CN101959282A - Wireless local area network (WLAN) access control method and device thereof - Google Patents
Wireless local area network (WLAN) access control method and device thereof Download PDFInfo
- Publication number
- CN101959282A CN101959282A CN201010290660XA CN201010290660A CN101959282A CN 101959282 A CN101959282 A CN 101959282A CN 201010290660X A CN201010290660X A CN 201010290660XA CN 201010290660 A CN201010290660 A CN 201010290660A CN 101959282 A CN101959282 A CN 101959282A
- Authority
- CN
- China
- Prior art keywords
- terminal
- access device
- wlan access
- path loss
- inserts
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a WLAN access control method and a WLAN access control device. The method comprises the steps that: when WLAN access equipment is in an access judgment state, an indicating terminal reports terminal information; a receiving terminal of the WLAN access equipment receives the terminal information reported according to indication, wherein the terminal information carries the current sending power information of the terminal; the WLAN access equipment determines the wireless link route loss of the terminal according to signal intensity when the terminal information is received and the sending power information in the terminal information; and the WLAN access equipment judges the access of the terminal according to the wireless link route loss and an access judgment threshold, and enters control treatment according to a judgment result. When the method and device are used, the security of WLAN access can be improved and access control operation can be simplified.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of wireless local network access control method and device thereof.
Background technology
Along with WLAN (Wireless Local Area Networks, popularizing WLAN (wireless local area network)), wireless router progressively becomes the WLAN access device that users are seen everywhere at one's side from original telecommunications, business equipment, as wireless router, wireless aps (Access Point, access point), the terminal of WLAN also develops into miscellaneous smart mobile phone, e-book, game machine (PSP) etc. by notebook, PC, and the user also becomes vast domestic consumer from original professional user.
Along with popularizing of WLAN, domestic consumer is to the understanding of WLAN wireless technology and to use be not very professional, adds the shared mechanism of wireless network, is disabled user's condition of providing convenience.To cause like this two problems occurring: one, network is dangerous; Two, the network bandwidth is taken.Therefore, there are two demands in industry at present: one, the control user inserts, to prevent that illegally inserting the user steals Intranet data and occupied bandwidth; Two, transmission data encipher.Wherein, control user access is the basis.
Be control user's access, prior art has proposed following solution:
Adopt the mode of wireless encryption+MAC (Media Access Control, medium access control) address filtering that the user is carried out access control, for example, safeguard to allow to insert inventory or white list, thereby allow the user in this list to insert.But there is following shortcoming in this technology:
(1) user there is the requirement of higher WLAN profession basis knowledge, promptly require the user that wireless encryption and mac address filter can be set, as, require the user can sign in to the wireless router web page, find the corresponding page that is provided with, select encryption mode, password is set, check the MAC Address of the wireless network interface that need to add, it is medium to the inventory that allows to insert to add this MAC Address at the wireless router correspondence position.
(2) need certain maintenance work.Because take mac address filter, so wireless network card of every increase or change a wireless network card all needs to login wireless router and the new MAC of correspondence is added in the inventory that allows to insert goes, its maintenance work is comparatively complicated.
For solve that technique scheme exists to the customer requirements problem of higher, some producers adopt a function button are set on the WLAN terminal equipment, the user can will need login setting operation that the wireless router web page done by this function button of operation originally, (for example 2 minutes) carry out key agreement and access control process at short notice, after this, client can directly use the key that consults to communicate by letter with wireless router.
Though this technical scheme is oversimplified encryption technology, has promoted ease for use, it is by the access control of key realization to the disabled user, therefore still has following problem:
(1) client terminal quantity of this technical scheme support is limited.This scheme mainly is the connection that is used between PC and the wireless router, pc client need install that specific application program is used for and wireless router between arranging key, and for WLAN terminals such as present miscellaneous smart mobile phone, e-book, game machines, because each operating system variation and disunity, can't implement this type of scheme, application scenarios is limited.
(2) there are security breaches in this technical scheme.The key agreement and the access procedure of WLAN terminal equipment need a period of time, and will there be potential safety hazard in system in this section period.Owing to the scheme that provides for a certain particular vendor, all client-side program all are open, Downloadable, and during this period of time, as long as searching signal, Any user just can insert (comprising the disabled user), in case successful connection then can be regarded as validated user.
In sum, relatively poor, the complex operation of existing WLAN access control mode versatility, needing the fail safe that improves the access of WLAN terminal at present badly is easy to realize simultaneously for the user, thereby in the interests that guarantee wlan network safety and legal WLAN terminal use, simplify user's operation.
Summary of the invention
The object of the present invention is to provide a kind of WLAN connection control method and device thereof, in order to solve the problem of existing WLAN access control versatility difference and complicated operation, for this reason, the present invention adopts following technical scheme:
A kind of WLAN WLAN connection control method may further comprise the steps:
The WLAN access device is in and inserts judgement state following time, the indicating terminal to report end message;
The end message that described WLAN access device receiving terminal reports according to described indication carries the current power information of this terminal in the described end message;
Described WLAN access device when receiving described end message signal strength signal intensity and described end message in the power information of carrying, determine the wireless link path loss of described terminal;
Described WLAN access device is according to described wireless link path loss and insert decision threshold, and described terminal is inserted judgement, and carries out access control according to court verdict and handle.
