CN104935572A - Multilevel privilege management method and device - Google Patents
Multilevel privilege management method and device Download PDFInfo
- Publication number
- CN104935572A CN104935572A CN201510200482.XA CN201510200482A CN104935572A CN 104935572 A CN104935572 A CN 104935572A CN 201510200482 A CN201510200482 A CN 201510200482A CN 104935572 A CN104935572 A CN 104935572A
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- described equipment
- keeper
- priority assignation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a multilevel privilege management method and device, suitable for the field of communication. The method comprises that a connection request, which carries a connection cipher, emitted by a device is received; when the connection cipher carried by the connection request matches a pre-stored connection cipher, connection with the device is established; information of the device is updated to a connected device information with an administrator; privilege setting information which is emitted by the administrator according to the information of the device and includes access privilege information is received and stored; and an operation request emitted by the device is processed according to the privilege setting information. Thus, key information of other devices in the wireless network can be effectively protected.
Description
Technical field
The embodiment of the present invention belongs to the communications field, particularly relates to a kind of multi-layer right management method and device.
Background technology
Along with popularizing of network technology, the equipment that can be connected to network constantly increases, and network security concerns everyone vital interests, particularly along with the rise gradually of Internet of Things and Smart Home, the equipment connection relating to personal information and privacy and household safe, to the Internet, has buried hidden danger also to while providing amenities for the people the information security of self and building safety more.
Current home wireless local area network carries out networking centered by router, the fail safe of networking mainly relies on keeper's account of router, the fail safe of administrator's password and wireless connections password: whether keeper's account of router and password are mainly used in authentication of users is legal keeper, when judging that user is legal keeper, it can the operating state of routers be arranged, check the ruuning situation that router is current, and media interviews control (Media Access Control can be set, MAC) address filtering and binding strategy rub net to prevent other users, also head of a family's administrative mechanism can be used to limit addressable website and online duration, wireless connections password is then for verifying that request is connected to the legitimacy of the equipment of network, when the equipment judging to ask to be connected to network is illegal equipment, refuse it and be connected to network, but when equipment is legitimate device and is connected to after network, be difficult to the behavior of control connection to the equipment of network, this brings potential destruction risk to the smart machine of family.
To sum up; in existing household wireless LAN centered by router; because router only does the judgement that can connect with being connected two states to equipment access network request; therefore; when joining secondary uneven smart machine for wide material sources, quality; be difficult to tackle the malicious act that may exist; particularly for the key message of the equipment accessed in family lan (as relating to the intelligent door lock of household safe, intelligent sash lock, voice activated control etc.), be difficult to form effective protection.
Summary of the invention
Embodiments provide a kind of multi-layer right management method and device, be intended to solve the problem that existing method is difficult to the key message of the equipment in available protecting local area network (LAN).
The embodiment of the present invention is achieved in that a kind of multi-layer right management method, and described method comprises:
The connection request that receiving equipment sends, described connection request carries connection password;
When the connection password that connection request carries mates with the connection password of pre-stored, connect with described equipment;
Upgrade the information of described equipment to the connected device information list adding keeper;
Also storage administrator is according to the priority assignation information of the delivering of described equipment in reception, and described priority assignation information comprises the access authority information of equipment;
The operation requests that equipment sends according to described priority assignation information processing.
Another object of the embodiment of the present invention is to provide a kind of multi-layer rights management device, and described device comprises:
Connection request receiving element, for the connection request that receiving equipment sends, described connection request carries connection password;
Connection establishment unit, when the connection password for carrying at connection request mates with the connection password of pre-stored, connects with described equipment;
Device information update unit, for upgrading the information of described equipment to the connected device information list adding keeper;
Priority assignation information receiving unit, for receiving also, storage administrator is according to the priority assignation information of the delivering of described equipment, and described priority assignation information comprises the access authority information of equipment;
Operation requests processing unit, for the operation requests that equipment according to described priority assignation information processing sends.
In embodiments of the present invention, because priority assignation information comprises the access authority information of equipment, therefore, it is possible to control the access behavior of the equipment of access network, and then effective protection is formed to the key message of other equipment in wireless network.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of multi-layer right management method that first embodiment of the invention provides;
Fig. 2 is the structure chart of a kind of multi-layer rights management device that second embodiment of the invention provides.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
In the embodiment of the present invention, the connection request that receiving equipment sends, when the connection password that connection request carries mates with the connection password of pre-stored, connect with described equipment, and the information upgrading the equipment connected extremely has added the connected device information list of keeper, receive and storage administrator according to the priority assignation information of the delivering of described equipment, then the operation requests that equipment sends according to described priority assignation information processing.
