementation environment involved in each embodiment of the present disclosure. As shown in Fig. 1, the implementation environment may comprise: a smart device 100, a routing device 200 and a server 300, in which the smart device 100 may support a wireless LAN, such as a camera having a Wi-Fi module, and the Wi-Fi module may support an AP mode and a STA mode. The routing device 200 may be a router. The server 300 may be a server or a server cluster consists of several servers, or may be a cloud computing service center. When the smart device 100 is in an AP mode, other terminals (such as a camera, a tablet PC, a smart television, a smart watch, a personal digital assistant (PDA), a portable computer, etc.) may be coupled to the smart device 100 via a wireless LAN generated by the smart device 100, and thus data (such as pictures, videos, etc.) in the smart device 100 may be read. The smart device 100 may access a network address of a server 300 and that of others via a wireless LAN generated by the routing device 200 when the smart device is in a STA mode.

    [0011] Fig. 2 is a flow chart showing a method for accessing a wireless LAN according to an exemplary embodiment, and the method may be applied in a smart device, in which the smart device may be a smart device 100 in the implementation environment shown in Fig. 1. As shown in Fig. 2, the method may comprise following steps.

    [0012] In step 201, a first wireless LAN generated by a routing device is accessed when the smart device is in a station mode, and an accessing permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden.

    [0013] The station mode is the STA mode. Because the smart device does not know a SSID (service set identifier) and a password of the routing device and the routing device does not know a security of the smart device, the smart device firstly accesses the first wireless LAN generated by the routing device, and the access permission of the first wireless LAN is restricted such that only accessing an address allowed by the access permission is permitted, for example, only the accessing of the address of the target server is permissible. The target server may be a specific server, for example, the target server and the routing device are made by a same manufacturer, and the target server is a server for providing a user with various services by the manufacturer, and therefore the target server may identify the smart device.

    [0014] In step 202, an encryption protocol packet including verification information sent by the routing device is received when it is determined that the smart device is a trusted device by the routing device.

    [0015] In step 203, after the target server determines that the smart device is a device meeting a predetermined condition, a decryption on the encryption protocol packet is performed according to decrypting information acquired from the target server to obtain verification information.

    [0016] In step 204, a second wireless LAN is accessed according to the verification information, in which the second wireless LAN has an unlimited access permission.

    [0017] Fig. 3 is a flow chart showing another method for accessing a wireless LAN according to an exemplary embodiment, and the method may be applied in a routing device, in which the routing device may be the routing device 200 in the implementation environment shown in Fig. 1. As shown Fig. 3, the method may comprise following steps.

    [0018] In step 301, whether a smart device is a trusted device is judged, that is to say determined, when the smart device accesses a first wireless LAN, and an accessing permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden.

    [0019] In step 302, if the smart device is the trusted device, an encryption protocol packet including verification information is sent to the smart device such that the smart device performs a decryption on the encryption protocol packet according to decrypting information acquired from a target server to obtain the verification information after the target server determines that the smart device is a device meeting a predetermined condition, and the smart device accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.

    [0020] Fig. 4 is a flow chart showing yet another method for accessing a wireless LAN according to an exemplary embodiment, and the method may be applied in a target server, and the target server may be the server 300 in the implementation environment shown in Fig. 1. As shown in Fig. 4, the method may comprise following steps.

    [0021] In step 401, decrypting information is acquired after a smart device receives an encryption protocol packet including verification information sent by a routing device via a first wireless LAN generated by the routing device, in which an accessing permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden.

    [0022] In step 402, it is judged, that is to say determined, whether the smart device is a device meeting a predetermined condition.

    [0023] In step 403, if the smart device is the device meeting the predetermined condition, decrypting information is sent to the smart device such that the smart device performs a decryption on the encryption protocol packet according to the decrypting information acquired from the target server to obtain the verification information, and accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.

    [0024] In conclusion, with the method for accessing the wireless LAN according to embodiments of the present disclosure, the first wireless LAN generated by the routing device is accessed when the smart device is in the station mode, and the access permission of the first wireless LAN is restricted such that accessing the address of the target server is permitted and accessing other addresses except for that of the target server is forbidden. The encryption protocol packet including verification information sent by the routing device is received when it is determined that the smart device is the trusted device by the routing device; after the target server determines that the smart device is the device meeting the predetermined condition, the smart device receives decrypting information sent by the target server, and the decryption on the encryption protocol packet is performed according to the decrypting information to obtain verification information, such that the smart device accesses the second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission. With the present disclosure, a problem of complex operations caused by requiring a password to be input every time a wireless LAN is accessed in a station mode is solved, and automatic access to a wireless LAN provided by the routing device is realized, such that a simplification effect of operation for accessing a wireless LAN is achieved.

    [0025] Fig. 5 is a flow chart showing a method for accessing a wireless LAN according to another exemplary embodiment, and the method may be applied in the implementation environment shown in Fig. 1. In this embodiment, a smart device may be the smart device 100 in the implementation environment shown in Fig. 1, a routing device may be the routing device 200 in the implementation environment shown in Fig. 1, and a target server may be the server 300 in the implementation environment shown in Fig. 1. Besides, all wireless LANs according to the embodiment may be Wi-Fi networks. As shown in Fig. 5, the method may comprise following steps.

    [0026] In step 501, the smart device judges, that is to say determines, whether there is other terminal coupled to the smart device by monitoring a broadcast packet when the smart device is in an access point (AP) mode.

    [0027] In step 502, if there is no other terminal coupled to the smart device, the smart device detects whether a routing device of a target type exists.

    [0028] Exemplarily, whether a routing device of a target type exists may be detected in following ways.

    [0029] First, it is detected whether a signal of the routing device exists by monitoring.

    [0030] For example, the routing device generally sends a signal out periodically, in which the signal may be a beacon frame for instance to inform other device of its own existence, and therefore an existence of the routing device may be determined when the smart device receives a signal sent by the routing device.

    [0031] Next, whether the routing device is of the target type is detected when it is monitored that the signal of the routing device exists. In this embodiment, the routing device of the target type may be a device of a specified manufacturer. Therefore, the smart device may acquire a basic service set identifier (BSSID) of the routing device first, in which the BSSID is a media access control (MAC) address of the routing device, and then a manufacturer of the routing device is determined according to the BSSID of the routing device. Therefore, it may be judged, that is to say determined, whether the manufacturer of the routing device is the specified manufacturer, in which the specified manufacturer may be one or more predetermined manufacturers, and it may be determined that the routing device is of the target type if the manufacturer of the routing device is the specified manufacturer.

    [0032] If the routing device of the target type is found, step 503 is performed on the routing device, otherwise, step 501 will be executed.

    [0033] In step 503, the smart device judges, that is to say determines, whether a mode switching condition is satisfied according to the signal strength of the signal of the routing device.

    [0034] The routing device is of the target type determined in step 502. Exemplarily, if it is determined that the signal strength of the signal of the routing device is greater than a strength threshold value, it is determined that the mode switching condition is satisfied. If it is determined that the mode switching condition is satisfied, the smart device performs step 504. If the mode switching condition is not satisfied, step 503 will be executed.

    [0035] In step 504, the smart device switches a current network card mode from the access point mode to a station (STA) mode.

    [0036] After it has been switched to the station mode, a wireless LAN may be accessed through following steps.

    [0037] In step 505, the smart device accesses a first wireless LAN generated by the routing device when the smart device is in the station mode.

    [0038] Because the smart device does not know a service set identifier (SSID) and a password of the routing device and the routing device does not know the security of the smart device, the smart device accesses a first wireless LAN generated by the routing device first, in which the first wireless LAN is a wireless LAN having no password and a hidden SSID, and the access permission of the first wireless LAN is restricted, only an accessing of an address (the address herein may be an IP address or a domain name) allowed by the access permission is permissible, for example, only an accessing of an address of the target server is permissible. The target server may be a specific server. For example, the smart device, the target server and the routing device are made by a same manufacturer (or, at least two among the smart device, the target server and the routing device may also be devices of different manufacturers, and there is a specific authorization relationship between the different manufacturers), in which the target server is a server for providing a user with various services by the manufacturer, and therefore the target server may identify the smart device, and the smart device is allowed to access the target server. For example, if the smart device is a smart device (such as a smart camera, a smart camera, etc.) produced by manufacturer A and the router is a router produced by manufacturer A, then the target server may be a server of manufacturer A.

    [0039] In step 506, the routing device determines whether the smart device is a trusted device.

