[go: up one dir, main page]

WO2017020530A1 - Procédé, dispositif et système d'authentification de certificat de réseau local sans fil (wlan) améliorés - Google Patents

Procédé, dispositif et système d'authentification de certificat de réseau local sans fil (wlan) améliorés Download PDF

Info

Publication number
WO2017020530A1
WO2017020530A1 PCT/CN2015/100247 CN2015100247W WO2017020530A1 WO 2017020530 A1 WO2017020530 A1 WO 2017020530A1 CN 2015100247 W CN2015100247 W CN 2015100247W WO 2017020530 A1 WO2017020530 A1 WO 2017020530A1
Authority
WO
WIPO (PCT)
Prior art keywords
sta
certificate
authentication
signature information
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/100247
Other languages
English (en)
Chinese (zh)
Inventor
秦严
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Publication of WO2017020530A1 publication Critical patent/WO2017020530A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an enhanced WLAN certificate authentication method, apparatus, and system.
  • WLAN Wireless Local Access Network
  • WAPI WLAN Authentication and Privacy Infrastructure
  • WPI WLAN Privacy Infrastructure
  • the embodiment of the invention discloses an enhanced method and device for WLAN certificate authentication, which can increase the mutual authentication function between the STA and the AP before the AS performs bidirectional certificate authentication on the STA and the AP, thereby ensuring the unique identity of the STA and the AP.
  • Sexuality and unforgeability improve the security of the WLAN certificate authentication process.
  • a first aspect of the embodiments of the present invention provides an enhanced method for WLAN certificate authentication, which is used in an access point, where the method includes:
  • the AP sends an authentication activation message to the STA to trigger the STA to perform identity verification on the AP, where the authentication activation message carries an AP certificate and first AP signature information.
  • an access authentication request message sent by the STA after performing identity verification on the AP performing identity verification on the STA according to the pre-stored public key of the STA and the access authentication request message, where
  • the access authentication request message carries an STA certificate, an access authentication request time, and STA signature information.
  • the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, sends a certificate authentication request message to the AS to trigger the AS to perform bidirectional certificate authentication and send a certificate authentication response.
  • the AP performs access control on the STA according to the STA certificate authentication result carried in the certificate authentication response message sent by the AS, and sends an access authentication response message to the STA.
  • the STA signature information is information obtained by encrypting the STA certificate and the access authentication request time by a STA private key
  • the authenticating the STA according to the pre-stored public key of the STA and the access authentication request message includes:
  • the certificate authentication request message carries the STA certificate, the access authentication request time, and the STA The signature information, the AP certificate, and the second AP signature information, where the second AP signature information is an AP's private key to the STA certificate, the access authentication request time, the STA signature, and the AP The information obtained after the certificate is encrypted.
  • the authentication activation message further carries an authentication activation time.
  • a second aspect of the embodiments of the present invention provides an enhanced method for WLAN certificate authentication, which is used in a terminal, where the method includes:
  • the STA receives the authentication activation message sent by the AP, and the STA performs identity verification on the AP according to the pre-stored public key of the AP and the authentication activation message, where the authentication activation message carries the AP certificate and the first AP signature information;
  • the STA verifies that the AP identity corresponding to the first AP signature information matches the AP certificate and the AP certificate is valid, sending an access authentication request message to the AP to trigger the AP to The STA performs the authentication, where the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information;
  • the STA After the STA receives the access authentication response message sent by the AS after performing the bidirectional certificate authentication, the STA obtains the AP certificate authentication result from the access authentication response message, according to the The AP certificate authentication result determines whether to access the AP.
  • the first AP signature information is information obtained by encrypting the AP certificate by a private key of the AP
  • the authentication activation message further carries an authentication activation time, where the first AP signature information is an AP's private key, and the AP certificate and the authentication activation time are encrypted. After getting the information.
  • a third aspect of the embodiments of the present invention provides a WLAN access point device, including:
  • a sending unit configured to send an authentication activation message to the STA, to trigger the STA to perform identity verification on the access point device, where the authentication activation message carries an AP certificate and first AP signature information;
  • a receiving unit configured to receive an access authentication request message sent by the STA after performing identity verification on the access point device
  • a processing unit configured to perform identity verification on the STA according to the pre-stored public key of the STA and the access authentication request message, after the receiving unit receives the access authentication request message, where
  • the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information;
  • the sending unit is further configured to: if the processing unit verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, send a certificate authentication request message to the AS to trigger the AS Performing a two-way certificate authentication and transmitting a certificate authentication response message;
  • the receiving unit is further configured to receive a certificate authentication response message sent by the AS;
  • the processing unit is further configured to perform access control on the STA according to the STA certificate authentication result carried in the certificate authentication response message received by the receiving unit;
  • the sending unit is further configured to send an access authentication response message to the STA.
  • the STA signature information is information obtained by encrypting the STA certificate and the access authentication request time by a STA private key
  • the processing unit is specifically configured to:
  • the certificate authentication request message carries the STA certificate, the access authentication request time, and the STA The signature information, the AP certificate, and the second AP signature information, where the second AP signature information is an AP's private key to the STA certificate, the access authentication request time, the STA signature, and the AP The information obtained after the certificate is encrypted.
  • the authentication activation message further carries an authentication activation time.
  • a fourth aspect of the embodiments of the present invention provides a WLAN terminal device, including:
  • a receiving unit configured to receive an authentication activation message sent by the AP
  • a processing unit after the receiving unit receives the authentication activation message sent by the AP, performing identity verification on the AP according to the pre-stored public key of the AP and the authentication activation message, where the authentication
  • the activation message carries the AP certificate and the first AP signature information.