In order to technical solutions according to the invention are described, be described below by specific embodiment.
embodiment one:
Fig. 1 shows the flow chart of a kind of multi-layer right management method that first embodiment of the invention provides, and details are as follows:
Step S11, the connection request that receiving equipment sends, described connection request carries connection password.
Here equipment comprises the mobile device such as mobile phone, panel computer, also comprises desktop computer, the non-mobile device such as intelligent television, intelligent refrigerator.In this step, equipment sends connection request to router, and this connection request carries the connection password of couple in router, and this connection password is wireless connections password, or is wired connection password.Certainly, this connection request also carries the unique identification of this equipment.
Alternatively, before the connection request that described receiving equipment sends, comprising:
The information of a keeper is at least added in A1, display.
The interpolation instruction of A2, receiving management person, and add corresponding Administrator Info according to described interpolation instruction, described Administrator Info comprises the unique identification of the wireless SSID belonging to described keeper and the wireless connections password of correspondence.
In above-mentioned A1 and A2, automatically state to be placed is entered after initiating switchup router, described router cisco unity malfunction under state to be placed, its wireless module not yet carries out initialization, wide area network (Wide AreaNetwork, WAN) mouth can not use, and only provides available local area network (LAN) (Local Area Network, LAN) mouth is as the interface adding keeper's list, and this keeper's list is the information of at least adding a keeper of display.After user completes the interpolation task of at least one keeper according to keeper's list of display, router forces the keeper added for oneself distributing at least one wireless service set identifier (Service SetIdentifier, and corresponding wireless connections password SSID), the wireless SSID distributed belongs to the administration authority scope of this keeper, keeper is directly arranged the equipment be connected in oneself wireless SSID subnet again, and in the wireless SSID of other keepers, all devices is visible but can not arrange to it.Wherein, the wireless SSID that keeper distributes can have multiple, and each wireless SSID has unique identification, a subnet of a corresponding wireless network of wireless SSID, in order to improve fail safe, and the corresponding wireless connections password of each wireless SSID.After Administrator completes, described router initialization all functions module, enters normal operating conditions.
Alternatively, after router normally works, any one keeper added in keeper can initiate to distribute new management person application, router receives and distributes new management person when applying for, inquire other keepers, after receiving the agreement distribution instruction that other keepers send, distribute new management person and come into force.New management person needs after logging in router to reset its account and password, and the independent wireless connections password that wireless SSID and the correspondence belonging to this new management person is set.
Step S12, when the connection password that connection request carries mates with the connection password of pre-stored, connects with described equipment.
In this step, router stores wireless connections password corresponding to the unique identification of the unique identification of wireless SSID and this SSID and stores wired connection password.When router receives the connection request that equipment sent by wireless network, wireless SSID and the corresponding wireless connections password of the unique identification of the SSID carried by this connection request and the wireless connections password of correspondence and storage compare, if identical, then judge that the connection password that connection request carries mates with the connection password of pre-stored.
Step S13, upgrades the information of described equipment to the connected device information list adding keeper.
In this step, the information of equipment comprises the essential information of equipment, as the unique identification of equipment, also comprises the not substantially information of equipment, as the connection attribute of equipment and the arranged authority information of observability.Wherein, the arranged authority information of the connection attribute of equipment as, whether equipment can access external network, whether can access internal network, whether can access the equipment etc. of internal network; The arranged authority information of the observability of equipment certain equipment visibility etc. as, equipment whether to internal network.
Alternatively, the information of the described equipment of described renewal, to the connected device information list adding keeper, specifically comprises:
Whether the access way that B1, judgement and described equipment connect is wireless mode.
