Next-Gen POS Wi-Fi Integration 新一代 POS 系統 Wi-Fi 無縫整合

One-Scan Wi-Fi.
Zero Table Friction. 一掃即連 Wi-Fi。
零桌次點餐摩擦力。

A secure PPSK gateway that connects customers to table ordering systems automatically. No manual password typing. No table number spoofing. Production-ready OpenWrt integration. 安全、創新的 PPSK 網關,將顧客連線與桌邊點餐系統自動綁定。免手動輸入密碼,免輸入桌號。生產級 OpenWrt 技術整合。

Try Live Simulator 體驗線上模擬器 Add LINE Contact 加入 LINE 洽詢
OpenWrt Native Hook 原生核心連動
AES-256 PPSK Encrypted 金鑰高規加密
< 100ms Event Sync 事件即時同步
WiFi-QR-Order-System
Table 05 桌號 05
POS Session Active POS 餐期會話啟用 Table 05 • Connected via PPSK 05 桌 • 透過 PPSK 連線中
Secured 安全連線

Core Capabilities 核心系統優勢

A zero-trust network gateway built specifically for dynamic retail and dining ordering workflows. 專為高流動性零售與餐飲點餐流程設計的零信任(Zero-Trust)網路安全網關。

Dynamic PPSK Generation 動態 PPSK 金鑰生成

No more shared, static WPA2 passwords. Every table gets an isolated, encrypted Private Pre-Shared Key (PPSK) generated automatically on session start. 告別傳統公共 Wi-Fi 密碼。顧客開桌時,系統將自動為該桌次生成專屬、高強度且相互隔離的私有預共享金鑰(PPSK)。

One-Scan QR Join 一掃即連 WIFI QR Code

Leverages standards-compliant WIFI QR codes. iOS and Android users scan once to instantly join the secure network without copy-pasting. 支援標準 WIFI QR 協定,iOS 與 Android 顧客只需用相機一掃,即可全自動加入專屬 Wi-Fi,無需複製密碼或繁瑣設定。

Gateway Event Hooks 網關連線事件勾接

Integrates directly with OpenWrt hostapd events. The AP posts association events (MAC, Key ID, IP) directly to the SaaS to bootstrap client identity in milliseconds. 深度整合 OpenWrt hostapd。AP 即時監聽顧客裝置連線並向 SaaS 提交事件,毫秒級確認物理位置與網路卡 MAC 的綁定。

Smart Captive Portal 智慧型訪客入口重導向

No portal signup forms. The captive portal automatically intercepts traffic, resolves the client MAC to the active table session, and redirects to the correct table menu. 免去任何註冊、廣告登入。智慧入口會自動偵測裝置 MAC,關聯對應的桌邊點餐會話,引導顧客直達專屬點餐畫面。

POS-Linked Revocation POS 連動自動憑證銷毀

When the table pays or the session is marked closed on the POS, the PPSK is immediately revoked. The client is disconnected from the Wi-Fi to stop bandwidth hoarding. 當桌次結帳或 POS 會話結束時,系統即時銷毀該桌 PPSK。用戶裝置自動被登出並強制斷線,阻止頻寬竊取與逾期下單。

AES-256 GCM Security 軍規級傳輸與存儲安全

Passwords are encrypted at rest using AES-256-GCM with a dynamic IV. The system generates detailed cryptographic audit trails for every credential export or access. 敏感的 Wi-Fi 密碼皆採用 AES-256-GCM 與動態 IV 進行防護。所有系統金鑰存取均寫入不可擦除的審計日誌(Audit Log)。

The One-Scan Lifecycle 一掃即連的運作生命週期

How WiFi Order SaaS bridges POS table sessions, OpenWrt network state, and client captive portals securely. 了解系統如何安全串接 POS 開桌點餐、OpenWrt 網關係統與顧客手機網頁端。

Step 1: Session Initialization 步驟 1:開單初始化

Staff Opens Table in POS 店員於 POS 端為顧客開桌

When guests sit down, staff opens a new dining session. The SaaS backend immediately generates a unique, cryptographically random PPSK (Private Pre-Shared Key) mapped to that table ID and meal period. 當顧客就座時,店員在 POS 主機點擊開桌。SaaS 後端會隨即為該桌次生成一把完全隨機的專屬 PPSK (預共享金鑰),並將其關聯至該桌號會話。