In the said method, described access decision threshold is the path loss thresholding; Described WLAN access device is judged described wireless link path loss and is inserted decision threshold described terminal is inserted judgement, be specially: described WLAN access device judges whether described wireless link path loss is lower than described path loss thresholding, if, then insert described terminal, otherwise refusal inserts described terminal; Wherein, described path loss thresholding is according under the situation that allows access, and the ultimate range between the described WLAN access device of terminal distance is determined; Perhaps,
Described access decision threshold is apart from length threshold; Described WLAN access device is judged described wireless link path loss and is inserted decision threshold described terminal is inserted judgement, be specially: described WLAN access device judge the transmission range length of converting out according to described wireless link path loss whether less than described apart from length threshold, if, then insert described terminal, otherwise refusal inserts described terminal.
In the said method, described WLAN access device judges that described wireless link path loss is lower than described path loss thresholding, perhaps the transmission range length of converting out according to described wireless link path loss less than described apart from after the length threshold, also comprise:, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts according to described end message;
Described WLAN access device is judging that described terminal not under the situation in the terminal list that described permission inserts, inserts described terminal, and described terminal is joined in the terminal list that allows to insert; Judging under the situation of described terminal in the terminal list of described permission access, described terminal is not carried out access control and handle.
In the said method, when described WLAN access device inserted judgement and decision and inserts described terminal, described WLAN access device joined described terminal in the terminal list that allows to insert.
In the said method, described WLAN access device receives after the end message that described terminal reports according to described indication, also comprise:, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts according to described terminal identification information;
Described WLAN access device is judging that described terminal not under the situation in the terminal list that described permission inserts, carries out the step of the wireless link path loss of described definite terminal; Judge and described terminal is not carried out access control and handle under the situation of described terminal in the terminal list that described permission inserts.
In the said method, it is characterized in that, when the duration of inserting the judgement state reaches Preset Time length, also comprise: described WLAN access device withdraws from described access judgement state.
A kind of WLAN access device comprises:
Sending module is used for being at the WLAN access device and inserts judgement state following time, sends indication information, with the indicating terminal to report end message;
Receiver module is used for the end message that receiving terminal reports according to described indication information, carries the current power information of this terminal in the described end message;
Determination module, the power information that signal strength signal intensity when being used for receiving described end message according to described receiver module and described end message carry is determined the wireless link path loss of described terminal;
The access control module is used for described terminal being inserted judgement, and carrying out access control according to court verdict and handle according to described wireless link path loss and access decision threshold.
In the above-mentioned WLAN access device, described access decision threshold is the path loss thresholding; Described access control module specifically is used for: judge whether described wireless link path loss is lower than described path loss thresholding, if then insert described terminal, otherwise refusal inserts described terminal; Wherein, described path loss thresholding is according under the situation that allows access, and the ultimate range between the described WLAN access device of terminal distance is determined;
Perhaps, described access decision threshold is apart from length threshold; Described access control module specifically is used for: judge according to described wireless link path loss convert out apart from length whether less than described apart from length threshold, if then insert described terminal, otherwise refusal inserts described terminal.
In the above-mentioned WLAN access device, described access control module also is used for: judge that described wireless link path loss is lower than described path loss thresholding, perhaps according to described wireless link path loss convert out apart from length less than described apart from after the length threshold, according to described end message, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal not under the situation in the terminal list that described permission inserts, inserts described terminal, and described terminal is joined in the terminal list that allows to insert; Judging under the situation of described terminal in the terminal list of described permission access, described terminal is not carried out access control and handle.
In the above-mentioned WLAN access device, described access control module specifically is used for, and after judgement inserts described terminal equipment, described terminal is joined in the terminal list that allows to insert.
In the above-mentioned WLAN access device, described determination module specifically is used for, and according to the described terminal identification information that described receiver module receives, judges that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal is not under the situation in the terminal list that described permission inserts, the power information of carrying in signal strength signal intensity when receiving described end message according to described receiver module and the described end message is determined the wireless link path loss of described terminal; Judge under the situation of described terminal in the terminal list that described permission inserts, do not carry out the described processing of determining the wireless link path loss of described terminal.
In the above-mentioned WLAN access device, also comprise:
Insert the judgement state setting module, be used to be provided with the WLAN access device and be in the judgement state that inserts; And, when the duration of inserting the judgement state reaches Preset Time length, described WLAN access device is set withdraws from the judgement state that inserts.
Among the present invention, the WLAN access device passes through to determine the wireless link path loss of terminal, and compares with inserting decision threshold according to this path loss, to realize the access control to this terminal.Usually, path loss becomes certain corresponding relation with the signal transmission log, the big more transmission range of path loss is long more, the more little transmission range of path loss is short more, therefore by suitable path loss or transmission range thresholding are set, can insert judgement to terminal according to the path loss of determining, thereby a kind of WLAN connection control method simple to operate is provided.On the other hand,, the terminal in the certain distance scope can be entered, guaranteed the fail safe that inserts to a certain extent owing to, utilize path loss to insert judgement based on the path loss of wireless path and the relation of signal transmission distance; Again on the one hand,, compared with prior art, do not need end side to be provided with and to install particular tool software owing to only need the relevant end message of terminal to report, so the technical scheme highly versatile that provides of the embodiment of the invention.