  • a sending unit configured to: after the processing unit verifies that the AP identity corresponding to the AP signature information matches the AP certificate and the AP certificate is valid, send an access authentication request message to the AP to trigger the The AP performs identity verification on the STA, where the access authentication request message carries an STA certificate, an access authentication request time, and STA signature information;
  • the receiving unit is further configured to: receive an access authentication response message that is sent after the AP performs identity verification on the STA, and then triggers the AS to perform bidirectional certificate authentication;
  • the processing unit is further configured to: after receiving the access authentication response message sent by the AP, the receiving unit obtains an AP certificate authentication result from the access authentication response message, and determines, according to the AP certificate authentication result Whether to access the AP.
  • the first AP signature information is information obtained by encrypting the AP certificate by a private key of the AP;
  • the processing unit is specifically configured to:
  • the authentication activation message received by the receiving unit further carries an authentication activation time, where the first AP signature information is an AP private key pair, the AP certificate, and the Identifies the information obtained after the activation time is encrypted.
  • a fifth aspect of the embodiments of the present invention provides a WLAN certificate authentication system, where the system includes an access point device AP, a terminal device STA, and an authentication server AS, where:
  • the STA verifies that the AP identity corresponding to the first AP signature information matches the AP certificate and the AP certificate is valid, sending an access authentication request message to the AP, where the access authentication
  • the request message carries the STA certificate, the access authentication request time, and the STA signature information
  • the AS receives the certificate authentication request message, performs bidirectional certificate authentication on the STA and the AP according to the certificate authentication request message, and sends a certificate authentication response message to the AP according to the authentication result;
  • the STA receives the access authentication response message, obtains an AP certificate authentication result from the access authentication response message, and determines whether to access the AP according to the AP certificate authentication result.
  • the STA signature information is information obtained by encrypting, by the STA's private key, the STA certificate and the access authentication request time; the AP is configured according to the pre-stored public key of the STA and the The authentication request message is used to authenticate the STA, including:
  • the AP decrypts the STA signature information in the access authentication request message by using the pre-stored public key of the STA to obtain the STA identity corresponding to the STA signature information.
  • the AP verifies whether the STA identity corresponding to the STA signature information matches the STA certificate, and verifies whether the STA certificate is valid.
  • the certificate authentication request message carries the STA certificate, the access authentication request time, the STA signature information, the AP certificate, and the second AP signature information, where the second AP signature information is Information obtained by encrypting the STA certificate, the access authentication request time, the STA signature, and the AP certificate by a private key of the AP.
  • the authentication activation message further carries an authentication activation time, where the first AP signature information is information obtained by encrypting the AP certificate and the authentication activation time by a private key of the AP.
  • the first AP signature information is information obtained by encrypting the AP certificate by a private key of the AP
  • the STA is configured to the AP according to the pre-stored public key of the AP and the authentication activation message.
  • the STA decrypts the first AP signature information in the authentication activation message by using the pre-stored public key of the AP to obtain the STA identity corresponding to the first AP signature information.
  • the STA verifies whether the AP identity corresponding to the first AP signature information matches the AP certificate, and verifies whether the AP certificate is valid.
  • the AP sends an authentication activation message carrying the AP certificate and the first AP signature to the STA; after the STA receives the authentication activation message sent by the AP, the STA performs the public key and the authentication according to the pre-stored AP.
  • the activation message is used to authenticate the AP. If the AP verifies that the AP identity corresponding to the AP signature information matches the AP certificate and the AP certificate is valid, the AP sends an access authentication request message to the AP to trigger the AP to perform identity verification on the STA.
  • the incoming authentication request message carries the STA certificate, the access authentication request time, and the STA signature information.
  • the AP After receiving the access authentication request message sent by the STA, the AP performs the STA according to the pre-stored STA public key and the access authentication request message.
  • the authentication if the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, sends a certificate authentication request message to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication response message.
  • the technical solution proposed by the embodiment of the present invention can increase the mutual authentication function between the STA and the AP before the STA performs the bidirectional certificate authentication on the STA and the AP, thereby ensuring the STA and the AP.
  • the uniqueness and unforgeability of identity enhances the security of the WLAN certificate authentication process.
  • FIG. 1 is a schematic flowchart of a WLAN certificate authentication method in the prior art according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of an enhanced WLAN certificate authentication method according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic flowchart of an enhanced WLAN certificate authentication method according to Embodiment 2 of the present invention.
  • FIG. 4 is a schematic structural diagram of an access point device according to Embodiment 3 of the present invention.
  • FIG. 5 is a schematic structural diagram of another access point device according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic structural diagram of a terminal device according to Embodiment 5 of the present invention.
  • FIG. 7 is a schematic structural diagram of another terminal device according to Embodiment 6 of the present invention.
  • FIG. 8 is a schematic structural diagram of a WLAN certificate authentication system according to Embodiment 7 of the present invention.
  • the public key cryptography used by WAI is a more advanced encryption method than WiFi.
  • the authentication server issues public key digital certificates and provides public key certificates for terminals (STAs) and access points (APs). Proof of sex.
  • the AS is responsible for managing the digital certificates (including generation, issuance, revocation, update, etc.) required by all parties involved in the online information exchange, and is the core of the secure exchange of electronic information.
  • Both the STA and the AP are installed with the public key certificate issued by the AS as their own digital identity certificate.
  • the AS When the STA logs in to the AP, the AS must perform two-way certificate authentication between the STA and the AP before accessing the network. In the case of a certificate, the STA can access the AP to access the network. In this way, the STA that holds the legal certificate can access the AP that holds the legal certificate, prevent the illegal STA from accessing the AP and occupy the network resource, and prevent the STA from leaking the STA through the legal STA.