  • PPSK generated using cryptographically secure random bytes. 使用加密級安全亂數生成 PPSK 金鑰字串。
  • Unique pskKeyId and stable filterId registered. 註冊唯一 pskKeyId 與固定 filterId
  • PPSK encrypted instantly at rest with AES-256-GCM. 密碼於資料庫中採用高強度 AES-256-GCM 立即加密。
wifiPassRepository.ts 
// Secure PPSK Encryption & DB Storage
const iv = crypto.randomBytes(12);
const cipher = crypto.createCipheriv(
  'aes-256-gcm', 
  Buffer.from(process.env.PPSK_ENCRYPTION_KEY, 'base64'), 
  iv
);
const encryptedPpsk = Buffer.concat([
  cipher.update(rawPsk, 'utf8'), 
  cipher.final()
]);
const authTag = cipher.getAuthTag();
Step 2: Sync to Edge AP 步驟 2:同步設定到邊緣 AP

Gateway Pulls Credentials 網關拉取並加載金鑰設定

The gateway agent (running on OpenWrt / hostapd AP) pulls active PPSK mappings via a secure HTTP endpoint with GATEWAY_PULL_CREDENTIALS scope. The credentials are loaded into hostapd in real-time. 運行於 OpenWrt 無線 AP 的網關代理程式 (Gateway Agent) 透過具備 GATEWAY_PULL_CREDENTIALS 安全權限的 API 拉取最新開桌金鑰,即時將其加載至 hostapd 設定檔中。

  • Export in native hostapd wpa_psk_file format. 導出為 hostapd 原生的 wpa_psk_file 密碼映射格式。
  • Protected from browser access; restricted to signed API keys. 拒絕一般瀏覽器存取,僅允許憑證簽署的網關金鑰。
  • Access is fully audited in AuditLog. 每一次金鑰同步事件都會完整寫入 AuditLog 審計。
hostapd.wpa_psk_file 
# generated_at=2026-06-23T09:45:00.000Z
# store=store01
# revision=18
keyid=wf_store01_tbl05 00:00:00:00:00:00 H7K1-4Q8P-9M2N
keyid=wf_store01_tbl06 00:00:00:00:00:00 T3L9-8W2X-1P6Q
Step 3: Network Association 步驟 3:用戶裝置無線連線

Client Connects & Event Logs 顧客連入 Wi-Fi 觸發連線綁定

The client scans the QR code at the table, joining the Wi-Fi. The OpenWrt access point detects the association event (which contains the matching PPSK keyid). The gateway agent posts this event back to the SaaS. 顧客掃描桌貼上的 QR Code 加入專屬 Wi-Fi。AP 會偵測到該連線(攜帶特徵 keyid),並由 OpenWrt 的代理程式將關聯事件回報給 SaaS 端。

  • Client connects securely with their table's PPSK. 顧客使用該桌專屬密碼建立安全加密連線。
  • Gateway agent reports client MAC, IP, and associated Key ID. 網關即時通報顧客的 MAC、IP 與關聯的金鑰 ID。
  • SaaS maps MAC address to the active Table Session. SaaS 後端精確將該網卡卡號 (MAC) 與桌次對應。
gatewayAgent.sh (OpenWrt) 
# Monitor hostapd control interface for associations
hostapd_cli -i wlan0 wpa_msg_cb | while read -r line; do
  if [[ "$line" =~ AP-STA-CONNECTED ]]; then
    mac=$(echo "$line" | awk '{print $3}')
    keyid=$(hostapd_cli -i wlan0 sta "$mac" | grep keyid)
    curl -X POST -H "Authorization: Bearer $KEY" \
         -d "mac=$mac&keyid=$keyid" https://api.wifiqr.com/events
  fi
done
Step 4: Intercept & Redirect 步驟 4:入口攔截與點餐重導向

Captive Portal Session Resolution Captive Portal 桌次智慧解析

When the client opens a browser, the Captive Portal intercepts the HTTP request. It queries the SaaS using the client's MAC/IP. The SaaS matches this to the WifiClientBinding and redirects them to the table ordering page. 當顧客打開瀏覽器時,Captive Portal 會攔截連線請求,並向 SaaS 伺服器查詢該 MAC 卡號對應的桌號綁定紀錄,隨後直接重導向至正確桌號的點餐首頁。

  • No guessing by IP; secure MAC-based session binding. 不依賴不穩定的 IP 猜測,採用高安全的 MAC 對應機制。
  • Auto-redirects to vendor ordering URL (e.g. UberEats, inline POS). 自動跳轉至串接的點餐系統網址 (如點餐服務、LINE Bot 等)。
  • If binding is ambiguous, falls back to staff approval. 若出現綁定衝突或異常,自動引導至店員協助畫面。
captivePortal.ts 
// Portal Resolve Logic
const binding = await prisma.wifiClientBinding.findFirst({
  where: {
    clientMac: hashedMac,
    storeId: gateway.storeId,
    status: 'CONNECTED'
  },
  include: { wifiPass: true }
});

if (!binding) return redirect('/assist');
return redirect(`${orderUrl}?session=${binding.wifiPass.sessionId}`);
Step 5: Connection Revocation 步驟 5:結帳與憑證自動銷毀