Description of drawings
The WLAN access control schematic flow sheet that Fig. 1 provides for the embodiment of the invention;
The structural representation of the WLAN access device that Fig. 2 provides for the embodiment of the invention.
Embodiment
The problems referred to above at the prior art existence, it is a kind of easy to operate that the embodiment of the invention provides, do not require that the user possesses stronger professional knowledge, and satisfy the WLAN access control scheme of certain security requirement, thereby avoid disabled user's invasion, and have certain versatility, can be applicable to polytype wlan client product (as PC, smart mobile phone, e-book, game machine etc.).
Consider that the path loss of Radio Link and the distance between the signal transmitting and receiving end are certain corresponding relation, the distance between the signal transmitting and receiving end is near more, and then path loss is more little, and the distance between the signal transmitting and receiving end is far away more, and then path loss is big more.The embodiment of the invention is utilized this characteristic, according to the path loss of the Radio Link between terminal to be accessed and the WLAN access device, terminal to be accessed is carried out access control.Concrete, when needs insert judgement to terminal to be accessed, this terminal to be accessed can be placed the position nearer (this position can be certain concrete path attenuation according to the attenuation of air conversion) with the WLAN access device, the distance of judging terminal to be accessed and WLAN access device according to the path loss between terminal to be accessed and the WLAN access device when the WLAN access device within limits, as several meters (being that path loss is less than the loss thresholding), think that then this terminal is a legal terminal, allow this terminal to insert, and distance surpasses the terminal of this scope, it then might be illegal terminal, then refuse its access, thereby guarantee access security.
Below in conjunction with accompanying drawing the embodiment of the invention is described in detail.
In the embodiment of the invention, the trigger mechanism that terminal is carried out access control can be set on the WLAN access device, at the access control function that enables on the WLAN access device, the WLAN access device perhaps is set under the situation of access control state, the mode that the WLAN access device adopts the embodiment of the invention to provide is carried out access control to terminal to be accessed.
A kind of comparatively simple access control trigger mechanism is that the relevant hardware switch is set on the WLAN access device, under the situation of opening this switch, the mode that the WLAN access device begins to adopt the embodiment of the invention to provide is carried out the access control process, under the situation that this switch cuts out, the mode that the WLAN access device does not adopt the embodiment of the invention to provide is carried out access control.The duration of access control, short more in principle safe more, this time span can be controlled by the manual mode of operation, as controlling by this hardware switch, also can set in advance, when the duration of access control state reaches default time span, close this switch automatically by the WLAN access device.
The embodiment of the invention is not limited in the above-mentioned access control triggering mode that hardware switch is set on the WLAN access device, can also adopt other modes, for example, the user can be provided with the state that the WLAN access device enters access control by select the corresponding command on the software page, can also be provided with regularly and trigger, no longer enumerate at this.The various implementations that can realize triggering the access control state of WLAN access device all should be within protection scope of the present invention.
Following examples are example so that the access control trigger switch to be set on the WLAN access device, describe the WLAN access device carries out access control to terminal process.
As shown in Figure 1, the WLAN access device that provides of the embodiment of the invention flow process of carrying out access control.
Before use WLAN access device carries out access control, terminal to be accessed is placed the nearer position of distance W LAN access device, and the distance between terminal to be accessed and the WLAN access device can be determined according to the default path loss thresholding that is used to insert judgement in this WLAN access device.By opening the access control trigger switch, the WLAN access device is set to the access control state, as " triggering " state.The duration of this triggering state can set in advance on the WLAN access device, and when this duration reached, the WLAN access device can withdraw from this triggering state voluntarily.The numerical value of this duration allows the user to be provided with on the WLAN access device, and the typical case can be set to 60 seconds/120 seconds etc.Only when the WLAN access device was in the triggering state, the WLAN access device just can carry out follow-up access control operation.
After the WLAN access device entered the triggering state, the access control process of WLAN access device can comprise:
In this step, after the WLAN access device enters the triggering state, send Indication message, with the indicating terminal to report end message.This Indication message can send by broadcast mode, and the terminal in the wireless signal coverage of this WLAN access device can receive this Indication message.This Indication message is used for the indicating terminal to report end message, comprising the current transmitted power parameter of terminal, also can comprise information such as terminal iidentification.
In this step, receive the terminal of the Indication message of WLAN access device transmission, report the information of self to the WLAN access device according to this Indication message, comprising self current transmitted power parameter (this parameter value identifies the current transmitting power numerical value of this terminal), also can comprise information such as terminal iidentification.
In this step, the signal strength values that the WLAN access device is identified according to the transmitted power parameter that reports of terminal detected signal strength signal intensity during with the signal that receives this terminal, determine both differences, this difference is the wireless link path loss of signal from the transmitting terminal to the receiving terminal of this terminal.