B2, when the access way connected with described equipment is wireless mode, the information upgrading described equipment is to the connected device information list of keeper corresponding to the service set SSID of described equipment connection, and, upgrade essential information in the information of the described equipment connected device information list to keeper corresponding to the SSID of non-described equipment connection; Essential information in the information of described equipment comprises the unique identification of described equipment.When equipment is by certain wireless SSID couple in router, in the connected device information list of information (comprising essential information and the not substantially information of the equipment) keeper that certain wireless SSID is corresponding to this updated the equipment.The connected device information list of each keeper comprises: this keeper is to the configuration information of the wireless device wirelessly accessed and the configuration information of wireline equipment that accessed by wired mode.Further, for the ease of management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, and the configuration information of the wireline equipment accessed by wired mode is stored in wireline equipment allocation list.
B3, when the access way connected with described equipment is wired mode, upgrade the information of described equipment to all connected device information lists having added keeper.After equipment is connected to described router by wired mode, the information of equipment will be updated to all keepers being added into router automatically, and the information of this equipment comprises the essential information of equipment and the not substantially information of equipment.
In order to clear description wireless device configuration table and wireline equipment allocation list, be described with concrete example below:
Wherein, the wireless device configuration table of table 1, table 2, the corresponding keeper 1 of table 3 difference, keeper 2, keeper 3; The wireline equipment allocation list of the corresponding keeper 1 of table 4, table 5, table 6 difference, keeper 2, keeper 3.In table 1 ~ table 6, the setting option being all filled with black represents and can not arrange; setting option represents that this keeper can independently carry out arranging and coming into force; Zero setting option represents that the corresponding Administrator of the involved equipment of these project needs is whole and identically just can to come into force, namely every Administrator parameter carry out with operation after just for finally to arrange result.△ setting option represents that this project only needs to have an Administrator to come into force in the corresponding keeper of involved equipment, and namely every Administrator parameter is carried out or operates rear output as finally to arrange result.
Table 1:
Table 2:
Table 3:
In above table 1 ~ table 3, the final result of the wireless device configuration table of 3 keepers is, equipment 1 can set up data cube computation with equipment 2, equipment 4, and equipment 3 can set up data cube computation with equipment 4, and equipment 3, equipment 4, equipment 6, equipment 8, equipment 9 can be connected to external the Internet; Equipment 5 can connect with equipment 6, equipment 7, and equipment 8 can connect with equipment 9; Equipment 1 can be set up across Subnetwork connection with equipment 6, and equipment 3 can be set up across Subnetwork connection with equipment 7, equipment 8.
Table 4:
Table 5:
Table 6:
In table 4 ~ table 6, the result that arranges of the wireline equipment allocation list of keeper 1, keeper 2, these three keepers of keeper 3 identifies: equipment 10, equipment 11, equipment 12 can be connected to the Internet, equipment 10 can set up data cube computation with equipment 11, equipment 12, and equipment 11 can set up data cube computation with equipment 13.
Alternatively, after the information of the described equipment of described renewal has extremely added the connected device information list of keeper, having comprised:
Arranging described equipment is inaccessible state.After the information of updating the equipment, the priority assignation information that keeper sends this equipment if do not receive, then the state arranged is inaccessible state, to reduce the risk of the key message revealing this equipment.Preferably, in the scheduled time after the information of updating the equipment, judge whether to receive the priority assignation information that keeper sends this equipment, if do not receive, then arranging described equipment is inaccessible state.
Step S14, also storage administrator is according to the priority assignation information of the delivering of described equipment in reception, and described priority assignation information comprises the access authority information of equipment.
Wherein, the access authority information of equipment comprises: whether equipment can access external network, whether can access internal network, whether can access the information such as certain equipment of internal network.In this step, priority assignation information, except the access authority information comprising equipment, can also comprise the priority assignation information of the observability priority assignation information of equipment, the up-downgoing data of equipment.
For the equipment that there is potential safety hazard, can arrange the observability priority assignation information of equipment, as when device A is not for existing potential safety hazard, the equipment arranging new couple in router is visible to device A, when equipment B may exist potential safety hazard, the equipment arranging new access is invisible to equipment B.Because the equipment newly accessed is invisible to equipment B, therefore, equipment B obtains the equipment of this new access risk from the equipment of new access is reduced.