Bill Settle & PPSK Deletion 結帳付款連動自動強制斷網

Once the dining bill is paid or the session times out, the POS updates the session. The SaaS marks the pass CLOSED_BY_POS, schedules key deletion, and broadcasts a disconnect command to the AP. 當顧客付款結帳或用餐時間結束時,POS 端完成交易。SaaS 主機立即將對應的 PPSK 狀態標記為已撤銷,並向網關發送斷線指令。

  • Pass is instantly invalidated on the SaaS backend. SaaS 後端即時銷毀 Wi-Fi 憑證授權。
  • AP deletes the key from wpa_psk_file and deauths STA. 網關係統自 WPA 密碼表中抹除紀錄,強制使手機踢出網路。
  • Frees up Wi-Fi channel capacity and prevents bandwidth theft. 釋放 Wi-Fi 頻寬,防止顧客離店後持續佔用網路資源。
posService.ts 
// Revoke & Disconnect Client
await prisma.$transaction([
  prisma.wifiPass.update({
    where: { id: passId },
    data: { status: 'REVOKED' }
  }),
  prisma.wifiClientBinding.updateMany({
    where: { wifiPassId: passId },
    data: { status: 'DISCONNECTED' }
  })
]);
await gatewayAgent.sendRevocation(passId);
Interactive Experience 即時互動展示

See It in Action: The One-Scan Loop 點餐流程線上實機模擬

Interact with our three-way simulation showing the Staff POS Dashboard, the OpenWrt Gateway Router, and the Customer's Smartphone side-by-side. 可點擊操作下方 POS 機台、無線網關主機與顧客手機,體驗一掃即連的動態資料流通訊。

Staff POS Terminal 店員 POS 控制台

Manage table sessions and generate access QRs. 管理桌位,開啟桌次並產生 Wi-Fi 二維碼。

Table 3 桌號 3 Vacant 空桌中
Table 5 桌號 5 Vacant 空桌中

OpenWrt Gateway Console OpenWrt 網關事件主機

gateway-agent@openwrt-ap01:~

Guest Smartphone 顧客智慧型手機

Scan QR Code 掃描點餐 QR Code

Scan the printed table QR code to connect and order. 點擊掃描桌面二維碼,自動加入 Wi-Fi 並開始點餐。

Wait for staff to open table... 請先於 POS 開桌...

Security Architecture 企業級安全防護

WiFi Order POS SaaS is built with strict boundary controls, protecting customer data and local networks. 擁有嚴格的邊界控制與權限機制,保護店內區域網路與顧客交易資料隱私。

Cryptographic PPSK Isolation 密碼學級的連線隔離

We solve the core security flaw of captive portals: shared keys. With our system, guest Wi-Fi clients can never sniff other tables' traffic or spoof network devices. 我們解決了傳統訪客 Wi-Fi 入口(Captive Portal)的致命漏洞:共享金鑰。在 PPSK 機制下,不同餐桌的顧客無法監聽彼此的傳輸封包或偽造設備。

No Eavesdropping 免遭封包竊聽

Because each table connects with a different Pre-Shared Key, the standard WPA2/WPA3 4-way handshake ensures complete airtime encryption isolation between tables. 每個餐桌使用不同的預共享密鑰進行連線,藉由標準 WPA2/WPA3 的四向握手程序,在物理空中頻寬中實現極佳的安全連線隔離。

Encrypted Key Rotation 金鑰高規存儲

Keys are stored in PostgreSQL using AES-256-GCM. The decryption key is only kept in runtime RAM via env variable and never hits logs or audit files. 所有 Wi-Fi 密碼於資料庫中皆以 AES-256-GCM 高強度加密存儲,金鑰只留存於系統記憶體(RAM),絕不記錄於任何日誌。

Audit Logging of Secrets 完備的密碼存取審計

Any access to plaintext keys (such as OpenWrt cron queries) triggers an un-deletable AuditLog with event details, API credentials, and gateway timestamps. 任何取得明文密碼(如網關代理同步)的操作,都將即時產生無法刪改的 AuditLog,包含時間戳記、調用 API 身份與網關端資訊。

Real-Time Audit Trail 後端即時審計日誌
Get Started 專人對接諮詢

Ready to Modernize Your Venue's Onboarding? 準備好升級您的餐飲桌邊點餐體驗了嗎?

Contact our technical sales team directly on LINE. We offer full OpenWrt firmware custom integration, POS vendor API integration, and deployment support. 立即加入 LINE 與我們的技術顧問直接對談。我們提供客製化 OpenWrt 韌體封裝、各式餐飲 POS 系統 API 對接,以及在地化的部署與架設支援。

Add us on LINE 加入 LINE 線上諮詢
LINE Official Account
Scan or tap QR to connect 點擊或掃描 QR 快速加入