In this step, when the WLAN access device is lower than the path loss thresholding in the wireless link path loss of judging terminal, show between this terminal and the WLAN access device distance within limits, promptly within the pairing distance of path loss thresholding, thereby think that this terminal is a legal terminal, allows its access; Otherwise, think that this terminal is illegal terminal, refuses its access.Insert the judgement mode by this kind and can realize the fail safe that inserts to a certain extent, this be because:
Generally, the distance W that illegally accesses terminal LAN access device can not be too near, if be in (as " triggering " state in the present embodiment) under the particular state at the WLAN access device, terminal distance W LAN access device is nearer, be likely that then such terminal is considered to legal terminal because this terminal is to be placed in this position so that insert this wlan device.
In this step, the WLAN access device also can further add this terminal information in the terminal list that allows to insert when judging that the permission terminal inserts.
When the above-mentioned flow process of application inserts judgement, consider that to have the terminal current distance WLAN access device that inserts WLAN closer, within the distance that allows to insert at this WLAN access device (promptly the path loss of the Radio Link of this terminal is being used to insert within the path loss threshold range of judgement), for fear of such terminal is inserted judgement once more, can be in the following way in the embodiment of the invention:
Mode one: the WLAN access device is receiving terminal according to end message that Indication message reported, and the wireless link path loss of judging this terminal is lower than when being used to insert the path loss thresholding of judgement, by inquiring about the terminal list (as the MAC Address white list) that permission that this WLAN access device safeguarded inserts, judge that this terminal is whether in this tabulation, if in this tabulation, then this terminal is not inserted judgement; If in this tabulation, then this terminal is not inserted judgement according to above-mentioned flow process.
In order further to reduce determining and determining step of path loss, can also be in the following ways:
Mode two: the WLAN access device (carries the identification information of this terminal after according to the end message that Indication message reported receiving terminal in this end message, as MAC Address), can be at first by inquiring about the terminal list (as the MAC Address white list) that permission that this WLAN access device safeguarded inserts, whether the terminal of judging reporting information is in this tabulation, if in this tabulation, then show this terminal had been carried out inserting judgement, so this does not insert judgement to this terminal; If in this tabulation, then this terminal is not inserted judgement according to above-mentioned flow process;
Usually, for the terminal equipment that adopts wireless mode to insert, be mobile subscriber terminal equipment, as notebook, smart mobile phone, game machine etc., can carry out access control by the way, if and can adopt when adopting the USB wireless network card to insert for the desktop computer user be legal terminal with notebook authentication USB wireless network card earlier after, the USB wireless network card is placed use on the desktop computer again, thereby the USB wireless network card that can use authentication to pass through inserts WLAN and uses its resource.Using the scheme that the embodiment of the invention provides, is under the wireless network card situation at terminal equipment, can after this wireless network card is allowed to access WLAN this wireless network card be inserted on other equipment, also can continue to use this wlan network by this equipment.
In the specific implementation process, in step 101, the WLAN access device can send an Action frame, requires the terminal to report transmission report of types such as wireless network card; In step 102, comprised a TPC (through-put power control) Report information element in the Action frame that terminals such as wireless network card are returned, the through-put power of report frame (report frame) itself is wherein arranged; In step 103, the signal strength signal intensity that the WLAN access device can receive according to this through-put power and WLAN access device estimates the path loss (path loss can deduct received signal intensity by through-put power and estimate) of Radio Link; In step 104, the permission that the WLAN access device is provided with according to its inside inserts the path loss thresholding of being converted out apart from (unit is rice), and (this conversion step can be carried out in advance, perhaps the user reset allow to insert apart from the time carry out), thereby determine whether to allow this terminal access according to the Radio Link loss of this thresholding and terminal; In step 105,, allow to insert this terminal, and the MAC Address of terminals such as this wireless network card is joined in the access inventory that allows to insert when the wireless link path loss of terminals such as detected wireless network card during less than this thresholding.
This access inventory is a white list that allows access of WLAN access device internal maintenance, the MAC Address that can add certain terminal (as wireless network card) therein by manual mode, the terminal that can allow like this to move to WLAN access device annex also can insert, and also can be will to allow the MAC Address of the terminal of access to add in this white list automatically by the WLAN access device in above-mentioned access judging process.
By above-mentioned access judging process, for the terminal that allows to insert, after it is inserted processing, even this terminal is moved on to the distant place of distance W LAN access device to be used, this moment this terminal to the wireless link path loss of WLAN access device greater than being used to insert the path loss thresholding of adjudicating usefulness, but be recorded in the inventory that allows to insert owing to this terminal, so this terminal can continue to use wlan network.
For the disabled user, generally speaking, on the one hand, it is can't be geographically near the WLAN access device, so it can't satisfy the requirement of the path loss thresholding that inserts judgement usefulness; On the other hand, " triggering " state of WLAN access device defines the terminal that only satisfies the path loss thresholding in specific time span and could allow to insert, therefore can be by the fail safe that suitable time span ensures access is set.As seen, this dual screening by time (triggering the duration of state)+space (path loss thresholding) of the embodiment of the invention can further increase the fail safe of WLAN access control.For the high-power network interface card of present applied raising transmitting power and receiving sensitivity, no matter it uses great transmitting power, its path loss is constant, not influenced by its transmitting power, therefore can not illegally insert equally.