For the equipment that only need receive data (or sending data), can arrange the priority assignation information of the up-downgoing data of equipment, to distinguish the up-downgoing data of equipment, as, the equipment receiving data is only needed for intelligent television, refrigerator etc., keeper can distinguish up-downgoing data, only opens its downlink data and connects.When the priority assignation information of the up-downgoing data to equipment is arranged, when distinguishing the up-downgoing data of equipment, the data cube computation arranging equipment 1 to equipment 2 and the data cube computation arranging equipment 2 to equipment 1 are regarded as two different settings; When not distinguishing the up-downgoing data of equipment, if after having a direction (as up) data cube computation to open, give tacit consent to another direction (descending) data cube computation and also open.
Due to careful access rights and observability setting can be carried out to the wireline equipment be connected in WLAN (wireless local area network) and wireless device, therefore can any equipment in limiting device inaccessible internal lan, or only may have access to equipment component, only can may have access to external network by limiting device inaccessible internal network, cable LAN and WLAN (wireless local area network) can be isolated, also WLAN (wireless local area network) can be split as multiple sub-wireless network is that each sub-network opens different access rights, and can arrange the observability of each equipment in other sub-networks separately, thus the observability of equipment and exposure range can be contracted to the minimum zone of its function needs as far as possible, limit the visible range of each equipment to greatest extent, protect the key message between each equipment.
Step S15, the operation requests that equipment sends according to described priority assignation information processing.
Wherein, the operation requests that equipment sends comprises: access external network requests, the request of access internal network, certain device request of access internal network etc.
Alternatively, the described operation requests that equipment sends according to described priority assignation information processing, specifically comprises:
C1, receive the operation requests that described equipment sends, described operation requests comprises the network information at accessed equipment place and the unique identification of accessed equipment.
C2, judge whether the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, when the priority assignation information of described equipment does not allow the network at accessed equipment place described in described device access, refuse the operation requests of described equipment, when the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, then judge whether the priority assignation information of described equipment allows accessed equipment described in described device access, when the priority assignation information of described equipment does not allow accessed equipment described in described device access, refuse the operation requests of described equipment.
In above-mentioned C1 ~ C2, due to only when equipment possesses access rights, just allow the equipment of the corresponding external network of device access or access internal network, this improves the fail safe of the key message of each equipment in internal network.
In first embodiment of the invention, the connection request that receiving equipment sends, when the connection password that connection request carries mates with the connection password of pre-stored, connect with described equipment, and the information upgrading the equipment connected extremely has added the connected device information list of keeper, receive and storage administrator according to the priority assignation information of the delivering of described equipment, then the operation requests that equipment sends according to described priority assignation information processing.Because priority assignation information comprises the access authority information of equipment, therefore, it is possible to control the access behavior of the equipment of access network, and then effective protection is formed to the key message of other equipment in wireless network.
Should be understood that in embodiments of the present invention, the size of the sequence number of above-mentioned each process does not also mean that the priority of execution sequence, and the execution sequence of each process should be determined with its function and internal logic, and should not form any restriction to the implementation process of the embodiment of the present invention.
embodiment two:
Fig. 2 shows the structure chart of a kind of multi-layer rights management device that second embodiment of the invention provides, this multi-layer rights management device can comprise and carries out through wireless access network RAN and one or more core net the subscriber equipment that communicates, this subscriber equipment can be router, mobile phone (or being called " honeycomb " phone), have the computer etc. of mobile device, such as, subscriber equipment can also be portable, pocket, hand-hold type, built-in computer or vehicle-mounted mobile device, they and wireless access network switched voice and/or data.Again such as, this mobile device can comprise smart mobile phone, panel computer, personal digital assistant PDA, point-of-sale terminal POS or vehicle-mounted computer etc.For convenience of explanation, illustrate only the part relevant to the embodiment of the present invention.
This multi-layer rights management device comprises: connection request receiving element 21, connection establishment unit 22, device information update unit 23, priority assignation information receiving unit 24, operation requests processing unit 25.Wherein:
Connection request receiving element 21, for the connection request that receiving equipment sends, described connection request carries connection password.
Here equipment comprises the mobile device such as mobile phone, panel computer, also comprises desktop computer, the non-mobile device such as intelligent television, intelligent refrigerator.
Alternatively, described multi-layer rights management device comprises:
Information Tip element, for showing the information of at least adding a keeper.
Administrator Info's receiving element, for the interpolation instruction of receiving management person, and adds corresponding Administrator Info according to described interpolation instruction, and described Administrator Info comprises the unique identification of the wireless SSID belonging to described keeper and the wireless connections password of correspondence.
