Main operations for security establishment of an existing network, especially security Wireless Fidelity (WiFi) protected setup (WPS) include: 1. establishing an initial wireless network; 2. adding a new device to the wireless network. An architecture of the WPS has three components: an application terminal (which is referred to as enrollee in the WPS), an authentication device (registrar), and an access point (AP), where the AP is an infrastructure of a wireless local area network, that is, an AP that supports the 802.11 protocol; the authentication device is a device for managing establishment of a network, and adding/deleting an application terminal, and the authentication device may be integrated with the AP, and may also be implemented by an external device, such as a mobile phone and a computer.
In the prior art, after a discovery process executed by the application terminal and the authentication device is completed, the authentication device performs key exchange negotiation with the application terminal after acquiring a key of the application terminal, for example, the terminal or the authentication device uses a personal identifier number (PIN) as a key and sends, after key translation, the translated key to the opposite party to perform verification.
The inventors of the present invention find that, in key negotiation in the prior art, a half of a PIN is directly used to perform authentication; when an attacker disguises himself as the foregoing application terminal or the authentication device, after obtaining a key message, the attacker can easily obtain a key by using a brute force attack. It is assumed that a quantity of digits (decimal notation) of the key is N; an amount of calculation is 10^(N/2) times, instead of 10^N times, that is, a maximum amount of calculation. As a result, calculation times are reduced, which affects security or reliability of a wireless network connection.