In another embodiment of the present invention, different with the foregoing description is: default access decision threshold is apart from length; Accordingly, the WLAN access device is determined after the current wireless path loss of terminal to be accessed, and this path loss conversion is transmission range length according to the decay of the transmission medium that relied on, be used to insert comparing of judgement with default then apart from length, if the former is less than the latter, then allow to insert this terminal, otherwise refusal inserts this terminal.This can be provided with apart from length, is under the situation that allows terminal to insert, the ultimate range of terminal distance W LAN access device.Other are handled operation and can carry out with reference to flow process shown in Figure 2.
Alleged WLAN access device can comprise wireless router or wireless aps (Access Point, access point) in the embodiment of the invention, and perhaps other can realize terminal is carried out the equipment of radio access management.
Based on identical technical conceive, the embodiment of the invention also provides a kind of WLAN access device, can be applicable to above-mentioned access judgement flow process.
As shown in Figure 2, this WLAN access device can comprise:
Sending module 201 is used for being at the WLAN access device and inserts judgement state following time, sends indication information, with the indicating terminal to report end message;
In the above-mentioned WLAN access device, when the access decision threshold was the path loss thresholding, access control module 204 can judge whether described wireless link path loss is lower than described path loss thresholding, if then insert described terminal, otherwise refusal inserts described terminal; Wherein, described path loss thresholding is according under the situation that allows access, and the ultimate range between the described WLAN access device of terminal distance is determined;
Inserting decision threshold also can be apart from length threshold, in such cases, access control module 204 can judge according to described wireless link path loss and according to the decay of the transmission medium that relied on convert out apart from length whether less than described apart from length threshold, if, then insert described terminal, otherwise refusal inserts described terminal.
In the above-mentioned WLAN access device, access control module 204 also can judge that described wireless link path loss is lower than described path loss thresholding, perhaps according to described wireless link path loss convert out apart from length less than described apart from after the length threshold, according to described end message, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal not under the situation in the terminal list that described permission inserts, inserts described terminal.
In the above-mentioned WLAN access device, the described end message that determination module 203 can receive according to described receiver module judges that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal is not under the situation in the terminal list that described permission inserts, the power information of carrying in signal strength signal intensity when receiving described end message according to receiver module 202 and the described end message is determined the wireless link path loss of described terminal.
Above-mentioned WLAN access device also can comprise: insert judgement state setting module 205, be used to be provided with the WLAN access device and be in the judgement state that inserts; And, when the duration of inserting the judgement state reaches Preset Time length, described WLAN access device is set withdraws from the judgement state that inserts.Withdraw under the situation that inserts the judgement state at the WLAN access device, sending module 201 can not send above-mentioned indication information, and determination module 203 and access control module 204 also can not be carried out the function of the corresponding function module.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
In sum, the access control mechanism that the above embodiment of the present invention provides on the one hand, applicable to nearly all wireless client, does not have specific (special) requirements, highly versatile to the software and hardware of client; On the other hand, easy to operate, compared with prior art, do not need the user to carry out extra setting operation, the user there is not the professional knowledge requirement.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
Claims (12)
1. a WLAN WLAN connection control method is characterized in that, may further comprise the steps:
The WLAN access device is in and inserts judgement state following time, the indicating terminal to report end message;
The end message that described WLAN access device receiving terminal reports according to described indication carries the current power information of this terminal in the described end message;
Described WLAN access device when receiving described end message signal strength signal intensity and described end message in the power information of carrying, determine the wireless link path loss of described terminal;
Described WLAN access device is according to described wireless link path loss and insert decision threshold, and described terminal is inserted judgement, and carries out access control according to court verdict and handle.
2. the method for claim 1 is characterized in that, described access decision threshold is the path loss thresholding; Described WLAN access device is judged described wireless link path loss and is inserted decision threshold described terminal is inserted judgement, be specially: described WLAN access device judges whether described wireless link path loss is lower than described path loss thresholding, if, then insert described terminal, otherwise refusal inserts described terminal; Wherein, described path loss thresholding is according under the situation that allows access, and the ultimate range between the described WLAN access device of terminal distance is determined; Perhaps,
Described access decision threshold is apart from length threshold; Described WLAN access device is judged described wireless link path loss and is inserted decision threshold described terminal is inserted judgement, be specially: described WLAN access device judge the transmission range length of converting out according to described wireless link path loss whether less than described apart from length threshold, if, then insert described terminal, otherwise refusal inserts described terminal.
3. method as claimed in claim 2, it is characterized in that, described WLAN access device judges that described wireless link path loss is lower than described path loss thresholding, perhaps the transmission range length of converting out according to described wireless link path loss less than described apart from after the length threshold, also comprise:, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts according to described end message;
Described WLAN access device is judging that described terminal not under the situation in the terminal list that described permission inserts, inserts described terminal, and described terminal is joined in the terminal list that allows to insert; Judging under the situation of described terminal in the terminal list of described permission access, described terminal is not carried out access control and handle.