After user completes the interpolation task of at least one keeper according to keeper's list of display, again for oneself distributing at least one SSID and corresponding wireless connections password, the wireless SSID distributed belongs to the administration authority scope of this keeper, keeper is directly arranged the equipment be connected in oneself wireless SSID subnet again, and in the wireless SSID of other keepers, all devices is visible but can not arrange to it.Wherein, the wireless SSID that keeper distributes can have multiple, and each wireless SSID has unique identification, a subnet of a corresponding wireless network of wireless SSID, in order to improve fail safe, and the corresponding wireless connections password of each wireless SSID.
Alternatively, after router normally works, any one keeper added in keeper can initiate to distribute new management person application, router receives and distributes new management person when applying for, inquire other keepers, after receiving the agreement distribution instruction that other keepers send, distribute new management person and come into force.
Connection establishment unit 22, when the connection password for carrying at connection request mates with the connection password of pre-stored, connects with described equipment.
Prestore wireless connections password corresponding to the unique identification of the unique identification of wireless SSID and this SSID and store wired connection password, so that when receiving the wireless connections password of the unique identification of the SSID that connection request carries and correspondence, compare with the wireless SSID of pre-stored and corresponding wireless connections password.
Device information update unit 23, for upgrading the information of described equipment to the connected device information list adding keeper.
The information of this equipment comprises the essential information of equipment, as the unique identification of equipment, also comprises the not substantially information of equipment, as the connection attribute of equipment and the arranged authority information of observability.
Alternatively, described device information update unit 23 comprises:
Access way judge module, for judging whether the access way connected with described equipment is wireless mode.
First information update module, for when the access way connected with described equipment is wireless mode, the information upgrading described equipment is to the connected device information list of keeper corresponding to the service set SSID of described equipment connection, and, upgrade essential information in the information of the described equipment connected device information list to keeper corresponding to the SSID of non-described equipment connection.Essential information in the information of described equipment comprises the unique identification of described equipment.Further, for the ease of management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, and the configuration information of the wireline equipment accessed by wired mode is stored in wireline equipment allocation list.
Second information updating module, for when the access way connected with described equipment is wired mode, upgrades the information of described equipment to all connected device information lists having added keeper.The information of this equipment comprises the essential information of equipment and the not substantially information of equipment.
Alternatively, described multi-layer rights management device comprises:
Equipment state setting unit is inaccessible state for arranging described equipment.After the information of updating the equipment, the priority assignation information that keeper sends this equipment if do not receive, then the state arranged is inaccessible state, to reduce the risk of the key message revealing this equipment.Preferably, in the scheduled time after the information of updating the equipment, judge whether to receive the priority assignation information that keeper sends this equipment, if do not receive, then arranging described equipment is inaccessible state.
Priority assignation information receiving unit 24, for receiving also, storage administrator is according to the priority assignation information of the delivering of described equipment, and described priority assignation information comprises the access authority information of equipment.
Wherein, the access authority information of equipment comprises: whether equipment can access external network, whether can access internal network, whether can access the information such as certain equipment of internal network.
Priority assignation information, except the access authority information comprising equipment, can also comprise the priority assignation information of the observability priority assignation information of equipment, the up-downgoing data of equipment.
Operation requests processing unit 25, for the operation requests that equipment according to described priority assignation information processing sends.
Wherein, the operation requests that equipment sends comprises: access external network requests, the request of access internal network, certain device request of access internal network etc.
Alternatively, described operation requests processing unit 25 comprises:
Operation requests receiver module, for receiving the operation requests that described equipment sends, described operation requests comprises the network information at accessed equipment place and the unique identification of accessed equipment.
Operating right judge module, for judging whether the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, when the priority assignation information of described equipment does not allow the network at accessed equipment place described in described device access, refuse the operation requests of described equipment, when the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, then judge whether the priority assignation information of described equipment allows accessed equipment described in described device access, when the priority assignation information of described equipment does not allow accessed equipment described in described device access, refuse the operation requests of described equipment.
Due to only when equipment possesses access rights, just allow the equipment of the corresponding external network of device access or access internal network, this improves the fail safe of the key message of each equipment in internal network.
In second embodiment of the invention, because priority assignation information comprises the access authority information of equipment, therefore, it is possible to control the access behavior of the equipment of access network, and then effective protection is formed to the key message of other equipment in wireless network.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.