    [0040] Exemplarily, it may be judged, that is to say determined, whether the smart device is a trusted device according to a distance between the smart device and the routing device. For example, first, the distance between the smart device and the routing device is determined according to a signal strength of the signal of the smart device; if the distance between the smart device and the routing device is less than a predetermined distance, the smart device is determined as a trusted device. The predetermined distance may be 2 meters for instance, if the smart device is within 2 meters away from the routing device, the routing device regards the smart device as a trusted device. If it is determined that the smart device is a trusted device, the routing device performs step 507; if it is determined that the smart device is not a trusted device, the process ends.

    [0041] In step 507, the routing device sends a first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key to the smart device.

    [0042] The first encryption protocol packet includes verification information, the verification information is used for performing a verification when the second wireless LAN is accessed, and the second wireless LAN has an unlimited access permission, and the verification information may include a SSID and a password of the second wireless LAN, and the second encryption protocol packet includes a random code and device information of the smart device, the device information can used for identifying a manufacturer and a model of the smart device, etc.

    [0043] In step 508, the smart device uploads the second encryption protocol packet to the target server via the first wireless LAN.

    [0044] In step 509, the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code and the device information of the smart device.

    [0045] The server private key is a secret key corresponding to the above-mentioned server public key stored in the target server, in which the two secret keys can be an encryption or a decryption to each other, in which the server public key is public, and the server private key is confidential to devices except the target server.

    [0046] In step 510, the target server judges, that is to say determines, whether the smart device is a device meeting a predetermined condition according to the device information of the smart device.

    [0047] Exemplarily, the device meeting the predetermined condition may be a device of a specified manufacturer for instance. Therefore, it may be judged, that is to say determined, whether the smart device is of the specified manufacturer according to the device information (such as a serial number of the smart device, an MAC address, etc.) of the smart device. If the smart device is of the specified manufacturer, then it is determined that the smart device is the device meeting the predetermined condition, and step 511 is performed; if the smart device is not of the specified manufacturer, then the process ends.

    [0048] In step 511, the target server sends the random code to the smart device.

    [0049] In step 512, the smart device performs a decryption on the first encryption protocol packet according to the random code to obtain verification information.

    [0050] In step 513, the smart device accesses a second wireless LAN according to the verification information.

    [0051] As described in step 507, the verification information is used for performing the verification when the second wireless LAN is accessed, and may include a SSID and a password of the second wireless LAN. Because the access permission of the second wireless LAN is not restricted, the smart device may access the internet normally after the second wireless LAN is accessed by the smart device. Thus, it can be seen that an access of the wireless LAN may be realized without inputting a password, in this way, the complexity of operation is lowered significantly.

    [0052] In addition, it is worth mentioning that if the smart device is a smart camera, in the case that the smart camera is in a STA mode, when the smart camera closes to the routing device, a wireless LAN provided by the routing device may be accessed through the above-mentioned method. Because most of the current cameras are not provided with a keyboard for inputting numbers or letters, by this method, a step of inputting a password by a smart camera may be omitted, and an operation for accessing a wireless LAN by a camera may be simplified greatly.

    [0053] In conclusion, in the method for accessing the wireless LAN according to embodiments of the present disclosure, the first wireless LAN generated by the routing device is accessed when the smart device is in the station mode, and the access permission of the first wireless LAN is restricted such that accessing the address of the target server is permitted and accessing other addresses except for that of the target server is forbidden. The encryption protocol packet including verification information sent by the routing device is received when it is determined that the smart device is a trusted device by the routing device; after the target server determines that the smart device is a device meeting a predetermined condition, the smart device receives decrypting information sent by the target server, and the decryption on the encryption protocol packet is performed according to the decrypting information to obtain verification information, such that the second wireless LAN is accessed according to the verification information, in which the second wireless LAN has an unlimited access permission. With the present disclosure, a problem of complex operations caused by requiring a password to be input every time a wireless LAN is accessed in a station mode is solved, and automatic access to a wireless LAN provided by the routing device is realized, such that a simplification effect of an operation for accessing a wireless LAN is achieved.

    [0054] Fig. 6A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment. The apparatus 600 may be used for implementing the method shown in Fig. 2 or Fig. 5, and the apparatus 600 may be applied in a smart device, and a part or all of the smart device may be constituted by a software or a hardware or a combination thereof, and the smart device may be the smart device 100 in the implementation environment shown in Fig. 1. Referring to Fig. 6A, the apparatus 600 comprises:

    an accessing module 610, configured to access a first wireless LAN generated by a routing device when the smart device is in a station mode, in which the access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a receiving module 620, configured to receive an encryption protocol packet including verification information sent by the routing device when it is determined that the smart device is a trusted device by the routing device;

    a decrypting module 630, configured to perform a decryption on an encryption protocol packet according to decrypting information acquired from the target server after the target server determines that the smart device is a device meeting a predetermined condition to obtain verification information,

    in which the accessing module 610 is further configured to access a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0055] Alternatively, the receiving module 620 is configured to:

    receive a first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key sent by a routing device when the smart device is determined as a trusted device by the routing device,

    in which the first encryption protocol packet includes the verification information, and the second encryption protocol packet includes the random code.



    [0056] Alternatively, Fig. 6B is a block diagram showing a decrypting module according to the embodiment shown in Fig. 6A. Referring to Fig. 6B, the decrypting module 630 comprises:

    an uploading sub module 631, configured to upload the second encryption protocol packet to the target server via the first wireless LAN, such that the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code;

    a receiving sub module 632, configured to receive the random code sent by the target server after the target server determines that the smart device is the device meeting the predetermined condition;

    a decrypting sub module 633, configured to perform a decryption on the first encryption protocol packet according to the random code to obtain the verification information.



    [0057] Alternatively, Fig. 6C is a block diagram showing another apparatus for accessing a wireless LAN according to an exemplary embodiment. Referring to Fig. 6C, the apparatus 600 further comprises:

    a monitoring module 640, configured to judge, that is to say determine, whether a signal of the routing device exists by monitoring when the smart device is in an access point mode without any terminal coupled to the smart device;

    a device identifying module 650, configured to detect whether the routing device is of a target type when it is monitored that the signal of the routing device exists;

    a switching determining module 660, configured to judge, that is to say determine, whether a mode switching condition is satisfied according to a signal strength of the signal of the routing device when it is detected that the routing device is of the target type;

    a switching module 670, configured to switch a current network card mode from the access point mode to the station mode when the mode switching condition is satisfied.



    [0058] Alternatively, Fig. 6D is a block diagram showing a device identifying module according to the embodiment shown in Fig. 6C. Referring to Fig. 6D, the device identifying module 660 comprises:

    an identifier acquiring sub module 661, configured to acquire a BSSID of the routing device;

    a device identifying sub module 662, configured to determine a manufacturer of the routing device according to the BSSID;

    a judging/determining sub module 663, configured to judge, that is to say determine, whether the manufacturer of the routing device is a specified manufacturer;

    a determining sub module 664, configured to determine that the routing device is of the target type if the manufacturer of the routing device is the specified manufacturer.



    [0059] Fig. 7A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment. The apparatus 700 may be used for performing the method shown in Fig. 3 or Fig. 5, and the apparatus 700 may be applied in a routing device, and a part or all of the routing device may be constituted by a software or a hardware or a combination thereof, the routing device may be the routing device 200 in the implementation environment shown in Fig. 1. Referring to Fig. 7A, the apparatus 700 comprises:

    a judging/determining module 710, configured to judge, that is to say determine, whether a smart device is a trusted device when the smart device accesses a first wireless LAN, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a sending module 720, configured to send an encryption protocol packet including verification information to the smart device if the smart device is the trusted device, such that the smart device performs a decryption on the encryption protocol packet according to decrypting information acquired from the target server to obtain the verification information after the target server determines that the smart device is a device meeting a predetermined condition, and the smart device accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0060] Alternatively, the sending module 720 is configured to:
    send a first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key to a smart device if the smart device is the trusted device, in which the first encryption protocol packet includes the verification information, and the second encryption protocol packet includes the random code, such that the smart device uploads the second encryption protocol packet to the target server, such that the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code, and then the random code is sent to the smart device after it is determined that the smart device is the device meeting the predetermined condition, in which the random code is used by the smart device for performing a decryption on the first encryption protocol packet to obtain the verification information, and the second wireless LAN is accessed by the smart device according to the verification information.

    [0061] Alternatively, Fig. 7B is a block diagram showing a judging/determining module according to the embodiment shown in Fig. 7A. Referring to Fig. 7B, the judging/determining module 710 comprises:

    a distance identifying sub module 711, configured to determine a distance between the smart device and the routing device according to a signal strength of the signal of the smart device;

    a determining sub module 712, configured to determine that the smart device is the trusted device if the distance between the smart device and the routing device is less than a predetermined distance.