  • Public key certificates are the most important part of WAI.
  • the identity of the network device can be uniquely determined by the certificate and the private key.
  • the public key certificate is the digital identity certificate of the network device in the network environment.
  • the combination of the cryptographic technology and the security protocol can ensure the uniqueness, unforgeability and other capabilities of the device identity. performance.
  • the certificate authentication process of the WAI technology can be seen in FIG. 1.
  • the certificate authentication process of the WAI technology includes the following steps: 1. When the STA is associated with the AP, the AP sends an authentication activation to the STA to start the entire authentication. process. 2. After receiving the authentication activation message, the STA sends an access authentication request message to the AP, including the STA certificate and the current system time of the STA. 3. After receiving the access authentication request message, the AP first records the system time in the message as the access authentication request time, and then sends the STA certificate, the access authentication request time, the AP certificate, and the AP's private key to the AS.
  • the certificate authentication request message is formed by the signature; after receiving the certificate authentication request message sent by the AP, the AS performs AP signature verification on the certificate authentication request message. If the verification fails, the authentication process fails, otherwise the AP certificate is further verified. The validity of the book and STA certificate. 4. After the AS authenticates the AP and the STA, the STA certificate authentication result information (including the STA certificate and the STA authentication result) and the AP certificate authentication result information (including the AP certificate, the AP authentication result, and the access authentication request time) and The certificate authentication response message formed by the private key of the AS is sent to the AP.
  • the AP performs AS signature verification on the certificate authentication response message sent by the AS to obtain the authentication result of the STA certificate, and performs access control on the STA according to the result. 5.
  • the AP sends the received certificate authentication response message to the STA.
  • the STA After the STA verifies the signature of the AS, the STA obtains the authentication result of the AP certificate, and determines whether to access the AP according to the authentication result.
  • the STA and the AP have completed the two-way authentication process. If the STA certificate is successfully authenticated, the AP allows the STA to access. Otherwise, the STA is disconnected. If the AP certificate is successfully authenticated, the STA decides to access the AP. Otherwise, the AP does not access the AP. .
  • the network attacker can easily fake the AP identity and send the authentication activation to the STA.
  • the STA After receiving the authentication activation message, the STA sends an access authentication request message carrying the STA certificate to the fake AP, so that the fake AP obtains the STA certificate, and then uses the obtained STA certificate to impersonate the STA identity to access the legal AP, and then passes the AS.
  • the certificate After the certificate is authenticated, it accesses the network and achieves the purpose of network attack.
  • the embodiments of the present invention provide an enhanced WLAN certificate authentication method, device, and system.
  • the method can be implemented in a STA and an AP of a wireless local area network, and can ensure the uniqueness of STA and AP identity during STA access to the AP. And unforgeability, improve the security of the WLAN certificate authentication process.
  • FIG. 2 is a schematic flowchart diagram of a method for enhancing WLAN certificate authentication according to Embodiment 1 of the present invention.
  • an enhanced WLAN certificate authentication method provided in Embodiment 1 of the present invention can be used in an AP, and can include the following steps:
  • the AP sends an authentication activation message to the STA to trigger the STA to perform identity verification on the AP, where the authentication activation message carries the AP certificate and the first AP signature information.
  • the AP When the STA is associated with the AP, the AP sends an authentication activation message to the STA to start the certificate authentication process.
  • the authentication activation message is also used to trigger the STA to perform identity verification on the AP, and the authentication activation message carries The identity information of the AP, that is, the AP certificate and the first AP signature information.
  • the AP certificate is issued by the AS and can be used to prove the identity of the AP.
  • the first AP signature information is the information obtained by the AP using the private key to encrypt the AP certificate, and is used to ensure that the identity of the AP entity is not falsified. Unforgeable.
  • the STA After receiving the authentication activation message sent by the AP, the STA authenticates the AP according to the pre-stored AP's public key and the authentication activation message. Specifically, the STA first uses the public key of the pre-stored AP to perform the signature algorithm decryption on the first AP signature information in the authentication activation message, and the information obtained after the decryption is the STA identity corresponding to the first AP signature information, and the STA verifies the first Whether the AP identity corresponding to an AP signature information matches the AP certificate in the authentication activation message.
  • the first AP signature verification is passed, and the identity of the AP is confirmed to be consistent with the real identity of the AP, and then the validity of the AP certificate is verified, and the AP certificate is verified. If the certificate is valid, the AP certificate is verified and the AP can be confirmed as a legitimate user. After the first AP signature and the AP certificate are verified, the identity of the AP is fully verified, and the STA sends an access authentication request message to the AP. If the AP signature or the AP certificate fails to pass the verification, the AP is an illegal access point. , suspend the certificate identification process.
  • the authentication activation message sent by the AP to the STA may further include an authentication activation time, which is used to indicate the time when the AP sends the authentication activation message, so that the STA distinguishes different authentication processes.
  • the AP receives an access authentication request message sent by the STA after performing identity verification on the AP, and performs identity verification on the STA according to the pre-stored public key of the STA and the access authentication request message, where the access authentication request message carries the STA certificate. Access authentication request time and STA signature information.
  • the STA if the STA successfully authenticates the AP, the STA The AP sends an access authentication request message.
  • the AP receives the access authentication request message, the AP performs identity verification on the STA according to the pre-stored STA public key and the access authentication request message, and the access authentication request message carries the STA certificate.
  • Access authentication request time and STA signature information The STA certificate is issued by the AS and can be used to prove the identity of the STA.
  • the STA signature information is obtained by the STA using the private key to encrypt the STA certificate and the access authentication request time. Not falsified, unforgeable.
  • the STA signature information in the access authentication request message is decrypted by using the public key of the pre-stored STA, and the STA signature information is obtained from the decrypted information.
  • the STA identity verifies whether the STA identity corresponding to the STA signature information matches the STA certificate. If the STA identity corresponding to the STA signature information is matched with the STA certificate, the STA signature verification is passed, and it can be confirmed that the identity declared by the STA is consistent with the true identity of the STA, and then the STA certificate is verified as a valid certificate, and if the STA certificate is a valid certificate. Then, the STA certificate is verified, and it can be confirmed that the STA is a legitimate user. If the STA signature verification fails or the STA certificate fails to pass, the STA is an illegal user and the certificate authentication process is aborted.
  • the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, sends a certificate authentication request message to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication response message.
  • the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, indicating that the identity of the STA is fully verified.
  • the AP first records the access authentication request time and the STA certificate carried in the access authentication request message, and then sends a certificate authentication request message to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication response message.
  • the certificate authentication request message carries an STA certificate, an access authentication request time, an AP certificate, and a second AP signature information.
  • the second AP signature information is information obtained by encrypting the STA certificate, the access authentication request time, and the AP certificate by the private key of the AP.
  • the certificate authentication request message sent by the AP to the AS may further carry the STA signature information, where the STA signature information is obtained by the AP from the access authentication request message sent by the STA, that is, the certificate authentication request message.
  • the STA certificate, the access authentication request time, the STA signature information, the AP certificate, and the second AP signature information are carried.
  • the second AP signature information is the AP's private key pair STA certificate and access profile. Do not request time, STA signature and AP certificate to obtain the information obtained by the signature algorithm encryption.
  • the AS After receiving the certificate authentication request message sent by the AP, the AS decrypts the second AP signature information in the certificate authentication request message by using the public key of the pre-stored AP, and obtains the second AP signature information from the decrypted information. AP identity. If the AP identity corresponding to the second AP signature information matches the AP certificate, the second AP signature verification is passed, and the STA signature information in the certificate authentication request message is used to decrypt the signature algorithm by using the pre-stored STA public key. After the information of the STA corresponding to the STA signature information is obtained, if the STA identity corresponding to the STA signature information matches the STA certificate, the STA signature verification is passed.
  • the AS re-verifies whether the AP certificate and the STA certificate are valid certificates.
  • the signature verification can confirm whether the declared identity of the AP and the STA is consistent with the real identity, and the certificate verification can confirm whether the AP and the STA are legitimate users. If the second AP signature is verified and the AP certificate is verified, the AS determines that the AP certificate is successfully authenticated, otherwise the AP certificate authentication fails; if the STA signature passes the verification and the STA certificate passes the verification, the AS determines that the STA certificate is successfully authenticated, otherwise the STA certificate is authenticated. failure.
  • the AS generates a certificate authentication response message according to the bidirectional certificate authentication result and sends the message to the AP.
  • the AP performs access control on the STA according to the STA certificate authentication result carried in the certificate authentication response message sent by the received AS, and sends an access authentication response message to the STA.
  • the certificate authentication response message sent by the AS to the AP carries the STA certificate authentication result (including the STA certificate and the STA authentication result), the AP certificate authentication result information (including the AP certificate, the AP authentication result, and the access authentication request time), and the private key of the AS.
  • the AP After receiving the certificate authentication response message sent by the AS, the AP performs signature verification on the AS and performs access authentication request time verification using the public key of the pre-stored AS. If the authentication process fails, the certificate authentication process fails. Otherwise, the STA authentication result is obtained from the certificate authentication response message.
  • the AP performs access control on the STA according to the result, and sends the access to the STA. Authentication response message.
  • the AP when the STA is associated with the AP, the AP sends an authentication activation message carrying the AP certificate and the first AP signature to the STA. After the STA receives the authentication activation message sent by the AP, the STA stores the STA according to the pre-stored The public key of the AP and the authentication activation message authenticate the AP. If the AP verifies that the AP identity corresponding to the AP signature information matches the AP certificate and the AP certificate is valid, the AP sends an access authentication request message to the AP to trigger the AP to the STA.
  • the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information; when the AP receives the STA After the sent access authentication request message is sent, the STA is authenticated according to the pre-stored STA's public key and the access authentication request message. If the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, Then, a certificate authentication request message is sent to the AS to trigger the AS to perform two-way certificate authentication and send a certificate authentication response message.
  • the technical solution proposed by the embodiment of the present invention can increase the mutual identity verification function between the STA and the AP before the STA performs the bidirectional certificate authentication on the STA and the AP, thereby ensuring the identity of the STA and the AP.
  • the uniqueness and unforgeability improve the security of the WLAN certificate authentication process.
  • FIG. 3 is a schematic flowchart of an enhanced WLAN certificate authentication method according to Embodiment 2 of the present invention.
  • the method provided in the second embodiment may include the following steps:
  • the STA receives the authentication activation message sent by the AP, and the STA performs identity verification according to the public key of the pre-stored AP and the authentication activation message, where the authentication activation message carries the AP certificate and the first AP signature information.
  • the AP When the STA is associated with the AP, the AP sends an authentication activation message to the STA to start the certificate authentication process.
  • the authentication activation message is further used to trigger the STA to perform identity verification on the AP, and the STA receives the AP to send the The authentication message is authenticated, and the STA authenticates the AP according to the public key of the pre-stored AP and the authentication activation message.
  • the authentication activation message carries the identity information of the AP, that is, carries the AP certificate and the first AP signature information.
  • the AP certificate is issued by the AS and can be used to prove the identity of the AP.