If described function using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.
Claims (10)
1. a multi-layer right management method, is characterized in that, described method comprises:
The connection request that receiving equipment sends, described connection request carries connection password;
When the connection password that connection request carries mates with the connection password of pre-stored, connect with described equipment;
Upgrade the information of described equipment to the connected device information list adding keeper;
Also storage administrator is according to the priority assignation information of the delivering of described equipment in reception, and described priority assignation information comprises the access authority information of equipment;
The operation requests that equipment sends according to described priority assignation information processing.
2. method according to claim 1, is characterized in that, the information of the described equipment of described renewal, to the connected device information list adding keeper, specifically comprises:
Judge whether the access way connected with described equipment is wireless mode;
When the access way connected with described equipment is wireless mode, the information upgrading described equipment is to the connected device information list of keeper corresponding to the service set SSID of described equipment connection, and, upgrade essential information in the information of the described equipment connected device information list to keeper corresponding to the SSID of non-described equipment connection; Essential information in the information of described equipment comprises the unique identification of described equipment;
When the access way connected with described equipment is wired mode, upgrade the information of described equipment to all connected device information lists having added keeper.
3. method according to claim 1, is characterized in that, after the information of the described equipment of described renewal has extremely added the connected device information list of keeper, comprising:
Arranging described equipment is inaccessible state.
4. method according to claim 1, is characterized in that, the described operation requests that equipment sends according to described priority assignation information processing, specifically comprises:
Receive the operation requests that described equipment sends, described operation requests comprises the network information at accessed equipment place and the unique identification of accessed equipment;
Judge whether the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, when the priority assignation information of described equipment does not allow the network at accessed equipment place described in described device access, refuse the operation requests of described equipment, when the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, then judge whether the priority assignation information of described equipment allows accessed equipment described in described device access, when the priority assignation information of described equipment does not allow accessed equipment described in described device access, refuse the operation requests of described equipment.
5. method according to claim 1, is characterized in that, before the connection request that described receiving equipment sends, comprising:
The information of a keeper is at least added in display;
The interpolation instruction of receiving management person, and add corresponding Administrator Info according to described interpolation instruction, described Administrator Info comprises the unique identification of the wireless SSID belonging to described keeper and the wireless connections password of correspondence.
6. a multi-layer rights management device, is characterized in that, described device comprises:
Connection request receiving element, for the connection request that receiving equipment sends, described connection request carries connection password;
Connection establishment unit, when the connection password for carrying at connection request mates with the connection password of pre-stored, connects with described equipment;
Device information update unit, for upgrading the information of described equipment to the connected device information list adding keeper;
Priority assignation information receiving unit, for receiving also, storage administrator is according to the priority assignation information of the delivering of described equipment, and described priority assignation information comprises the access authority information of equipment;
Operation requests processing unit, for the operation requests that equipment according to described priority assignation information processing sends.
7. device according to claim 6, is characterized in that, described device information update unit comprises:
Access way judge module, for judging whether the access way connected with described equipment is wireless mode;
First information update module, for when the access way connected with described equipment is wireless mode, the information upgrading described equipment is to the connected device information list of keeper corresponding to the service set SSID of described equipment connection, and, upgrade essential information in the information of the described equipment connected device information list to keeper corresponding to the SSID of non-described equipment connection; Essential information in the information of described equipment comprises the unique identification of described equipment;
Second information updating module, for when the access way connected with described equipment is wired mode, upgrades the information of described equipment to all connected device information lists having added keeper.
8. device according to claim 6, is characterized in that, described device comprises:
Equipment state setting unit is inaccessible state for arranging described equipment.
9. device according to claim 6, is characterized in that, described operation requests processing unit comprises:
Operation requests receiver module, for receiving the operation requests that described equipment sends, described operation requests comprises the network information at accessed equipment place and the unique identification of accessed equipment;
Operating right judge module, for judging whether the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, when the priority assignation information of described equipment does not allow the network at accessed equipment place described in described device access, refuse the operation requests of described equipment, when the priority assignation information of described equipment allows the network at accessed equipment place described in described device access, then judge whether the priority assignation information of described equipment allows accessed equipment described in described device access, when the priority assignation information of described equipment does not allow accessed equipment described in described device access, refuse the operation requests of described equipment.