4. the method for claim 1, it is characterized in that, described WLAN access device receives after the end message that described terminal reports according to described indication, also comprise:, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts according to described terminal identification information;
Described WLAN access device is judging that described terminal not under the situation in the terminal list that described permission inserts, carries out the step of the wireless link path loss of described definite terminal; Judge and described terminal is not carried out access control and handle under the situation of described terminal in the terminal list that described permission inserts.
5. as claim 1,2 or 4 described methods, it is characterized in that when described WLAN access device inserted judgement and decision and inserts described terminal, described WLAN access device joined described terminal in the terminal list that allows to insert.
6. as each described method of claim 1 to 4, it is characterized in that, when the duration of inserting the judgement state reaches Preset Time length, also comprise: described WLAN access device withdraws from described access judgement state.
7. a WLAN access device is characterized in that, comprising:
Sending module is used for being at the WLAN access device and inserts judgement state following time, sends indication information, with the indicating terminal to report end message;
Receiver module is used for the end message that receiving terminal reports according to described indication information, carries the current power information of this terminal in the described end message;
Determination module, the power information that signal strength signal intensity when being used for receiving described end message according to described receiver module and described end message carry is determined the wireless link path loss of described terminal;
The access control module is used for described terminal being inserted judgement, and carrying out access control according to court verdict and handle according to described wireless link path loss and access decision threshold.
8. WLAN access device as claimed in claim 7 is characterized in that, described access decision threshold is the path loss thresholding; Described access control module specifically is used for: judge whether described wireless link path loss is lower than described path loss thresholding, if then insert described terminal, otherwise refusal inserts described terminal; Wherein, described path loss thresholding is according under the situation that allows access, and the ultimate range between the described WLAN access device of terminal distance is determined;
Perhaps, described access decision threshold is apart from length threshold; Described access control module specifically is used for: judge according to described wireless link path loss convert out apart from length whether less than described apart from length threshold, if then insert described terminal, otherwise refusal inserts described terminal.
9. WLAN access device as claimed in claim 8, it is characterized in that, described access control module also is used for: judge that described wireless link path loss is lower than described path loss thresholding, perhaps according to described wireless link path loss convert out apart from length less than described apart from after the length threshold, according to described end message, judge that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal not under the situation in the terminal list that described permission inserts, inserts described terminal, and described terminal is joined in the terminal list that allows to insert; Judging under the situation of described terminal in the terminal list of described permission access, described terminal is not carried out access control and handle.
10. WLAN access device as claimed in claim 7, it is characterized in that, described determination module specifically is used for, and according to the described terminal identification information that described receiver module receives, judges that described terminal is whether in the terminal list that the permission that described WLAN access device is safeguarded inserts; And judging that described terminal is not under the situation in the terminal list that described permission inserts, the power information of carrying in signal strength signal intensity when receiving described end message according to described receiver module and the described end message is determined the wireless link path loss of described terminal; Judge under the situation of described terminal in the terminal list that described permission inserts, do not carry out the described processing of determining the wireless link path loss of described terminal.
11. as claim 7,8 or 10 described WLAN access devices, it is characterized in that described access control module specifically is used for, after judgement inserts described terminal equipment, described terminal joined in the terminal list that allows to insert.
12. as each described WLAN access device of claim 7 to 10, it is characterized in that, also comprise:
Insert the judgement state setting module, be used to be provided with the WLAN access device and be in the judgement state that inserts; And, when the duration of inserting the judgement state reaches Preset Time length, described WLAN access device is set withdraws from the judgement state that inserts.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010290660XA CN101959282A (en) | 2010-09-26 | 2010-09-26 | Wireless local area network (WLAN) access control method and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010290660XA CN101959282A (en) | 2010-09-26 | 2010-09-26 | Wireless local area network (WLAN) access control method and device thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101959282A true CN101959282A (en) | 2011-01-26 |
Family
ID=43486292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010290660XA Pending CN101959282A (en) | 2010-09-26 | 2010-09-26 | Wireless local area network (WLAN) access control method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101959282A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833052A (en) * | 2012-09-18 | 2012-12-19 | 北京傲天动联技术有限公司 | ACK (acknowledgement) regulation method for wireless equipment and device thereby |
| CN103181235A (en) * | 2012-08-16 | 2013-06-26 | 华为终端有限公司 | Method and device for wireless-network building connection |
| CN103228326A (en) * | 2011-02-15 | 2013-07-31 | 科乐美数码娱乐株式会社 | Game device |
| CN103401691A (en) * | 2013-07-18 | 2013-11-20 | 山东省计算中心 | Portable WiFi equipment invasion precautionary method |
| CN104394531A (en) * | 2014-10-08 | 2015-03-04 | 无锡指网生物识别科技有限公司 | Wireless network connecting method of a terminal device |
| WO2015043089A1 (en) * | 2013-09-27 | 2015-04-02 | 华为技术有限公司 | Network access point, network controller, network device, and load control method thereof |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| WO2016023146A1 (en) * | 2014-08-11 | 2016-02-18 | 华为技术有限公司 | Access method, apparatus and device of wireless network |
| CN105517099A (en) * | 2015-11-27 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | Method and system for controlling wireless network access client |
| CN105722182A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | Automatic internet stealing prevention method and routing equipment |
| CN105847234A (en) * | 2016-03-11 | 2016-08-10 | 中国联合网络通信集团有限公司 | Suspicious terminal access pre-warning method, gateway management platform and gateway device |
| US9462537B2 (en) | 2013-09-27 | 2016-10-04 | Huawei Technologies Co., Ltd. | Network access point, network controller, network device, and load control method thereof |
| CN106060818A (en) * | 2016-07-28 | 2016-10-26 | 上海斐讯数据通信技术有限公司 | Method for connecting router and router |
| CN106231686A (en) * | 2016-07-28 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | Prevent rubbing net device, system and the method for connection route device |
| CN103812870B (en) * | 2014-02-21 | 2017-06-27 | 联想(北京)有限公司 | The method and electronic equipment of information processing |
| CN106937353A (en) * | 2015-12-30 | 2017-07-07 | 中兴通讯股份有限公司 | Connection control method and device |
| CN107294817A (en) * | 2016-04-05 | 2017-10-24 | 北京京东尚科信息技术有限公司 | The method and apparatus for making user equipment add the job network of intelligent control device |
| CN107463099A (en) * | 2016-06-01 | 2017-12-12 | 北京京东尚科信息技术有限公司 | The method of network entry of intelligent control device and intelligent terminal |
| WO2017211198A1 (en) * | 2016-06-08 | 2017-12-14 | 阿里巴巴集团控股有限公司 | Wireless local area network access control method and device |
| CN108416419A (en) * | 2018-01-31 | 2018-08-17 | 重庆邮电大学 | A kind of WLAN indoor objects intrusion detection methods based on multicomponent signal feature |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1802003A (en) * | 2004-12-31 | 2006-07-12 | 北京三星通信技术研究有限公司 | Downlink call access controlling method |
| CN1941998A (en) * | 2005-09-29 | 2007-04-04 | 北京三星通信技术研究有限公司 | Access for controlling user terminal equipment in LTE system |
| CN101547406A (en) * | 2008-03-25 | 2009-09-30 | 中兴通讯股份有限公司 | Access control method for user equipment (UE) entering closed subscriber group (CSG) cell |
| CN101621828A (en) * | 2008-07-03 | 2010-01-06 | 大唐移动通信设备有限公司 | Method and system for controlling admission for user in high-speed downlink packet access |
-
2010
- 2010-09-26 CN CN201010290660XA patent/CN101959282A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1802003A (en) * | 2004-12-31 | 2006-07-12 | 北京三星通信技术研究有限公司 | Downlink call access controlling method |
| CN1941998A (en) * | 2005-09-29 | 2007-04-04 | 北京三星通信技术研究有限公司 | Access for controlling user terminal equipment in LTE system |
| CN101547406A (en) * | 2008-03-25 | 2009-09-30 | 中兴通讯股份有限公司 | Access control method for user equipment (UE) entering closed subscriber group (CSG) cell |
| CN101621828A (en) * | 2008-07-03 | 2010-01-06 | 大唐移动通信设备有限公司 | Method and system for controlling admission for user in high-speed downlink packet access |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9314693B2 (en) | 2011-02-15 | 2016-04-19 | Konami Digital Entertainment Co., Ltd. | Game device |
| CN103228326A (en) * | 2011-02-15 | 2013-07-31 | 科乐美数码娱乐株式会社 | Game device |
| CN103228326B (en) * | 2011-02-15 | 2015-07-29 | 科乐美数码娱乐株式会社 | Game station |
| CN103181235B (en) * | 2012-08-16 | 2016-08-10 | 华为终端有限公司 | Wireless network sets up the method and apparatus connected |
| EP2804424A4 (en) * | 2012-08-16 | 2015-08-05 | Huawei Device Co Ltd | Connection setup method and device for wireless network |
| US8929549B2 (en) | 2012-08-16 | 2015-01-06 | Huawei Device Co., Ltd. | Method and device for setting up wireless network connection |
| CN103181235A (en) * | 2012-08-16 | 2013-06-26 | 华为终端有限公司 | Method and device for wireless-network building connection |
| WO2014026356A1 (en) * | 2012-08-16 | 2014-02-20 | 华为终端有限公司 | Connection setup method and device for wireless network |
| CN102833052A (en) * | 2012-09-18 | 2012-12-19 | 北京傲天动联技术有限公司 | ACK (acknowledgement) regulation method for wireless equipment and device thereby |
| CN102833052B (en) * | 2012-09-18 | 2016-01-06 | 北京华信傲天网络技术有限公司 | The ACK method of adjustment of wireless device and the device of use the method |
| CN103401691A (en) * | 2013-07-18 | 2013-11-20 | 山东省计算中心 | Portable WiFi equipment invasion precautionary method |
| CN103401691B (en) * | 2013-07-18 | 2016-06-08 | 山东省计算中心 | A kind of portable WiFi equipment intrusion defense method |
| CN104519526A (en) * | 2013-09-27 | 2015-04-15 | 华为技术有限公司 | Network access point, network controller, network device, and load control method of network device |
| WO2015043089A1 (en) * | 2013-09-27 | 2015-04-02 | 华为技术有限公司 | Network access point, network controller, network device, and load control method thereof |
| EP2874441A4 (en) * | 2013-09-27 | 2016-02-24 | Huawei Tech Co Ltd | Network access point, network controller, network device, and load control method thereof |
| US9462537B2 (en) | 2013-09-27 | 2016-10-04 | Huawei Technologies Co., Ltd. | Network access point, network controller, network device, and load control method thereof |
| CN104519526B (en) * | 2013-09-27 | 2019-02-26 | 华为技术有限公司 | Network access point, network controller, the network equipment and its load control method |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| CN103812870B (en) * | 2014-02-21 | 2017-06-27 | 联想(北京)有限公司 | The method and electronic equipment of information processing |
| WO2016023146A1 (en) * | 2014-08-11 | 2016-02-18 | 华为技术有限公司 | Access method, apparatus and device of wireless network |
| CN104394531A (en) * | 2014-10-08 | 2015-03-04 | 无锡指网生物识别科技有限公司 | Wireless network connecting method of a terminal device |
| CN105517099A (en) * | 2015-11-27 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | Method and system for controlling wireless network access client |
| CN105517099B (en) * | 2015-11-27 | 2019-10-25 | 上海斐讯数据通信技术有限公司 | A kind of method and system controlling wireless network access client |
| WO2017088592A1 (en) * | 2015-11-27 | 2017-06-01 | 上海斐讯数据通信技术有限公司 | Method and system for controlling access to wireless network by client |
| CN106937353A (en) * | 2015-12-30 | 2017-07-07 | 中兴通讯股份有限公司 | Connection control method and device |
| CN105722182A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | Automatic internet stealing prevention method and routing equipment |
| CN105847234B (en) * | 2016-03-11 | 2018-11-20 | 中国联合网络通信集团有限公司 | Suspicious terminal access method for early warning, gateway management platform and gateway |
| CN105847234A (en) * | 2016-03-11 | 2016-08-10 | 中国联合网络通信集团有限公司 | Suspicious terminal access pre-warning method, gateway management platform and gateway device |
| CN107294817A (en) * | 2016-04-05 | 2017-10-24 | 北京京东尚科信息技术有限公司 | The method and apparatus for making user equipment add the job network of intelligent control device |
| CN107463099A (en) * | 2016-06-01 | 2017-12-12 | 北京京东尚科信息技术有限公司 | The method of network entry of intelligent control device and intelligent terminal |
| WO2017211198A1 (en) * | 2016-06-08 | 2017-12-14 | 阿里巴巴集团控股有限公司 | Wireless local area network access control method and device |
| CN106060818A (en) * | 2016-07-28 | 2016-10-26 | 上海斐讯数据通信技术有限公司 | Method for connecting router and router |
| CN106231686A (en) * | 2016-07-28 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | Prevent rubbing net device, system and the method for connection route device |
| CN108416419A (en) * | 2018-01-31 | 2018-08-17 | 重庆邮电大学 | A kind of WLAN indoor objects intrusion detection methods based on multicomponent signal feature |
| CN108416419B (en) * | 2018-01-31 | 2021-07-30 | 重庆邮电大学 | WLAN indoor target intrusion detection method based on multivariate signal characteristics |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101959282A (en) | Wireless local area network (WLAN) access control method and device thereof | |
| US11418486B2 (en) | Method and system for controlling internet browsing user security | |
| CN105357740B (en) | Wireless network access method and wireless access node | |
| KR20160114620A (en) | Methods, devices and systems for dynamic network access administration | |
| CN105682093A (en) | Wireless network access method and access device, and client | |
| CN1930860B (en) | System and method for client-server-based wireless intrusion detection | |
| CN108811035B (en) | Method for accessing wireless fidelity Wi-Fi (wireless fidelity) by user equipment and Wi-Fi access node | |
| CN104244281A (en) | Base station detection method and base station detection device | |
| CN105119901A (en) | Method and system for detecting phishing hotspot | |
| CN104270250A (en) | WiFi Internet surfing connecting authentication method and system based on asymmetric full-process encryption | |
| CN103945499A (en) | Switching method and device of working modes of WIFI module | |
| CN106982430B (en) | Portal authentication method and system based on user use habits | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN111954238A (en) | Network distribution method, network distribution device and household appliance | |
| CN104105167A (en) | Terminal Wi-Fi hotspot access processing method and device | |
| CN108093404A (en) | A kind of information processing method and device | |
| CN110730446A (en) | Login method, terminal and computer storage medium | |
| CN105516093B (en) | A kind of method and router of anti-loiter network | |
| CN101232677A (en) | Method and apparatus for start-up logging of mobile terminal | |
| CN108200059A (en) | Document transmission method, device, equipment and computer readable storage medium | |
| CN108834142B (en) | Wireless router and connection authentication method thereof | |
| CN104125566B (en) | Multiplexing intelligent terminal wireless AP network-rubbing prevention method | |
| CN107743114B (en) | Network access method, device and system | |
| CN102264070B (en) | Method and equipment for providing service data and executing access service | |
| US8958399B1 (en) | Method and apparatus for providing connectivity control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110126 |