    [0062] Fig. 8A is a block diagram showing an apparatus for accessing a wireless LAN according to an exemplary embodiment. The apparatus 800 may be used for performing the method shown in Fig. 4 or Fig. 5, and the apparatus 800 may be applied in a target server, and a part or all of the target server may be constituted by a software or a hardware or a combination thereof, and the target server may be the server 300 in the implementation environment shown in Fig. 1. Referring to Fig. 8A, the apparatus 800 comprises:

    an acquiring module 810, configured to acquire decrypting information after a smart device receives an encryption protocol packet including verification information sent by a routing device via a first wireless LAN generated by the routing device, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a judging/determining module 820, configured to judge, that is to say determine, whether the smart device is a device meeting a predetermined condition;

    a sending module 830, configured to send decrypting information to the smart device if the smart device is the device meeting the predetermined condition, such that the smart device performs a decryption on the encryption protocol packet according to the decrypting information acquired from the target server to obtain the verification information, and accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0063] Alternatively, Fig. 8B is a block diagram showing an acquiring module according to the embodiment shown in Fig. 8A. Referring to Fig. 8B, the acquiring module 810 comprises:

    a receiving sub module 811, configured to receive a second encryption protocol packet uploaded by the smart device via the first wireless LAN after the smart device receives a first encryption protocol packet encrypted using a random code and the second encryption protocol packet encrypted using a server public key which are sent by the routing device via the first wireless LAN;

    a decrypting sub module 812, configured to perform a decryption on the second encryption protocol packet using a server private key to obtain the random code.



    [0064] Alternatively, the second encryption protocol packet further includes device information of the smart device. Fig. 8C is a block diagram showing a judging/determining module according to the embodiment shown in Fig. 8A. Referring to Fig. 8C, the judging/determining module 820 may comprise:

    a device identifying sub module 821, configured to determine a manufacturer of the smart device according to the device information obtained after the decryption on the second encryption protocol packet is performed using the server private key;

    a determining sub module 822, configured to judge, that is to say determine, whether the manufacturer of the smart device is a specified manufacturer;

    a determining sub module 823, configured to determined that the smart device is the device meeting the predetermined condition if the manufacturer of the smart device is the specified manufacturer.



    [0065] With respect to the specific manners for performing operations for individual modules in the devices in above embodiments, reference is made to those described in detail in the embodiments regarding the methods, which will not be explained in detail herein.

    [0066] There is provided a communication system in embodiments of the present disclosure. The communication system comprises: a smart device, a routing device, and a target server, in which the relation between the smart device, the routing device and the target server may be a relation as shown in the implementation environment shown in Fig. 1, which will not be explained in detail herein.

    [0067] The smart device may include any one of the apparatuses 600 for accessing wireless LANs in Fig. 6A to Fig. 6D;
    the routing device may include the apparatus 700 for accessing the wireless LAN in Fig. 7A or Fig. 7B;
    the target server may include the apparatus 800 for accessing the wireless LAN in any one of Fig. 8A to Fig. 8C.

    [0068] Fig. 9 is a block diagram showing an device 900 for accessing a wireless LAN according to an exemplary embodiment. For example, the device 900 may be a smart camera, a routing device, a mobile phone, a computer, a digital broadcasting terminal, a message receiving and sending equipment, a game controller, a tablet device, a medical equipment, a fitness equipment, a PDA, and so on.

    [0069] Referring to Fig. 9, the device 900 may include one or more of the following components: a processing component 902, a memory 904, a power component 906, a multimedia component 908, an audio component 910, an input/output (I/O) interface 912, a sensor component 914, and a communication component 916.

    [0070] The processing component 902 typically controls overall operations of the device 900, such as the operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 902 may include one or more processors 920 to execute instructions so as to perform all or part of the steps in the above described methods for accessing the wireless LAN. Moreover, the processing component 902 may include one or more modules which facilitate the interaction between the processing component 902 and other components. For instance, the processing component 902 may include a multimedia module to facilitate the interaction between the multimedia component 908 and the processing component 902.

    [0071] The memory 904 is configured to store various types of data to support the operation of the device 900. Examples of such data include instructions for any applications or methods operated on the device 900, contact data, phonebook data, messages, pictures, videos, etc. The memory 904 may be implemented using any type of volatile or non-volatile memory devices, or a combination thereof, such as a static random access memory (SRAM), an electrically erasable programmable read-only memory (EEPROM), an erasable programmable read-only memory (EPROM), a programmable read-only memory (PROM), a read-only memory (ROM), a magnetic memory, a flash memory, a magnetic or optical disk.

    [0072] The power component 906 provides power to various components of the device 900. The power component 906 may include a power management system, one or more power sources, and any other components associated with the generation, management, and distribution of power in the device 900.

    [0073] The multimedia component 908 includes a screen providing an output interface between the device 900 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes the touch panel, the screen may be implemented as a touch screen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensors may not only sense a boundary of a touch or swipe action, but also sense a duration and a pressure associated with the touch or swipe action. In some embodiments, the multimedia component 908 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the device 900 is in an operation mode, such as a photographing mode or a video mode. Each of the front camera and the rear camera may be a fixed optical lens system, or have focus and optical zoom capability.

    [0074] The audio component 910 is configured to output and/or input an audio signal. For example, the audio component 910 includes a microphone ("MIC") configured to receive an external audio signal when the device 900 is in an operation mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may be further stored in the memory 904 or transmitted via the communication component 916. In some embodiments, the audio component 910 further includes a speaker to output audio signals.

    [0075] The I/O interface 912 provides an interface between the processing component 902 and a peripheral interface module, such as a keyboard, a click wheel, a button, and the like. The button may include, but are not limited to, a home button, a volume button, a starting button, and a locking button.

    [0076] The sensor component 914 includes one or more sensors to provide status assessments of various aspects of the device 900. For instance, the sensor component 914 may detect an on/off status of the device 900, relative position of a component (e.g., the display and the keypad) of the device 900, a change in position of the device 900 or a component of the device 900, a presence or absence of user contact with the device 900, an orientation or an acceleration/deceleration of the device 900, and a change in temperature of the device 900. The sensor component 914 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor component 914 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor component 914 may also include an accelerometer sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

    [0077] The communication component 916 is configured to facilitate wired or wireless communication between the device 900 and other devices. The device 900 can access a wireless network based on a communication standard, such as a WIFI network, a 2G network, or a 3G network, or a combination thereof. In one exemplary embodiment, the communication component 916 receives a broadcast signal or broadcast associated information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 916 further includes a near field communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on a technology such as a radio frequency identification (RFID) technology, an infrared data association (IrDA) technology, an ultra-wideband (UWB) technology, a Bluetooth (BT) technology, and other technologies.

    [0078] In exemplary embodiments, the device 900 may be implemented with at least one device selected from a group consisting of an application specific integrated circuit (ASIC), a digital signal processor (DSP), a digital signal processing device (DSPD), a programmable logic device (PLD), a field programmable gate arrays (FPGA), a controller, a micro-controller, a microprocessor, or other electronic components, for performing the above described methods according to embodiments of the present disclosure.

    [0079] In exemplary embodiments, there is also provided a non-transitory computer-readable storage medium including instructions, such as the memory 904 including instructions, and the instructions are executable by the processor 920 of the device 900, for performing the above-described methods. For example, the non-transitory computer-readable storage medium may be a ROM, a random access memory (RAM), a CD-ROM, a magnetic tape, a floppy disc, an optical data storage device, and the like.

    [0080] Fig. 10 is a block diagram showing an apparatus 1000 for accessing a wireless LAN according to an exemplary embodiment. For example, apparatus 1000 may be provided as a server. Referring to Fig. 10, the apparatus 1000 includes a processing component 1022, and further includes one or more processors, and a memory resource represented by the memory 1032 for storing instructions that can be executed by the processing component 1022, such as an application program. The application program stored in the memory 1032 may include one or more modules each corresponding to a group of instructions. In addition, the processing component 1022 is configured to execute the instructions to execute the above-described method for accessing the wireless LAN.

    [0081] The apparatus 1000 may further include one power supply component 1026 configured to execute the power management of the apparatus 1000; one wired or wireless network interface 1050 configured to couple the apparatus 1000 to a network; and one input/ output (I/O) interface 1058. The apparatus 1000 may operate operating systems stored in the memory 1032, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and so on.

    [0082] Moreover, there is further provided an apparatus 1 for accessing a wireless LAN in embodiments of the present disclosure, applied in a smart device. The apparatus 1 comprises:

    a processor;

    a memory configured to store instructions executable by the processor,

    in which the processor is configured to:

    access a first wireless LAN generated by the routing device when a smart device is in a station mode, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    receive an encryption protocol packet including verification information sent by the routing device when the smart device is determined as a trusted device by the routing device;

    perform a decryption on the encryption protocol packet according to decrypting information acquired from a target server to obtain the verification information after the target server determines that the smart device is a device meeting a predetermined condition;

    access a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0083] There is further provided an apparatus 2 for accessing a wireless LAN in embodiments of the present disclosure, applied in a routing device. The apparatus 2 comprises:

    a processor;

    a memory configured to store instructions executable by the processor,

    in which the processor is configured to:

    judge, that is to say determine, whether a smart device is a trusted device when the smart device is coupled to a first wireless LAN, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    send an encryption protocol packet including verification information to the smart device if the smart device is the trusted device, such that the smart device performs a decryption on the encryption protocol packet according to decrypting information acquired from the target server to obtain the verification information after the target server determines that the smart device is a device meeting a predetermined condition, and the smart device accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0084] There is further provided an apparatus 3 for accessing wireless LAN in embodiments of the present disclosure, applied in a target server. The apparatus 3 comprises:

    a processor;

    a memory configured to store instructions executable by the processor,

    in which the processor is configured to:

    acquire decrypting information after a smart device receives an encryption protocol packet including verification information sent by a routing device via a first wireless LAN generated by the routing device, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    judge, that is to say determine, whether the smart device is a device meeting a predetermined condition;

    send decrypting information to the smart device if the smart device is the device meeting the predetermined condition, such that the smart device performs a decryption on the encryption protocol packet according to the decrypting information acquired from the target sever to obtain the verification information, and the smart device accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission.



    [0085] Therefore, there is further provided another communication system in embodiments of the present disclosure. The communication system comprises: a smart device, a routing device and a target server, in which the relation between the smart device, the routing device and the target server may be as shown in the implementation environment shown in Fig. 1, which will not be explained in detail herein.

    [0086] The smart device may include the above-mentioned apparatus 1 for accessing the wireless LAN;

    [0087] the routing device may include the above-mentioned apparatus 2 for accessing the wireless LAN;

    [0088] the target server may include the above-mentioned apparatus 3 for accessing the wireless LAN.

    [0089] Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed here. This application is intended to cover any variations, uses, or adaptations of the disclosure following the general principles thereof and including such departures from the present disclosure as come within known or customary practice in the art.


    Claims

    1. A method for accessing a wireless local area network LAN, applied in a smart device, comprising:

    accessing (201) a first wireless LAN generated by a routing device when the smart device is in a station mode, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    receiving (202) a first encryption protocol packet comprising verification information sent by the routing device upon the smart device being determined as a trusted device by the routing device;

    performing (203) a decryption on the first encryption protocol packet according to decrypting information acquired from the target server to obtain the verification information, upon the target server determining that the smart device is a device meeting a predetermined condition;

    accessing (204) a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission;

    wherein the step of receiving the first encryption protocol packet comprising verification information sent by the routing device upon the smart device being determined as a trusted device by the routing device comprises:

    receiving the first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key sent by the routing device upon the smart device being determined as the trusted device by the routing device,

    in which the first encryption protocol packet comprises the verification information, and the second encryption protocol packet comprises the random code and device information of the smart device which can be used for identifying a manufacturer of the smart device,

    wherein performing a decryption on the first encryption protocol packet according to the decrypting information acquired from a target server to obtain the verification information comprises:

    uploading the second encryption protocol packet to the target server via the first wireless LAN, such that the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code;

    receiving the random code sent by the target server, upon the target server determining that the smart device is the device meeting the predetermined condition;

    performing a decryption on the first encryption protocol packet according to the random code to obtain the verification information.


     
    2. The method according to claim 1, further comprising:

    determining whether a signal of the routing device exists by monitoring when the smart device is in an access point mode without any terminal coupled to the smart device;

    detecting whether the routing device is of a target type when it is monitored that the signal of the routing device exists;

    determining whether a mode switching condition is met according to a signal strength of the signal of the routing device when it is detected that the routing device is of the target type;

    switching a current network card mode from the access point mode to the station mode upon the mode switching condition being met.


     
    3. The method according to claim 2, wherein the step of detecting whether the routing device is of a target type comprises:

    acquiring a basic service set identifier (BSSID) of the routing device;

    determining a manufacturer of the routing device according to the BSSID;

    determining whether the manufacturer of the routing device is a specified manufacturer;

    determining that the routing device is of the target type if the manufacturer of the routing device is the specified manufacturer.


     
    4. An apparatus (600) for accessing a wireless LAN, the apparatus being a smart device, comprising:

    an accessing module (610), configured to access a first wireless LAN generated by a routing device when the smart device is in a station mode, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a receiving module (620), configured to receive a first encryption protocol packet comprising verification information sent by the routing device, upon the smart device being determined as a trusted device by the routing device;

    a decrypting module (630), configured to perform a decryption on the first encryption protocol packet according to decrypting information acquired from the target server upon the target server determining that the smart device is a device meeting a predetermined condition to obtain the verification information;

    wherein the accessing module (610) is further configured to access a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission;

    wherein the receiving module (620) is configured to:

    receive the first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key sent by the routing device upon the smart device being determined as the trusted device by the routing device,

    in which the first encryption protocol packet comprises the verification information, and the second encryption protocol packet comprises the random code and device information of the smart device which can be used for identifying a manufacturer of the smart device,

    wherein the decrypting module (630) comprises:

    an uploading sub module (631), configured to upload the second encryption protocol packet to the target server via the first wireless LAN, such that the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code;

    a receiving sub module (632), configured to receive the random code sent by the target server upon the target server determining that the smart device is the device meeting the predetermined condition;

    a decrypting sub module (633), configured to perform a decryption on the first encryption protocol packet according to the random code to obtain the verification information.


     
    5. The apparatus according to claim 4, further comprising:

    a monitoring module (640), configured to determine whether a signal of the routing device exists by monitoring when the smart device is in an access point mode without any terminal coupled to the smart device;

    a device identifying module (650), configured to detect whether the routing device is of a target type when it is monitored that the signal of the routing device exists;

    a switching determining module (660), configured to determine whether a mode switching condition is met according to a signal strength of the signal of the routing device when it is detected that the routing device is of the target type;

    a switching module (670), configured to switch a current network card mode from the access point mode to the station mode upon the mode switching condition being met.


     
    6. The apparatus according to claim 5, wherein the device identifying module (660) comprises:

    an identifier acquiring sub module (661), configured to acquire a basic service set identifier (BSSID) of the routing device;

    a device identifying sub module (662), configured to determine a manufacturer of the routing device according to the BSSID;

    a determining sub module (663), configured to determine whether the manufacturer of the routing device is a specified manufacturer;

    a determining sub module (664), configured to determine that the routing device is of the target type if the manufacturer of the routing device is the specified manufacturer.


     
    7. An apparatus (700) for accessing a wireless LAN, the apparatus being a routing device, comprising:

    a determining module (710), configured to determine whether a smart device is a trusted device upon the smart device accessing a first wireless LAN, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a sending module (720), configured to send a first encryption protocol packet comprising verification information to the smart device if the smart device is the trusted device, such that the smart device performs a decryption on the first encryption protocol packet according to decrypting information acquired from the target server to obtain the verification information upon the target server determining that the smart device is a device meeting a predetermined condition, and the smart device accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission;

    wherein the sending module (720) is configured to:
    send the first encryption protocol packet encrypted using a random code and a second encryption protocol packet encrypted using a server public key to the smart device if the smart device is the trusted device, in which the first encryption protocol packet comprises the verification information, and the second encryption protocol packet comprises the random code and device information of the smart device which can be used for identifying a manufacturer of the smart device, such that the smart device uploads the second encryption protocol packet to the target server, such that the target server performs a decryption on the second encryption protocol packet using a server private key to obtain the random code, and the random code is sent to the smart device upon determining that the smart device is the device meeting the predetermined condition, in which the random code is used by the smart device to perform a decryption on the first encryption protocol packet to obtain the verification information, and the second wireless LAN is accessed by the smart device according to the verification information.


     
    8. The apparatus according to claim 7, wherein the determining module (710) comprises:

    a distance identifying sub module (711), configured to determine a distance between the smart device and the routing device according to a signal strength of the signal of the smart device;

    a determining sub module (712), configured to determine that the smart device is the trusted device if the distance between the smart device and the routing device is less than a predetermined distance.


     
    9. An apparatus (800) for accessing a wireless LAN, the apparatus being a target server, comprising:

    an acquiring module (810), configured to acquire decrypting information upon a smart device receiving a first

    encryption protocol packet comprising verification information sent by a routing device via a first wireless LAN generated by the routing device, in which an access permission of the first wireless LAN is restricted such that accessing an address of a target server is permitted and accessing other addresses except for that of the target server is forbidden;

    a determining module (820), configured to determine whether the smart device is a device meeting a predetermined condition;

    a sending module (830), configured to send decrypting information to the smart device if the smart device is the device meeting the predetermined condition, such that the smart device performs a decryption on the first encryption protocol packet according to the decrypting information acquired from the target sever to obtain the verification information, and accesses a second wireless LAN according to the verification information, in which the second wireless LAN has an unlimited access permission;

    wherein the acquiring module (810) comprises:

    a receiving sub module (811), configured to receive a second encryption protocol packet uploaded by the smart device via the first wireless LAN upon the smart device receiving the first encryption protocol packet encrypted using a random code and the second encryption protocol packet encrypted using a server public key which are sent by the routing device via the first wireless LAN;

    a decrypting sub module (812), configured to perform a decryption on the second encryption protocol packet using a server private key to obtain the random code,

    wherein the second encryption protocol packet further comprises device information of the smart device, and the determining module (820) comprises:

    a device identifying sub module (821), configured to determine a manufacturer of the smart device according to the device information obtained after the decryption on the second encryption protocol packet is performed using the server private key;

    a first determining sub module (822), configured to determine whether the manufacturer of the smart device is a specified manufacturer;

    a second determining sub module (823), configured to determine that the smart device is the device meeting the predetermined condition if the manufacturer of the smart device is the specified manufacturer.


     
    10. A computer program product comprising instructions that, when executed by one or more processors of an apparatus, cause the apparatus to perform the method of any of Claims 1 to 3.
     
    11. A non-transitory computer-readable storage medium having stored therein instructions that, when executed by a processor of a terminal device, cause the terminal device to perform the method for accessing a wireless local area network LAN of any of Claims 1 to 3.
     


    Ansprüche

    1. Verfahren zum Zugreifen auf ein in einem intelligenten Gerät benutztes drahtloses lokales Netzwerk LAN, das Folgendes beinhaltet:

    Zugreifen (201) auf ein erstes drahtloses LAN, erzeugt von einem Routing-Gerät, wenn das intelligente Gerät in einem Stationsmodus ist, in dem eine Zugriffsgenehmigung des ersten drahtlosen LAN so beschränkt ist, dass Zugriffe auf eine Adresse eines Zielservers zulässig sind und Zugriffe auf andere Adressen mit Ausnahme von der des Zielservers nicht zulässig sind;

    Empfangen (202) eines ersten Verschlüsselungsprotokollpakets, das Verifikationsinformationen umfasst, die vom Routing-Gerät gesendet werden, nachdem das intelligente Gerät vom Routing-Gerät als vertrauenswürdiges Gerät festgestellt wurde;

    Durchführen (203) einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket gemäß Entschlüsselungsinformationen, erfasst vom Zielserver zum Einholen der Verifikationsinformationen, nachdem der Zielserver festgestellt hat, dass das intelligente Gerät ein Gerät ist, das eine vorbestimmte Bedingung erfüllt;

    Zugreifen (204) auf ein zweites drahtloses LAN gemäß den Verifikationsinformationen, in dem das zweite drahtlose LAN eine unbegrenzte Zugriffsgenehmigung hat;

    wobei der Schritt des Empfangens des ersten Verschlüsselungsprotokollpakets, das Verifikationsinformationen umfasst, die vom Routing-Gerät gesendet wurden, nachdem das intelligente Gerät vom Routing-Gerät als vertrauenswürdiges Gerät ermittelt wurde, Folgendes beinhaltet:

    Empfangen des mit einem Zufallscode verschlüsselten ersten Verschlüsselungsprotokollpakets und eines zweiten Verschlüsselungsprotokollpakets, verschlüsselt mit einem Server-Public-Key, der vom Routing-Gerät gesendet wurde, nachdem das intelligente Gerät vom Routing-Gerät als vertrauenswürdiges Gerät festgestellt wurde,

    wobei das erste Verschlüsselungsprotokollpaket die Verifikationsinformationen umfasst und das zweite Verschlüsselungsprotokollpaket den Zufallscode und Geräteinformationen des intelligenten Geräts umfasst, die zum Identifizieren eines Herstellers des intelligenten Geräts benutzt werden können,

    wobei das Durchführen einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket gemäß den Entschlüsselungsinformationen, die von einem Zielserver erfasst wurden, um die Verifikationsinformationen einzuholen, Folgendes beinhaltet:

    Hochladen des zweiten Verschlüsselungsprotokollpakets auf den Zielserver über das erste drahtlose LAN, so dass der Zielserver eine Entschlüsselung an dem zweiten Verschlüsselungsprotokollpaket anhand eines Server-Private-Key durchführt, um den Zufallscode einzuholen;

    Empfangen des vom Zielserver gesendeten Zufallscode, nachdem der Zielserver festgestellt hat, dass das intelligente Gerät das Gerät ist, das die vorbestimmte Bedingung erfüllt;

    Durchführen einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket gemäß dem Zufallscode, um die Verifikationsinformationen einzuholen.


     
    2. Verfahren nach Anspruch 1, das ferner Folgendes beinhaltet:

    Feststellen, ob ein Signal des Routing-Geräts existiert, durch Überwachen, wenn das intelligente Gerät in einem Zugriffspunktmodus ist, ohne ein mit dem intelligenten Gerät gekoppeltes Terminal;

    Erkennen, ob das Routing-Gerät von einem Zieltyp ist, wenn überwacht wird, dass das Signal des Routing-Geräts existiert;

    Feststellen, ob eine Modusumschaltbedingung erfüllt ist, anhand einer Signalstärke des Signals des Routing-Geräts, wenn erkannt wird, dass das Routing-Gerät vom Zieltyp ist;

    Umschalten eines aktuellen Netzwerkkartenmodus vom Zugriffspunktmodus auf den Stationsmodus, wenn festgestellt wurde, dass die Modusumschaltbedingung erfüllt ist.


     
    3. Verfahren nach Anspruch 2, wobei der Schritt des Erkennens, ob das Routing-Gerät vom Zieltyp ist, Folgendes beinhaltet:

    Erfassen einer BSSID (Basic Service Set Identifier) des Routing-Geräts;

    Ermitteln eines Herstellers des Routing-Geräts gemäß der BSSID;

    Feststellen, ob der Hersteller des Routing-Geräts ein angegebener Hersteller ist;

    Feststellen, dass das Routing-Gerät vom Zieltyp ist, wenn der Hersteller des Routing-Geräts der angegebene Hersteller ist.


     
    4. Vorrichtung (600) zum Zugreifen auf ein drahtloses LAN, wobei die Vorrichtung ein intelligentes Gerät ist und Folgendes umfasst:

    ein Zugriffsmodul (610), konfiguriert zum Zugreifen auf ein erstes drahtloses LAN, das von einem Routing-Gerät erzeugt wird, wenn das intelligente Gerät in einem Stationsmodus ist, in dem eine Zugriffsgenehmigung des ersten drahtlosen LAN so beschränkt ist, dass Zugriffe auf eine Adresse eines Zielservers zugelassen werden und Zugriffe auf andere Adressen mit Ausnahme von der des Zielservers nicht zugelassen werden;

    ein Empfangsmodul (620), konfiguriert zum Empfangen eines ersten Verschlüsselungsprotokollpakets, das vom Routing-Gerät gesendete Verifikationsinformationen umfasst, nachdem das intelligente Gerät vom Routing-Gerät als ein vertrauenswürdiges Gerät ermittelt wurde;

    ein Entschlüsselungsmodul (630), konfiguriert zum Durchführen einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket gemäß Entschlüsselungsinformationen, die vom Zielserver erfasst wurden, nachdem der Zielserver festgestellt hat, dass das intelligente Gerät ein Gerät ist, das eine vorbestimmte Bedingung erfüllt, um die Verifikationsinformationen einzuholen;

    wobei das Zugriffsmodul (610) ferner zum Zugreifen auf ein zweites drahtloses LAN gemäß den Verifikationsinformationen konfiguriert ist, in dem das zweite drahtlose LAN eine unbegrenzte Zugriffsgenehmigung hat;

    wobei das Empfangsmodul (620) konfiguriert ist zum:

    Empfangen des ersten Verschlüsselungsprotokollpakets, das mit einem Zufallscode verschlüsselt ist, und eines zweiten Verschlüsselungsprotokollpakets, das mit einem Server-Public-Key verschlüsselt wurde, der vom Routing-Gerät gesendet wurde, nachdem das intelligente Gerät vom Routing-Gerät als vertrauenswürdiges Gerät ermittelt wurde,

    wobei das erste Verschlüsselungsprotokollpaket die Verifikationsinformationen umfasst und das zweite Verschlüsselungsprotokollpaket den Zufallscode und Geräteinformationen des intelligenten Geräts umfasst, die zum Identifizieren eines Herstellers des intelligenten Geräts benutzt werden können,

    wobei das Entschlüsselungsmodul (630) Folgendes umfasst:

    ein Hochladesubmodul (631), konfiguriert zum Hochladen des zweiten Verschlüsselungsprotokollpakets auf den Zielserver über das erste drahtlose LAN, so dass der Zielserver eine Entschlüsselung an dem zweiten Verschlüsselungsprotokollpaket mit einem Server-Private-Key durchführt, um den Zufallscode einzuholen;

    ein Empfangssubmodul (632), konfiguriert zum Empfangen des Zufallscode, der vom Zielserver gesendet wird, wenn der Zielserver festgestellt hat, dass das intelligente Gerät das Gerät ist, das die vorbestimmte Bedingung erfüllt;

    ein Entschlüsselungssubmodul (633), konfiguriert zum Durchführen einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket gemäß dem Zufallscode, um die Verifikationsinformationen einzuholen.


     
    5. Vorrichtung nach Anspruch 4, die ferner Folgendes umfasst:

    ein Überwachungsmodul (640), konfiguriert zum Feststellen, ob ein Signal des Routing-Geräts existiert, durch Überwachen, wenn das intelligente Gerät in einem Zugriffspunktmodus ist, ohne ein mit dem intelligenten Gerät gekoppeltes Terminal;

    ein Geräteidentifikationsmodul (650), konfiguriert zum Erkennen, ob das Routing-Gerät von einem Zieltyp ist, wenn überwacht wird, dass das Signal des Routing-Geräts existiert;

    ein Umschaltbestimmungsmodul (660), konfiguriert zum Feststellen, ob eine Modusumschaltbedingung erfüllt ist, anhand einer Signalstärke des Signals des Routing-Geräts, wenn erkannt wird, dass das Routing-Gerät vom Zieltyp ist;

    ein Umschaltmodul (670), konfiguriert zum Umschalten eines aktuellen Netzwerkkartenmodus vom Zugriffspunktmodus auf den Stationsmodus, wenn die Modusumschaltbedingung erfüllt ist.


     
    6. Vorrichtung nach Anspruch 5, wobei das Geräteidentifikationsmodul (660) Folgendes umfasst:

    ein Kennungserfassungssubmodul (661), konfiguriert zum Erfassen einer BSSID (Basic Service Set Identifier) des Routing-Geräts;

    ein Geräteidentifikationssubmodul (662), konfiguriert zum Bestimmen eines Herstellers des Routing-Geräts gemäß der BSSID;

    ein Feststellungssubmodul (663), konfiguriert zum Feststellen, ob der Hersteller des Routing-Geräts ein angegebener Hersteller ist;

    ein Feststellungssubmodul (664), konfiguriert zum Feststellen, dass das Routing-Gerät vom Zieltyp ist, wenn der Hersteller des Routing-Geräts der angegebene Hersteller ist.


     
    7. Vorrichtung (700) zum Zugreifen auf ein drahtloses LAN, wobei die Vorrichtung ein Routing-Gerät ist und Folgendes umfasst:

    ein Feststellungsmodul (710), konfiguriert zum Feststellen, ob ein intelligentes Gerät ein vertrauenswürdiges Gerät ist, wenn das intelligente Gerät auf ein erstes drahtloses LAN zugreift, in dem eine Zugriffsgenehmigung des ersten drahtlosen LAN so beschränkt ist, dass Zugriffe auf eine Adresse eines Zielservers zulässig sind und Zugriffe auf andere Adressen mit Ausnahme von der des Zielservers nicht zulässig sind;

    ein Sendemodul (720), konfiguriert zum Senden eines ersten Verschlüsselungsprotokollpakets, das Verifikationsinformationen umfasst, zu dem intelligenten Gerät, wenn das intelligente Gerät das vertrauenswürdige Gerät ist, so dass das intelligente Gerät eine Entschlüsselung des ersten Entschlüsselungsprotokollpakets gemäß Entschlüsselungsinformationen durchführt, die von dem Zielserver erfasst wurden, um die Verifikationsinformationen einzuholen, wenn der Zielserver feststellt, dass das intelligente Gerät ein Gerät ist, das eine vorbestimmte Bedingung erfüllt, und das intelligente Gerät auf ein zweites drahtloses LAN gemäß den Verifikationsinformationen zugreift, wobei das zweite drahtlose LAN eine unbegrenzte Zugriffsgenehmigung hat;

    wobei das Sendemodul (720) konfiguriert ist zum:

    Senden des ersten Verschlüsselungsprotokollpakets, das mit einem Zufallscode verschlüsselt ist, und eines zweiten Verschlüsselungsprotokollpakets, das mit einem Server-Public-Key verschlüsselt ist, zu dem intelligenten Gerät, wenn das intelligente Gerät das vertrauenswürdige Gerät ist, in dem das erste Verschlüsselungsprotokollpaket die Verifikationsinformationen umfasst und das zweite Verschlüsselungsprotokollpaket den Zufallscode und Geräteinformationen des intelligenten Geräts umfasst, die zum Identifizieren eines Herstellers des intelligenten Geräts benutzt werden können,

    so dass das intelligente Gerät das zweite Verschlüsselungsprotokollpaket auf den Zielserver hochlädt, so dass der Zielserver eine Entschlüsselung an dem zweiten Verschlüsselungsprotokollpaket mit einem Server-Private-Key durchführt, um den Zufallscode einzuholen, und der Zufallscode zu dem intelligenten Gerät gesendet wird, wenn festgestellt wurde, dass das intelligente Gerät das Gerät ist, das die vorbestimmte Bedingung erfüllt, wobei der Zufallscode von dem intelligenten Gerät zum Durchführen einer Entschlüsselung an dem ersten Verschlüsselungsprotokollpaket benutzt wird, um die Verifikationsinformationen einzuholen, und das intelligente Gerät auf das zweite drahtlose LAN gemäß den Verifikationsinformationen zugreift.


     
    8. Vorrichtung nach Anspruch 7, wobei das Feststellungsmodul (710) Folgendes umfasst:

    ein Entfernungsidentifikationssubmodul (711), konfiguriert zum Feststellen einer Entfernung zwischen dem intelligenten Gerät und dem Routing-Gerät gemäß einer Signalstärke des Signals des intelligenten Geräts;

    ein Feststellungssubmodul (712), konfiguriert zum Feststellen, dass das intelligente Gerät das vertrauenswürdige Gerät ist, wenn die Entfernung zwischen dem intelligenten Gerät und dem Routing-Gerät geringer ist als eine vorbestimmte Entfernung.


     
    9. Vorrichtung (800) zum Zugreifen auf ein drahtloses LAN, wobei die Vorrichtung ein Zielserver ist und Folgendes umfasst:

    ein Erfassungsmodul (810), konfiguriert zum Erfassen von Entschlüsselungsinformationen, nachdem ein intelligentes Gerät ein erstes Verschlüsselungsprotokollpaket empfangen hat, das Verifikationsinformationen umfasst, die von einem Routing-Gerät über ein vom Routing-Gerät erzeugtes erstes drahtloses LAN gesendet werden, wobei eine Zugriffsgenehmigung des ersten drahtlosen LAN so beschränkt ist, dass Zugriffe auf eine Adresse eines Zielservers zulässig sind und Zugriffe auf andere Adressen mit Ausnahme von der des Zielservers nicht zulässig sind;

    ein Feststellungsmodul (820), konfiguriert zum Feststellen, ob das intelligente Gerät ein Gerät ist, das eine vorbestimmte Bedingung erfüllt;

    ein Sendemodul (830), konfiguriert zum Senden von Entschlüsselungsinformtionen zu dem intelligenten Gerät, wenn das intelligente Gerät ein Gerät ist, das die vorbestimmte Bedingung erfüllt, so dass das intelligente Gerät eine Entschlüsselung am ersten Verschlüsselungsprotokollpaket gemäß den Entschlüsselungsinformationen durchführt, die vom Zielserver erfasst wurden, um die Verifikationsinformationen einzuholen, und auf ein zeites drahtloses LAN gemäß den Verifikationsinformationen zugreift, in dem das zweite drahtlose LAN eine unbegrenzte Zugriffsgenehmigung hat;

    wobei das Erfassungsmodul (810) Folgendes umfasst:

    ein Empfangssubmodul (811), konfiguriert zum Empfangen eines zweiten Verschlüsselungsprotokollpakets, das von dem intelligenten Gerät über das erste drahtlose LAN hochgeladen wurde, nachdem das intelligente Gerät das erste Verschlüsselungsprotokollpaket, das mit einem Zufallscode verschlüsselt wurde, und das zweite Verschlüsselungsprotokollpaket empfangen hat, das mit einem Server-Public-Key verschlüsselt wurde, die vom Routing-Gerät über das erste drahtlose LAN gesendet wurden;

    ein Entschlüsselungssubmodul (812), konfiguriert zum Durchführen einer Entschlüsselung an dem zweiten Verschlüsselungsprotokollpaket mit einem Server-Private-Key, um den Zufallscode einzuholen,

    wobei das zweite Verschlüsselungsprotokollpaket ferner Geräteinformationen des intelligenten Geräts umfasst und das Feststellungsmodul (820) Folgendes umfasst:

    ein Geräteidentifikationssubmodul (821), konfiguriert zum Feststellen eines Herstellers des intelligenten Geräts gemäß den Geräteinformationen, die nach dem Durchführen der Entschlüsselung am zweiten Verschlüsselungsprotokollpaket mit dem Server-Private-Key eingeholt wurden;

    ein erstes Feststellungssubmodul (822), konfiguriert zum Feststellen, ob der Hersteller des intelligenten Geräts ein angegebener Hersteller ist;

    ein zweites Feststellungssubmodul (823), konfiguriert zum Feststellen, dass das intelligente Gerät das Gerät ist, das die vorbestimmte Bedingung erfüllt, wenn der Hersteller des intelligenten Geräts der angegebene Hersteller ist.


     
    10. Computerprogrammprodukt, das Befehle umfasst, die bei Ausführung durch einen oder mehrere Prozessoren einer Vorrichtung bewirken, dass die Vorrichtung das Verfahren nach einem der Ansprüche 1 bis 3 durchführt.
     
    11. Nichtflüchtiges computerlesbares Speichermedium, auf dem Befehle gespeichert sind, die bei Ausführung durch einen Prozessor eines Endgeräts bewirken, dass das Endgerät das Verfahren zum Zugreifen auf ein drahtloses lokales Netzwerk LAN nach einem der Ansprüche 1 bis 3 durchführt.
     


    Revendications

    1. Procédé d'accès à un réseau local, LAN, sans fil, appliqué dans un dispositif intelligent, comprenant :

    l'accès (201) à un premier LAN sans fil généré par un dispositif de routage quand le dispositif intelligent est dans un mode de station, dans lequel une permission d'accès du premier LAN sans fil est restreinte de telle sorte que l'accès à une adresse d'un serveur cible soit autorisé et que l'accès à d'autres adresses sauf celle du serveur cible soit interdit ;

    la réception (202) d'un premier paquet de protocole de cryptage comprenant des informations de vérification envoyées par le dispositif de routage lorsque le dispositif de routage détermine que le dispositif intelligent est un dispositif de confiance ;

    l'exécution (203) d'un décryptage sur le premier paquet de protocole de cryptage conformément aux informations de décryptage acquises auprès du serveur cible pour obtenir les informations de vérification, lorsque le serveur cible détermine que le dispositif intelligent est un dispositif satisfaisant une condition prédéterminée ;

    l'accès (204) à un second LAN sans fil conformément aux informations de vérification, le second LAN sans fil ayant une permission d'accès illimité ;

    dans lequel l'étape de réception du premier paquet de protocole de cryptage comprenant des informations de vérification envoyées par le dispositif de routage lorsque le dispositif de routage détermine que le dispositif intelligent est un dispositif de confiance comprend :

    la réception du premier paquet de protocole de cryptage crypté à l'aide d'un code aléatoire et d'un second paquet de protocole de cryptage crypté à l'aide d'une clé publique de serveur envoyée par le dispositif de routage lorsque le dispositif de routage détermine que le dispositif intelligent est un dispositif de confiance, dans lequel le premier paquet de protocole de cryptage comprend les informations de vérification, et le second paquet de protocole de cryptage comprend le code aléatoire et des informations de dispositif du dispositif intelligent qui peuvent être utilisées pour identifier un constructeur du dispositif intelligent,

    dans lequel l'exécution d'un décryptage sur le premier paquet de protocole de cryptage conformément aux informations de décryptage acquises auprès d'un serveur cible pour obtenir les informations de vérification comprend :

    le téléchargement du second paquet de protocole de cryptage dans le serveur cible par l'intermédiaire du premier LAN sans fil, de telle sorte que le serveur cible exécute un décryptage sur le second paquet de protocole de cryptage en utilisant une clé privé de serveur pour obtenir le code aléatoire ;

    la réception du code aléatoire envoyé par le serveur cible, lorsque le serveur cible détermine que le dispositif intelligent est le dispositif satisfaisant la condition prédéterminée ;

    l'exécution d'un décryptage sur le premier paquet de protocole de cryptage conformément au code aléatoire pour obtenir les informations de vérification.


     
    2. Procédé selon la revendication 1, comprenant en outre :

    la détermination qu'un signal du dispositif de routage existe ou non en contrôlant quand le dispositif intelligent est dans un mode de point d'accès sans aucun terminal couplé au dispositif intelligent ;

    la détection que le dispositif de routage est ou non d'un type cible quand il est contrôlé que le signal du dispositif de routage existe ;

    la détermination qu'une condition de commutation de mode est satisfaite ou non conformément à une force de signal du signal du dispositif de routage quand il est détecté que le dispositif de routage est du type cible ;

    la commutation d'un mode de carte de réseau courant du mode de point d'accès au mode de station mode lorsque la condition de commutation de mode est satisfaite.


     
    3. Procédé selon la revendication 2, dans lequel l'étape de détection que le dispositif de routage est ou non d'un type cible comprend :

    l'acquisition d'un identifiant d'ensemble de services de base (BSSID) du dispositif de routage ;

    la détermination d'un constructeur du dispositif de routage conformément au BSSID ;

    la détermination que le constructeur du dispositif de routage est ou non un constructeur spécifié ;

    la détermination que le dispositif de routage est du type cible si le constructeur du dispositif de routage est le constructeur spécifié.


     
    4. Appareil (600) d'accès à un LAN sans fil, l'appareil étant un dispositif intelligent, comprenant :

    un module d'accès (610), configuré pour accéder à un premier LAN sans fil généré par un dispositif de routage quand le dispositif intelligent est dans un mode de station, dans lequel une permission d'accès du premier LAN sans fil est restreinte de telle sorte que l'accès à une adresse d'un serveur cible soit autorisé et que l'accès à d'autres adresses sauf celle du serveur cible soit interdit ;

    un module de réception (620), configuré pour recevoir un premier paquet de protocole de cryptage comprenant des informations de vérification envoyées par le dispositif de routage lorsque le dispositif de routage détermine que le dispositif intelligent est un dispositif de confiance ;

    un module de décryptage (630), configuré pour exécuter un décryptage sur le premier paquet de protocole de cryptage conformément aux informations de décryptage acquises auprès du serveur cible lorsque le serveur cible détermine que le dispositif intelligent est un dispositif satisfaisant une condition prédéterminée pour obtenir les informations de vérification ;

    dans lequel le module d'accès (610) est configuré en outre pour accéder à un second LAN sans fil conformément aux informations de vérification, le second LAN sans fil ayant une permission d'accès illimité ;

    dans lequel le module de réception (620) est configuré pour :

    recevoir le premier paquet de protocole de cryptage crypté à l'aide d'un code aléatoire et un second paquet de protocole de cryptage crypté à l'aide d'une clé publique de serveur envoyée par le dispositif de routage lorsque le dispositif de routage détermine que le dispositif intelligent est un dispositif de confiance,

    dans lequel le premier paquet de protocole de cryptage comprend les informations de vérification, et le second paquet de protocole de cryptage comprend le code aléatoire et des informations de dispositif du dispositif intelligent qui peuvent être utilisées pour identifier un constructeur du dispositif intelligent,

    dans lequel le module de décryptage (630) comprend :

    un sous-module de téléchargement §631), configuré pour télécharger le second paquet de protocole de cryptage dans le serveur cible par l'intermédiaire du premier LAN sans fil, de telle sorte que le serveur cible exécute un décryptage sur le second paquet de protocole de cryptage en utilisant une clé privé de serveur pour obtenir le code aléatoire ;

    un sous-module de réception (632), configuré pour recevoir le code aléatoire envoyé par le serveur cible, lorsque le serveur cible détermine que le dispositif intelligent est le dispositif satisfaisant la condition prédéterminée ;

    un sous-module de décryptage (633) configuré pour exécuter un décryptage sur le premier paquet de protocole de cryptage conformément au code aléatoire pour obtenir les informations de vérification.


     
    5. Appareil selon la revendication 4, comprenant en outre :

    un module de contrôle (640), configuré pour déterminer qu'un signal du dispositif de routage existe ou non en contrôlant quand le dispositif intelligent est dans un mode de point d'accès sans aucun terminal couplé au dispositif intelligent ;

    un module d'identification de dispositif (650), configuré pour détecter que le dispositif de routage est ou non d'un type cible quand il est contrôlé que le signal du dispositif de routage existe ;

    un module de détermination de commutation (660), configuré pour déterminer qu'une condition de commutation de mode est satisfaite ou non conformément à une force de signal du signal du dispositif de routage quand il est détecté que le dispositif de routage est du type cible ;

    un module de commutation (670), configuré pour commuter un mode de carte de réseau courant du mode de point d'accès au mode de station lorsque la condition de commutation de mode est satisfaite.


     
    6. Appareil selon la revendication 5, dans lequel le module d'identification de dispositif (660) comprend :

    un sous-module d'acquisition d'identifiant (661), configuré pour acquérir un identifiant d'ensemble de services de base (BSSID) du dispositif de routage ;

    un sous-module d'identification de dispositif (662), configuré pour déterminer un constructeur du dispositif de routage conformément au BSSID ;

    un sous-module de détermination (663), configuré pour déterminer que le constructeur du dispositif de routage est ou non un constructeur spécifié ;

    un sous-module de détermination (664), configuré pour déterminer que le dispositif de routage est du type cible si le constructeur du dispositif de routage est le constructeur spécifié.


     
    7. Appareil (700) d'accès à un LAN sans fil, l'appareil étant un dispositif de routage, comprenant :

    un module de détermination (710), configuré pour déterminer qu'un dispositif intelligent est un dispositif de confiance lorsque le dispositif intelligent accède à un premier LAN sans fil, dans lequel une permission d'accès du premier LAN sans fil est restreinte de telle sorte que l'accès à une adresse d'un serveur cible soit autorisé et l'accès à d'autres adresses sauf celle du serveur cible soit interdit ;

    un module d'envoi (720), configuré pour envoyer un premier paquet de protocole de cryptage comprenant des informations de vérification au dispositif intelligent si le dispositif intelligent est le dispositif de confiance, de telle sorte que le dispositif intelligent exécute un décryptage sur le premier paquet de protocole de cryptage conformément à des informations de décryptage acquises auprès du serveur cible pour obtenir les informations de vérification lorsque le serveur cible détermine que le dispositif intelligent est un dispositif satisfaisant une condition prédéterminée, et le dispositif intelligent accède à un second LAN sans fil conformément aux informations de vérification, le second LAN sans fil ayant une permission d'accès illimité ;

    dans lequel le module d'envoi (720) est configuré pour ;

    envoyer le premier paquet de protocole de cryptage crypté à l'aide d'un code aléatoire et un second paquet de protocole de cryptage crypté à l'aide d'une clé publique de serveur au dispositif intelligent si le dispositif intelligent est le dispositif de confiance, dans lequel le premier paquet de protocole de cryptage comprend les informations de vérification, et le second paquet de protocole de cryptage comprend le code aléatoire et des informations de dispositif du dispositif intelligent qui peuvent être utilisées pour identifier un constructeur du dispositif intelligent, de telle sorte que le dispositif intelligent télécharge le second paquet de protocole de cryptage dans le serveur cible, de telle sorte que le serveur cible exécute un décryptage sur le second paquet de protocole de cryptage à l'aide d'une clé privée de serveur pour obtenir le code aléatoire, et le code aléatoire est envoyé au dispositif intelligent lorsqu'il est déterminé que le dispositif intelligent est le dispositif satisfaisant la condition prédéterminée, le code aléatoire étant utilisé par le dispositif intelligent pour exécuter un décryptage sur le premier paquet de protocole de cryptage afin d'obtenir les informations de vérification, et le dispositif intelligent accède au second LAN sans fil conformément aux informations de vérification.


     
    8. Appareil selon la revendication 7, dans lequel le module de détermination (710) comprend :

    un sous-module d'identification de distance (711), configuré pour déterminer une distance entre le dispositif intelligent et le dispositif de routage conformément à une force de signal du signal du dispositif intelligent ;

    un sous-module de détermination (712), configuré pour déterminer que le dispositif intelligent est le dispositif de confiance si la distance entre le dispositif intelligent et le dispositif de routage est inférieure à une distance prédéterminée.


     
    9. Appareil (800) d'accès à un LAN sans fil, l'appareil étant un dispositif cible, comprenant :

    un module d'acquisition (810), configuré pour acquérir des informations de décryptage lorsque le dispositif intelligent reçoit un premier paquet de protocole de cryptage comprenant des informations de vérification envoyées par un dispositif de routage par l'intermédiaire d'un premier LAN sans fil générées par le dispositif de routage, dans lequel une permission d'accès du premier LAN sans fil est restreinte de telle sorte que l'accès à une adresse d'un serveur cible soit autorisé et que l'accès à d'autres adresses sauf celle du serveur cible soit interdit ;

    un module de détermination (820), configuré pour déterminer que le dispositif intelligent est ou non un dispositif satisfaisant une condition prédéterminée ;

    un module d'envoi (830), configuré pour envoyer des informations de décryptage au dispositif intelligent si le dispositif intelligent est le dispositif satisfaisant la condition prédéterminée, de telle sorte que le dispositif intelligent exécute un décryptage sur le premier paquet de protocole de cryptage conformément aux informations de décryptage acquises auprès du serveur cible pour obtenir les informations de vérification, et accède à un second LAN sans fil conformément aux informations de vérification, dans lequel le second LAN sans fil a une permission d'accès illimité ;

    dans lequel le module d'acquisition (810) comprend :

    un sous-module de réception (811), configuré pour recevoir un second paquet de protocole de cryptage téléchargé par le dispositif intelligent par l'intermédiaire du premier LAN sans fil lorsque le dispositif intelligent reçoit le premier paquet de protocole de cryptage crypté à l'aide d'un code aléatoire et le second paquet de protocole de cryptage crypté à l'aide d'une clé publique de serveur qui sont envoyés par le dispositif de routage par l'intermédiaire du premier LAN sans fil ;

    un sous-module de décryptage (812), configuré pour exécuter un décryptage sur le second paquet de protocole de cryptage en utilisant une clé privée de serveur pour obtenir le code aléatoire,

    dans lequel le second paquet de protocole de cryptage comprend en outre des informations de dispositif du dispositif intelligent, et le module de détermination (820) comprend :

    un sous-module d'identification de dispositif (821), configuré pour déterminer un constructeur du dispositif intelligent conformément aux informations de dispositif obtenues après l'exécution du décryptage sur le second paquet de protocole de cryptage à l'aide de la clé privé de serveur ;

    un premier sous-module de détermination (822), configuré pour déterminer que le constructeur du dispositif intelligent est ou non un constructeur spécifié ;

    un second sous-module de détermination (823), configuré pour déterminer que le dispositif intelligent est le dispositif satisfaisant la condition prédéterminée si le constructeur du dispositif intelligent est le constructeur spécifié.


     
    10. Produit-programme informatique comprenant des instructions qui, à leur exécution par un ou plusieurs processeurs d'un appareil, amènent l'appareil à mettre en oeuvre le procédé selon l'une quelconque des revendications 1 à 3.
     
    11. Support de mémorisation non transitoire lisible par ordinateur sur lequel sont mémorisées des instructions qui, à leur exécution par un processeur d'un dispositif terminal, amènent le dispositif terminal à mettre en oeuvre le procédé d'accès à un réseau local LAN sans fil selon l'une quelconque des revendications 1 à 3.
     




    Drawing



































    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description