10. device according to claim 6, is characterized in that, described device comprises:
Information Tip element, for showing the information of at least adding a keeper;
Administrator Info's receiving element, for the interpolation instruction of receiving management person, and adds corresponding Administrator Info according to described interpolation instruction, and described Administrator Info comprises the unique identification of the wireless SSID belonging to described keeper and the wireless connections password of correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510200482.XA CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510200482.XA CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104935572A true CN104935572A (en) | 2015-09-23 |
| CN104935572B CN104935572B (en) | 2018-07-31 |
Family
ID=54122544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510200482.XA Active CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104935572B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
| CN105228141A (en) * | 2015-09-28 | 2016-01-06 | 小米科技有限责任公司 | A kind of methods, devices and systems set up network and connect |
| CN106713340A (en) * | 2017-01-04 | 2017-05-24 | 深圳开维教育信息技术股份有限公司 | Multi-hierarchy user permission management method |
| CN107306267A (en) * | 2016-04-25 | 2017-10-31 | 西门子公司 | Method and apparatus for controlling wireless network access |
| WO2018058976A1 (en) * | 2016-09-30 | 2018-04-05 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
| CN108038367A (en) * | 2017-12-07 | 2018-05-15 | 上海摩软通讯技术有限公司 | The control method and system of the rights management of user equipment |
| CN110050438A (en) * | 2016-12-12 | 2019-07-23 | 华为技术有限公司 | A kind of right management method, relevant device and system |
| CN110048864A (en) * | 2019-03-22 | 2019-07-23 | 北京众纳鑫海网络技术有限公司 | The method and apparatus that the administrator of message group specific to equipment is verified |
| CN111818022A (en) * | 2020-06-20 | 2020-10-23 | 深圳市众创达企业咨询策划有限公司 | User management system and method based on new generation information technology |
| CN112105022A (en) * | 2019-09-26 | 2020-12-18 | 上海技腾通讯设备有限公司 | Wireless local area network access device and working method thereof |
| CN112612397A (en) * | 2020-12-30 | 2021-04-06 | 广州酷狗计算机科技有限公司 | Multimedia list management method, device, equipment and storage medium |
| CN116095683A (en) * | 2023-04-11 | 2023-05-09 | 微网优联科技(成都)有限公司 | Network security protection method and device for wireless router |
| CN116367159A (en) * | 2023-05-31 | 2023-06-30 | 深圳市华曦达科技股份有限公司 | Method and device for synchronizing information of WiFi anti-scratch network of master-slave equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
| US20140189806A1 (en) * | 2012-12-27 | 2014-07-03 | Mitac International Corp. | Wireless Network Linking System and Method of Obtaining Access Right of Network Thereof |
| CN104244373A (en) * | 2014-08-29 | 2014-12-24 | 苏州汉明科技有限公司 | Method for wireless terminal to join wireless network |
| CN104320384A (en) * | 2014-10-09 | 2015-01-28 | 深圳创维数字技术有限公司 | Wireless router control method and device |
| CN104469762A (en) * | 2013-09-12 | 2015-03-25 | 西安龙飞网络科技有限公司 | User grading control system of 3G/WIFI wireless router |
-
2015
- 2015-04-24 CN CN201510200482.XA patent/CN104935572B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
| US20140189806A1 (en) * | 2012-12-27 | 2014-07-03 | Mitac International Corp. | Wireless Network Linking System and Method of Obtaining Access Right of Network Thereof |
| CN104469762A (en) * | 2013-09-12 | 2015-03-25 | 西安龙飞网络科技有限公司 | User grading control system of 3G/WIFI wireless router |
| CN104244373A (en) * | 2014-08-29 | 2014-12-24 | 苏州汉明科技有限公司 | Method for wireless terminal to join wireless network |
| CN104320384A (en) * | 2014-10-09 | 2015-01-28 | 深圳创维数字技术有限公司 | Wireless router control method and device |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105228141A (en) * | 2015-09-28 | 2016-01-06 | 小米科技有限责任公司 | A kind of methods, devices and systems set up network and connect |
| CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
| CN107306267A (en) * | 2016-04-25 | 2017-10-31 | 西门子公司 | Method and apparatus for controlling wireless network access |
| WO2018058976A1 (en) * | 2016-09-30 | 2018-04-05 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
| CN110050438B (en) * | 2016-12-12 | 2020-09-29 | 华为技术有限公司 | Authority management method, related equipment and system |