  • the first AP signature information is the information obtained by the AP using the private key to encrypt the AP certificate, and is used to ensure that the identity of the AP entity is not falsified. Unforgeable.
  • the STA first uses the public key of the pre-stored AP to perform the signature algorithm decryption on the first AP signature information in the authentication activation message, and the information obtained after the decryption is the STA identity corresponding to the first AP signature information, and the STA verifies the first Whether the AP identity corresponding to an AP signature information matches the AP certificate in the authentication activation message. If the identity of the AP corresponding to the first AP signature information is matched with the AP certificate, the first AP signature verification is passed, and the identity of the AP is confirmed to be consistent with the real identity of the AP, and then the validity of the AP certificate is verified, and the AP certificate is verified. If the certificate is valid, the AP certificate is verified and the AP can be confirmed as a legitimate user. If the AP signature or AP certificate fails to pass the verification, the AP is an illegal access point and the certificate authentication process is aborted.
  • the authentication activation message sent by the AP to the STA may further include an authentication activation time, which is used to indicate the time when the AP sends the authentication activation message, so that the STA distinguishes different authentication processes.
  • the AP sends an access authentication request message to the AP to trigger the AP to perform identity verification on the STA, where the access authentication request message is carried.
  • STA certificate, access authentication request time, and STA signature information are included in the STA.
  • the AP identity corresponding to the AP signature information is matched with the AP certificate and the AP certificate is valid, indicating that the identity of the AP is fully verified.
  • the STA sends an access authentication request message to the AP.
  • the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information.
  • the STA certificate is issued by the AS and can be used to prove the identity of the STA.
  • the STA signature information is obtained by the STA using the private key to encrypt the STA certificate and the access authentication request time. Not falsified, unforgeable.
  • the AP When the AP receives the access authentication request message, the AP performs identity verification on the STA according to the pre-stored STA's public key and the access authentication request message.
  • the AP For the specific implementation of the AP to authenticate the STA, refer to the first embodiment of the present invention. Step S102, and details are not described herein again.
  • the STA When the STA receives the access authentication response message sent by the AS after performing the bidirectional certificate authentication, the STA obtains the AP certificate authentication result from the access authentication response message, and determines whether to access according to the AP certificate authentication result. AP.
  • the AP If the AP passes the authentication of the STA, the AP records the access authentication request time and the STA certificate in the access authentication request message, and then sends a certificate authentication request message to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication response message.
  • the certificate authentication request message carries an STA certificate, an access authentication request time, an AP certificate, and a second AP signature information.
  • the second AP signature information is information obtained by encrypting the STA certificate, the access authentication request time, and the AP certificate by the private key of the AP.
  • the certificate authentication request message sent by the AP to the AS may further carry the STA signature information, where the STA signature information is obtained by the AP from the access authentication request message sent by the STA, that is, the certificate authentication request message.
  • the STA certificate, the access authentication request time, the STA signature information, the AP certificate, and the second AP signature information are carried.
  • the second AP signature information is information obtained by encrypting the STA certificate, the access authentication request time, the STA signature, and the AP certificate by the signature algorithm of the private key of the AP.
  • the specific implementation of the two-way certificate authentication according to the certificate authentication request message may refer to step S103 of the first embodiment of the present invention, and details are not described herein again.
  • the certificate authentication response message sent by the AS to the AP carries the STA certificate authentication result (including the STA certificate and the STA authentication result), the AP certificate authentication result information (including the AP certificate, the AP authentication result, and the access authentication request time), and the private key of the AS.
  • the AP obtains the certificate authentication response message sent by the AS
  • the AP obtains the STA certificate authentication result from the certificate authentication response message, and the AP performs access control on the STA according to the result, and An access authentication response message is sent to the STA.
  • the access authentication response message carries the STA certificate authentication result (including the STA certificate and the STA authentication result), the AP certificate authentication result information (including the AP certificate, the AP authentication result, and the access authentication request time), and the AP's private key to perform the above information.
  • the third AP signature information obtained by the signature algorithm is encrypted.
  • the STA uses the public key of the pre-stored AP to perform signature verification on the AP and perform access authentication request time verification. If the AP signature verification or access authentication time verification is not performed, The certificate authentication process is aborted. Otherwise, the AP certificate authentication result is obtained from the access authentication response message, and the STA determines whether to access the AP according to the AP certificate authentication result.
  • the AP when the STA is associated with the AP, the AP sends an authentication activation message carrying the AP certificate and the first AP signature to the STA. After the STA receives the authentication activation message sent by the AP, the STA stores the STA according to the pre-stored The public key of the AP and the authentication activation message authenticate the AP. If the AP verifies that the AP identity corresponding to the AP signature information matches the AP certificate and the AP certificate is valid, the AP sends an access authentication request message to the AP to trigger the AP to the STA. The authentication is performed, where the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information.
  • the AP After the AP receives the access authentication request message sent by the STA, the AP performs the public key according to the pre-stored STA.
  • the authentication request message is used to authenticate the STA. If the AP verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, the AS sends a certificate authentication request message to the AS to trigger the AS to perform mutual authentication and send the certificate. Authentication response message. It can be seen that the technical solution proposed by the embodiment of the present invention can increase the mutual authentication function between the STA and the AP before the STA performs the bidirectional certificate authentication on the STA and the AP, thereby ensuring the STA and the AP. The uniqueness and unforgeability of identity enhances the security of the WLAN certificate authentication process.
  • Embodiment 3 of the present invention provides an access point device for implementing an enhancement proposed by the present invention.
  • WLAN certificate authentication method Referring to FIG. 4, the access point device a00 may include a transmitting unit a10, a receiving unit a20, and a processing unit a30.
  • the sending unit a10 is configured to send an authentication activation message to the STA to trigger the STA to perform identity verification on the access point device, where the authentication activation message carries the AP certificate and the first AP signature information.
  • the receiving unit a20 is configured to receive an access authentication request message sent by the STA after performing identity verification on the access point device;
  • the processing unit a30 is configured to perform identity verification on the STA according to the pre-stored public key of the STA and the access authentication request message, after the receiving unit a20 receives the access authentication request message, where the access authentication request message carries the STA certificate. Access authentication request time and STA signature information;
  • the sending unit a10 is further configured to: if the processing unit a30 verifies that the STA identity corresponding to the STA signature information matches the STA certificate and the STA certificate is valid, send a certificate authentication request message to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication. Response message
  • the receiving unit a20 is further configured to receive a certificate authentication response message sent by the AS;
  • the processing unit a30 is further configured to perform access control on the STA according to the STA certificate authentication result carried in the certificate authentication response message received by the receiving unit a20;
  • the sending unit a10 is further configured to send an access authentication response message to the STA.
  • the STA signature information in the access authentication request message is information obtained by encrypting the STA certificate and the access authentication request time by the private key of the STA.
  • the processing unit a30 decrypts the STA signature information in the access authentication request message by using the public key of the pre-stored STA to obtain the STA identity corresponding to the STA signature information, and verifies whether the STA identity corresponding to the STA signature information matches the STA certificate, and Verify that the STA certificate is valid.
  • the certificate authentication request message carries the STA certificate, the access authentication request time, the STA signature information, the AP certificate, and the second AP signature information, and the second AP signature information is the AP private key to the STA certificate, the access authentication request time, and the STA.
  • the information obtained after the signature and AP certificate are encrypted.
  • the technical solution proposed by the embodiment of the present invention can increase the mutual relationship between the STA and the access point device before the AS performs the bidirectional certificate authentication on the STA and the access point device, that is, in the process of the STA accessing the access point device.
  • the authentication function ensures the uniqueness and unforgeability of the STA and access point device identity, which improves the security of the WLAN certificate authentication process.
  • Embodiment 4 of the present invention provides another access point device for implementing an increase proposed by the present invention.
  • Strong WLAN certificate authentication method Referring to FIG. 5, the device b00 includes a processor b10, a memory b20, a bus system b30, a receiver b40, and a transmitter b50.
  • the processor b10, the memory b20, the receiver b40 and the transmitter b50 are connected by a bus system b30 for storing instructions for executing the instructions stored in the memory b20 to control the receiver b40 to receive.
  • the signal is controlled and the transmitter b50 transmits a signal to complete the steps in the enhanced WLAN certificate authentication method described above.
  • the receiver b40 and the transmitter b50 may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
  • the method steps performed by the device b00 may at least include:
  • the certificate authentication request message is sent to the AS to trigger the AS to perform the two-way certificate authentication and send the certificate authentication response message;
  • the STA performs access control according to the STA certificate authentication result carried in the certificate authentication response message sent by the received AS, and sends an access authentication response message to the STA.
  • the fifth embodiment of the present invention provides a terminal device for implementing an enhanced WLAN certificate authentication method proposed by the present invention.
  • the terminal device c00 may include a receiving unit c10, a processing unit c20, and a transmitting unit c30.
  • the receiving unit c10 is configured to receive an authentication activation message sent by the AP.
  • the processing unit c20 is configured to: after receiving the authentication activation message sent by the AP, the receiving unit c10 performs identity verification on the AP according to the public key of the pre-stored AP and the authentication activation message, where the authentication activation message carries the AP certificate and the first AP. Signature information;
  • the sending unit c30 is configured to verify, at the processing unit c20, the AP identity and the AP corresponding to the AP signature information. After the certificate is matched and the AP certificate is valid, the AP sends an access authentication request message to the AP to trigger the AP to perform authentication on the STA, where the access authentication request message carries the STA certificate, the access authentication request time, and the STA signature information.
  • the receiving unit c10 is further configured to: receive an access authentication response message that is sent after the AP performs bidirectional certificate authentication after the AP performs identity verification on the STA;
  • the processing unit c20 is further configured to: after receiving the access authentication response message sent by the AP, the receiving unit c10 obtains an AP certificate authentication result from the access authentication response message, and determines whether to access the AP according to the AP certificate authentication result.
  • the first AP signature information is information obtained by encrypting the AP certificate by the AP private key; the processing unit c20 decrypts the first AP signature information in the authentication activation message by using the pre-stored AP public key to obtain the first
  • the STA identity corresponding to the AP signature information is verified whether the AP identity corresponding to the first AP signature information matches the AP certificate, and the AP certificate is valid.
  • the authentication activation message received by the receiving unit c10 further carries the authentication activation time, and the first AP signature information is information obtained by encrypting the AP private key to the AP certificate and the authentication activation time.
  • the technical solution proposed by the embodiment of the present invention can increase the mutual identity verification function between the terminal device and the AP before the AS performs the two-way certificate authentication on the terminal device and the AP, thereby ensuring mutual authentication between the terminal device and the AP.
  • the uniqueness and unforgeability of the terminal device and the AP identity improve the security of the WLAN certificate authentication process.
  • Embodiment 6 of the present invention provides another terminal device for implementing an enhanced WLAN certificate authentication method proposed by the present invention.
  • the device d00 includes a processor d10, a memory d20, a bus system d30, a receiver d40, and a transmitter d50.
  • the processor d10, the memory d20, the receiver d40 and the transmitter d50 are connected by a bus system d30 for storing instructions, and the processor d10 is configured to execute the instructions stored in the memory d20 to control the receiver d40 to receive Signaling, and controlling the transmitter d50 to transmit a signal, completes the steps in the enhanced WLAN certificate authentication method described above.
  • the receiver d40 and the transmitter d50 may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
  • the method steps performed by the device d00 may at least include:
  • the AP sends an access authentication request message to the AP to trigger the AP to perform identity verification on the STA, where the access authentication request message carries the STA. Certificate, access authentication request time, and STA signature information;
  • the AS After receiving the AP to authenticate the STA, the AS sends an access authentication response message sent by the AS to perform the two-way certificate authentication, obtains the AP certificate authentication result from the access authentication response message, and determines whether to access the AP according to the AP certificate authentication result.
  • FIG. 8 is a schematic structural diagram of a WLAN certificate authentication system according to Embodiment 7 of the present invention. As shown in FIG. 8, the system includes: The in-point device 710, the terminal device 720, and the authentication server 730.
  • the access point device 710 is an access point device provided by the above embodiments of the present invention for implementing an enhanced WLAN certificate authentication method of the present invention
  • the terminal device 720 is the terminal device for implementing the enhanced WLAN certificate authentication method of the present invention provided by the foregoing embodiments of the present invention.
  • the authentication server 730 is configured to perform bidirectional certificate authentication on the terminal device 720 and the access point device 710 according to the certificate authentication request message after receiving the certificate authentication request message sent by the access point device 710, and provide the access point to the access point according to the authentication result.
  • Device 710 sends a certificate authentication response message.
  • the certificate authentication request message may carry the STA certificate, the access authentication request time, the STA signature information, the AP certificate, and the second AP signature information, where the second AP signature information is the AP private key to the STA certificate, the access authentication request time, The information obtained after the STA signature and the AP certificate are encrypted.
  • the authentication server 730 After receiving the certificate authentication request message sent by the access point device 710, the authentication server 730 decrypts the second AP signature information in the certificate authentication request message by using the public key of the pre-stored AP, and obtains the first information from the decrypted information.
  • the AP identity corresponding to the second AP signature information is the public key of the pre-stored AP.
  • the second AP signature verification is passed, and the STA signature information in the certificate authentication request message is used to decrypt the signature algorithm by using the pre-stored STA public key.
  • the STA signature verification is passed.
  • Authentication server 730 re-authenticates AP Whether the certificate and the STA certificate are valid certificates. The signature verification can confirm whether the declared identity of the AP and the STA is consistent with the real identity, and the certificate verification can confirm whether the AP and the STA are legitimate users.
  • the authentication server 730 determines that the AP certificate authentication is successful, otherwise the AP certificate authentication fails; if the STA signature passes the verification and the STA certificate passes the verification, the authentication server 730 determines that the STA certificate is successfully authenticated. Otherwise, the STA certificate authentication fails.
  • the authentication server 730 generates a certificate authentication response message to the access point device 710 according to the above bidirectional certificate authentication result.
  • aspects of the present invention, or possible implementations of various aspects may be embodied as a system, method, or computer program product.
  • aspects of the invention, or possible implementations of various aspects may take the form of a computer program product, which is a computer readable program code stored in a computer readable medium.
  • the computer readable medium can be a computer readable data medium or a computer readable storage medium.
  • the computer readable storage medium includes, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing, such as random access memory (RAM), read only memory (ROM), Erase programmable read-only memory (EPROM or flash memory), optical fiber, portable read-only memory (CD-ROM).
  • the processor in the computer reads the computer readable program code stored in the computer readable medium such that the processor is capable of performing the various functional steps specified in each step of the flowchart, or a combination of steps; A device that functions as specified in each block, or combination of blocks.
  • the computer readable program code can execute entirely on the user's computer, partly on the user's computer, as a separate software package, partly on the user's local computer and partly on the remote computer, or entirely on the remote computer or server. carried out. It should also be noted that in some alternative implementations, the functions noted in the various steps in the flowcharts or in the blocks in the block diagrams may not occur in the order noted. For example, two steps, or two blocks, shown in succession may be executed substantially concurrently or the blocks may be executed in the reverse order.
  • the disclosed apparatus may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the functional units is only a logical function division. In the specific implementation, there may be other division manners, for example, multiple units may be combined into the same subsystem. Or implemented in a module, or split a unit into several Unit implementations, or some implementation features may be ignored or not implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Conformément à un mode de réalisation, la présente invention concerne un procédé d'authentification de certificat de réseau local sans fil (WLAN) amélioré. Le procédé consiste : à faire envoyer, par un point d'accès (AP), à une station (STA), un message d'activation d'authentification pour amener la STA à effectuer une vérification d'identité pour l'AP, le message d'activation d'authentification acheminant un certificat d'AP et les premières informations de signature d'AP ; à faire recevoir, par l'AP, un message de requête d'authentification d'accès envoyé par la STA après la vérification d'identité de l'AP, et à effectuer, selon une clé publique de la STA et le message de requête d'authentification d'accès, une vérification d'identité pour la STA ; si l'AP vérifie qu'une identité de STA correspondant à des informations de signature de STA correspond à un certificat de STA, et que le certificat de STA est valide, alors envoyer un message de requête d'authentification de certificat à un AS pour amener l'AS à exécuter une authentification de certificat bidimensionnelle. La solution technique de la présente invention peut ajouter une fonction de vérification d'identité entre une STA et un AP avant qu'un AS n'effectue une authentification de certificat bidimensionnelle, garantissant ainsi le caractère unique et infalsifiable d'identités d'une STA et d'un AP, et améliorant la sécurité d'un processus d'authentification de certificat de WLAN.
PCT/CN2015/100247 2015-07-31 2015-12-31 Procédé, dispositif et système d'authentification de certificat de réseau local sans fil (wlan) améliorés Ceased WO2017020530A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510466837.XA CN105578464B (zh) 2015-07-31 2015-07-31 一种增强的wlan证书鉴别方法、装置及系统
CN201510466837.X 2015-07-31

Publications (1)

Publication Number Publication Date
WO2017020530A1 true WO2017020530A1 (fr) 2017-02-09

Family

ID=55888021

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/100247 Ceased WO2017020530A1 (fr) 2015-07-31 2015-12-31 Procédé, dispositif et système d'authentification de certificat de réseau local sans fil (wlan) améliorés

Country Status (2)

Country Link
CN (1) CN105578464B (fr)
WO (1) WO2017020530A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115278676A (zh) * 2022-08-02 2022-11-01 深圳市智开科技有限公司 一种wapi证书申请方法与无线终端、证书鉴别器
CN116723509A (zh) * 2023-06-27 2023-09-08 深圳市智开科技有限公司 一种电力场景的主从证书鉴别方法、设备、鉴别器及系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106102062B (zh) * 2016-06-14 2020-02-11 中国联合网络通信集团有限公司 一种公共无线网络接入方法及装置
CN111669756B (zh) * 2020-07-24 2023-07-04 广西电网有限责任公司 一种wapi网络中传递接入网络信息的系统及方法
CN114760042A (zh) * 2020-12-26 2022-07-15 西安西电捷通无线网络通信股份有限公司 一种身份鉴别方法和装置
CN114553502B (zh) * 2022-01-29 2024-03-29 联想开天科技有限公司 一种网络认证方法及电子设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996840A (zh) * 2006-12-29 2007-07-11 西安西电捷通无线网络通信有限公司 一种基于wapi的无线局域网运营方法
CN101562814A (zh) * 2009-05-15 2009-10-21 中兴通讯股份有限公司 一种第三代网络的接入方法及系统
EP2876855A1 (fr) * 2013-11-26 2015-05-27 Vodafone IP Licensing Limited Accès sans fil mobile et création d'un réseau privé virtuel

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7188364B2 (en) * 2001-12-20 2007-03-06 Cranite Systems, Inc. Personal virtual bridged local area networks
CN101212297B (zh) * 2006-12-28 2012-01-25 中国移动通信集团公司 基于web的wlan接入认证方法及系统
CN102014384A (zh) * 2009-09-04 2011-04-13 黄金富 通过移动电话网络验证wapi无线网络终端身份的方法
CN103491540B (zh) * 2013-09-18 2016-05-25 东北大学 一种基于身份凭证的无线局域网双向接入认证系统及方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996840A (zh) * 2006-12-29 2007-07-11 西安西电捷通无线网络通信有限公司 一种基于wapi的无线局域网运营方法
CN101562814A (zh) * 2009-05-15 2009-10-21 中兴通讯股份有限公司 一种第三代网络的接入方法及系统
EP2876855A1 (fr) * 2013-11-26 2015-05-27 Vodafone IP Licensing Limited Accès sans fil mobile et création d'un réseau privé virtuel

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115278676A (zh) * 2022-08-02 2022-11-01 深圳市智开科技有限公司 一种wapi证书申请方法与无线终端、证书鉴别器
CN115278676B (zh) * 2022-08-02 2025-08-29 深圳市智开科技有限公司 一种wapi证书申请方法与无线终端、证书鉴别器
CN116723509A (zh) * 2023-06-27 2023-09-08 深圳市智开科技有限公司 一种电力场景的主从证书鉴别方法、设备、鉴别器及系统

Also Published As

Publication number Publication date
CN105578464A (zh) 2016-05-11
CN105578464B (zh) 2019-04-12

Similar Documents

Publication Publication Date Title
US8327143B2 (en) Techniques to provide access point authentication for wireless network
KR102018971B1 (ko) 네트워크 액세스 디바이스가 무선 네트워크 액세스 포인트를 액세스하게 하기 위한 방법, 네트워크 액세스 디바이스, 애플리케이션 서버 및 비휘발성 컴퓨터 판독가능 저장 매체
CN109729523B (zh) 一种终端联网认证的方法和装置
WO2018050081A1 (fr) Procédé et appareil d'authentification d'identité de dispositif, et support de stockage
WO2015180691A1 (fr) Procédé et dispositif d'accord sur des clés pour informations de validation
CN110545252B (zh) 一种认证和信息保护的方法、终端、控制功能实体及应用服务器
WO2014180198A1 (fr) Procédé, système et dispositif d'accès d'un terminal et support de stockage informatique
CN103685323A (zh) 一种基于智能云电视网关的智能家居安全组网实现方法
WO2017020530A1 (fr) Procédé, dispositif et système d'authentification de certificat de réseau local sans fil (wlan) améliorés
CN101772024A (zh) 一种用户身份确定方法及装置和系统
CN102638468A (zh) 保护信息传输安全的方法、发送端、接收端及系统
WO2016011588A1 (fr) Entité de gestion de mobilité, serveur domestique, terminal, et système et procédé d'authentification d'identité
CN107820239A (zh) 信息处理方法及装置
WO2015180689A1 (fr) Procédé et appareil d'acquisition d'informations de vérification
CN106027251A (zh) 一种身份证读卡终端与云认证平台数据传输方法和系统
CN105024813B (zh) 一种服务器、用户设备以及用户设备与服务器的交互方法
WO2016188053A1 (fr) Procédé d'accès à un réseau sans fil, dispositif et support de stockage informatique
CN117439740A (zh) 一种车内网络身份认证与密钥协商方法、系统及终端
CN104243452A (zh) 一种云计算访问控制方法及系统
CN104349318B (zh) 无线局域网的自动认证方法、装置和系统
CN115022850B (zh) 一种d2d通信的认证方法、装置、系统、电子设备及介质
WO2014177106A1 (fr) Procédé et système de contrôle d'accès au réseau
CN105828330B (zh) 一种接入方法及装置
CN101471775A (zh) Wimax系统中MS与BS的认证方法
CN112995140B (zh) 安全管理系统及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15900293

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15900293

Country of ref document: EP

Kind code of ref document: A1