| CN110050438A (en) * | 2016-12-12 | 2019-07-23 | 华为技术有限公司 | A kind of right management method, relevant device and system |
| US11399026B2 (en) | 2016-12-12 | 2022-07-26 | Huawei Technologies Co., Ltd. | Permission management method and system, and related device |
| CN106713340A (en) * | 2017-01-04 | 2017-05-24 | 深圳开维教育信息技术股份有限公司 | Multi-hierarchy user permission management method |
| CN108038367B (en) * | 2017-12-07 | 2021-02-26 | 上海摩软通讯技术有限公司 | Method and system for controlling authority management of user equipment |
| CN108038367A (en) * | 2017-12-07 | 2018-05-15 | 上海摩软通讯技术有限公司 | The control method and system of the rights management of user equipment |
| CN110048864B (en) * | 2019-03-22 | 2022-03-15 | 北京众纳鑫海网络技术有限公司 | Method and apparatus for authenticating an administrator of a device-specific message group |
| CN110048864A (en) * | 2019-03-22 | 2019-07-23 | 北京众纳鑫海网络技术有限公司 | The method and apparatus that the administrator of message group specific to equipment is verified |
| CN112105022A (en) * | 2019-09-26 | 2020-12-18 | 上海技腾通讯设备有限公司 | Wireless local area network access device and working method thereof |
| CN111818022B (en) * | 2020-06-20 | 2021-01-15 | 深圳市众创达企业咨询策划有限公司 | User management system and method based on new generation information technology |
| CN111818022A (en) * | 2020-06-20 | 2020-10-23 | 深圳市众创达企业咨询策划有限公司 | User management system and method based on new generation information technology |
| CN112612397A (en) * | 2020-12-30 | 2021-04-06 | 广州酷狗计算机科技有限公司 | Multimedia list management method, device, equipment and storage medium |
| CN112612397B (en) * | 2020-12-30 | 2022-08-23 | 广州酷狗计算机科技有限公司 | Multimedia list management method, device, equipment and storage medium |
| CN116095683A (en) * | 2023-04-11 | 2023-05-09 | 微网优联科技(成都)有限公司 | Network security protection method and device for wireless router |
| CN116367159A (en) * | 2023-05-31 | 2023-06-30 | 深圳市华曦达科技股份有限公司 | Method and device for synchronizing information of WiFi anti-scratch network of master-slave equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104935572B (en) | 2018-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104935572A (en) | Multilevel privilege management method and device | |
| JP6599341B2 (en) | Method, device and system for dynamic network access management | |
| EP3258663B1 (en) | Verification method, apparatus and system for network application access | |
| US9769655B2 (en) | Sharing security keys with headless devices | |
| US7669232B2 (en) | Dynamic authentication in secured wireless networks | |
| US9071583B2 (en) | Provisioned configuration for automatic wireless connection | |
| CN101816165B (en) | Determine whether to authorize femtocell to be provided to the method for the connectedness of mobile unit | |
| US20070266422A1 (en) | Centralized Dynamic Security Control for a Mobile Device Network | |
| CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
| CN103929748A (en) | Internet of things wireless terminal, configuration method thereof and wireless network access point | |
| CN101296138B (en) | Wireless terminal configuration generating method, system and device | |
| CN101986598B (en) | Authentication method, server and system | |
| CN116011005A (en) | Method and system for preventing phishing or luxury software attacks | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| CN103763370B (en) | A kind of method, system and device for changing mobile terminal workspace screen-lock password | |
| US10255427B2 (en) | Authorization of unique computer device specimens | |
| CN102972005B (en) | Pay authentication method | |
| CN106102066A (en) | A kind of wireless network secure certification devices and methods therefor, a kind of router | |
| CN103069767A (en) | Consigning authentication method | |
| CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
| CN110933018B (en) | Network authentication method, device and computer storage medium | |
| CN105812338A (en) | Data access management and control method and network management equipment | |
| CN103916404A (en) | Data management method and system | |
| CN105451225A (en) | An access authentication method and an access authentication device | |
| CN103188266A (en) | Address allocation recovery dynamic control method and system based on ezvpn |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |