CN107295504B - Control method for Wi-Fi protection setting and gateway equipment - Google Patents

Control method for Wi-Fi protection setting and gateway equipment Download PDF

Info

Publication number
CN107295504B
CN107295504B CN201710486221.8A CN201710486221A CN107295504B CN 107295504 B CN107295504 B CN 107295504B CN 201710486221 A CN201710486221 A CN 201710486221A CN 107295504 B CN107295504 B CN 107295504B
Authority
CN
China
Prior art keywords
ssid
temporary
client
address
temporary ssid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710486221.8A
Other languages
Chinese (zh)
Other versions
CN107295504A (en
Inventor
单晓森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Broadband Multimedia Technology Co Ltd
Original Assignee
Hisense Broadband Multimedia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Broadband Multimedia Technology Co Ltd filed Critical Hisense Broadband Multimedia Technology Co Ltd
Priority to CN201710486221.8A priority Critical patent/CN107295504B/en
Publication of CN107295504A publication Critical patent/CN107295504A/en
Application granted granted Critical
Publication of CN107295504B publication Critical patent/CN107295504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a control method of Wi-Fi protection setting and gateway equipment. The Wi-Fi protection setting control method provided by the application comprises the following steps: when receiving the trigger of the temporary service set identifier SSID, generating and recording the temporary SSID; if the client is determined to be connected to the wireless network through the temporary SSID, requesting a Dynamic Host Configuration Protocol (DHCP) server to allocate an Internet Protocol (IP) address to the client, and recording the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID; and if the client is determined to be disconnected from the wireless network, deleting the recorded corresponding relation and the temporary SSID. The control method of Wi-Fi protection setting and the gateway device can improve the safety of network connection.

Description

Control method for Wi-Fi protection setting and gateway equipment
Technical Field
The present application relates to the field of network security, and in particular, to a control method for Wi-Fi protection setting and a gateway device.
Background
Wi-Fi Protected Setup (WPS for short) is an authentication project implemented by a Wi-Fi alliance organization and is mainly used for solving the problem that steps of wireless network encryption Setup are too complicated.
In a conventional manner, when a user creates a new wireless network, a Service Set Identifier (SSID) and a wireless network connection password must be manually Set on a gateway device. After the setting is completed, the client needs to connect to the wireless network, and a long wireless network connection password needs to be input to access the wireless network. Wi-Fi protected settings can simplify this process. At present, a WPS button is often arranged on a body of a gateway device with a WPS function. Thus, after the SSID and the wireless network connection password are configured, when the client needs to access the wireless network, the connection of the wireless network can be easily and quickly completed only by slightly pressing the button (specifically, when the button is pressed, the gateway device sends the configured SSID and the wireless network connection password to the client for starting the WPS function, and thus, the client for starting the WPS function can quickly complete the connection of the wireless network without manually inputting a lengthy wireless network connection password).
When the client establishes wireless network connection through the WPS button, the user does not need to manually search the SSID and input a wireless network connection password. However, after the client accesses the wireless network through the WPS button, the SSID and the wireless network connection password of the wireless network are stored on the client, and particularly when the visitor client accesses the wireless network, the visitor client stores the SSID and the wireless network connection password of the wireless network, so that the password is easily leaked, and after the password is leaked, other clients access the wireless network through the leaked password, and the network connection security is low.
Disclosure of Invention
In view of this, the present application provides a method for controlling Wi-Fi protected settings and a gateway device, so as to solve the problem that the existing Wi-Fi protected settings are low in security.
The first aspect of the present application provides a method for controlling Wi-Fi protection settings, where the method is applied to a gateway device, and the method includes:
when receiving the trigger of the temporary service set identifier SSID, generating and recording the temporary SSID;
if the client is determined to be connected to the wireless network through the temporary SSID, requesting a Dynamic Host Configuration Protocol (DHCP) server to allocate an Internet Protocol (IP) address to the client, and recording the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID;
and if the client is determined to be disconnected from the wireless network, deleting the recorded corresponding relation and the temporary SSID.
Further, the deleting the recorded temporary SSID specifically includes:
when the set detection period is reached, aiming at each recorded temporary SSID, searching the corresponding relation containing the IP address corresponding to the temporary SSID from the recorded corresponding relation;
and if the temporary SSID is not found, deleting the temporary SSID.
Further, after the recording the correspondence between the IP address allocated to the client by the DHCP server and the temporary SSID, the method further includes:
and when the updating condition of the IP address occurs, updating the IP address in the corresponding relation.
Further, the generating the temporary SSID specifically includes:
and automatically generating a random character string, and adding the random character string to the specified position of the primary SSID stored in the gateway equipment to form a temporary SSID.
Further, after generating and recording the temporary SSID, the method further comprises:
and setting the access authority of the temporary SSID so as to control the client connected to the wireless network through the temporary SSID to access network resources through the access authority.
Further, the trigger of the temporary service set identifier SSID is generated by a physical key or a virtual key on the gateway device when a setting operation is performed; in the alternative, the first and second sets of the first,
the trigger of the temporary service set identifier SSID is generated by an application APP corresponding to the gateway device or a virtual key on a webpage when a setting operation is executed.
A second aspect of the present application provides a gateway device, including: a creation module, a processing module, and a deletion module, wherein,
the creation module is used for generating and recording a temporary Service Set Identifier (SSID) when receiving the trigger of the SSID;
the processing module is used for requesting a Dynamic Host Configuration Protocol (DHCP) server to allocate an Internet Protocol (IP) address to the client and recording the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID if the client is determined to be connected to the wireless network through the temporary SSID;
and the deleting module is used for deleting the recorded corresponding relation and the temporary SSID if the client is determined to be disconnected from the wireless network connection.
Further, the deletion module comprises a search unit and a deletion unit, wherein,
the searching unit is used for searching the corresponding relation containing the IP address corresponding to each recorded temporary SSID from the recorded corresponding relation when the set detection period is reached;
and the deleting unit is used for deleting the temporary SSID when the corresponding relation containing the IP address corresponding to the temporary SSID is not found in the recorded corresponding relation by the searching unit.
Further, the processing module is further configured to, after recording a correspondence between the IP address allocated to the client by the DHCP server and the temporary SSID, update the IP address in the correspondence when an update condition of the IP address occurs.
Further, the creating module is specifically configured to automatically generate a random string, and add the random string to a specified location of the primary SSID stored in the gateway device to form a temporary SSID.
Further, the processing module is further configured to set an access right of the temporary SSID after the creation module generates and records the temporary SSID, so as to control a client connected to a wireless network through the temporary SSID to access a network resource through the access right.
Further, the trigger of the temporary service set identifier SSID is generated by a physical key or a virtual key on the gateway device when a setting operation is performed; in the alternative, the first and second sets of the first,
the trigger of the temporary service set identifier SSID is generated by an application APP corresponding to the gateway device or a virtual key on a webpage when a setting operation is executed.
According to the control method and the gateway device for Wi-Fi protection setting, when the trigger of the temporary service set identifier SSID is received, the temporary SSID is generated and recorded, and therefore the visitor client can be connected with a wireless network through the temporary SSID. Further, if it is determined that the client is connected to the wireless network through the temporary SSID, an internet protocol IP address is allocated to the client by requesting a dynamic host configuration protocol DHCP server, and a correspondence between the IP address allocated to the client by the DHCP server and the temporary SSID is recorded, and further, if it is determined that the client is disconnected from the wireless network, the recorded correspondence is deleted, and the recorded temporary SSID is deleted. In this way, the recorded provisional SSID is deleted, thereby disabling the provisional SSID. Thus, even if the temporary SSID is leaked, other clients cannot be connected to the wireless network through the temporary SSID because the gateway device does not already have the temporary SSID, and the security of network connection can be improved.
Drawings
FIG. 1 is a flowchart of a first embodiment of a method for controlling Wi-Fi protection settings according to the present application;
FIG. 2 is a flowchart of a second embodiment of a method for controlling Wi-Fi protection settings according to the present application;
FIG. 3 is a schematic diagram of an application scenario of the control method for Wi-Fi protection setting of the present application;
fig. 4 is a schematic structural diagram of a gateway device according to a first embodiment of the present application;
fig. 5 is a schematic structural diagram of a second gateway device according to the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The application provides a control method of Wi-Fi protection setting and gateway equipment, and aims to solve the problem that the existing Wi-Fi protection setting is low in network connection safety.
The control method for Wi-Fi protection setting can be applied to gateway equipment. For example, the method can be applied to a home gateway (for example, a router), and can also be applied to a triple-network convergence product using a Passive Optical Network (PON) device.
The technical solution of the present application will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 1 is a flowchart of a first embodiment of a method for controlling Wi-Fi protection settings according to the present application. The execution subject of this embodiment is a gateway device. Referring to fig. 1, the method provided in this embodiment may include:
s101, when receiving a trigger of a temporary Service Set Identifier (SSID), generating and recording the temporary SSID; and the temporary SSID is used for connecting the client with a wireless network.
It should be noted that the client in this embodiment refers specifically to a guest client. Alternatively, the above-mentioned temporary service set identification SSID trigger may be generated by a physical key or a virtual key on the gateway device when a setting operation is performed. For example, in one possible implementation, the temporary service set identification SSID trigger is generated by a WPS button on the gateway device when pressed for more than 2 seconds. As another example, the temporary service set identification SSID trigger is generated by a WPS key on the gateway device when pressed twice in succession. For another example, a temporary service set identifier SSID trigger key may be further disposed on the gateway device, where the temporary service set identifier SSID trigger is generated when the key is pressed. The trigger of the SSID may be generated by an application APP corresponding to the gateway device or a virtual key on a web page when a setting operation is performed. For example, a virtual key may be set on an Application program (APP) corresponding to the gateway device, and when the virtual key is pressed, a temporary service set identifier SSID trigger is generated. The following description will be given taking as an example that "the temporary service set identification SSID trigger is generated by the WPS key on the gateway device when pressed twice in succession".
In order to ensure network security, when the provisional SSID is generated, a password for encrypting the provisional SSID may be generated at the same time.
Optionally, in an embodiment, the temporary SSID may be generated as follows, the method including: and automatically generating a random character string, and adding the random character string to a specified position of the primary SSID stored in the gateway equipment to form a temporary SSID.
Specifically, the designated position is set according to actual needs, and in this embodiment, the designated position is not limited. For example, the above-described random character string may be added to the primary SSID to constitute a provisional SSID; as another example, a random string may be added to the primary SSID prior to composing the provisional SSID. The following description will be made by taking "a provisional SSID is composed after adding the above-described random character string to the primary SSID" as an example. It should be noted that the primary SSID is used for the client of the family member to connect to the wireless network.
Specifically, the above-mentioned provisional SSID and the password for encrypting the above-mentioned provisional SSID are recorded in the configuration file of the gateway device.
In connection with the above description, for example, when visitor 1 visits, in order for guest 1's client 1 to connect to the wireless network. At this time, the family member may continuously press the WPS key on the gateway device twice (the WPS key on the gateway device generates the temporary service set identification SSID trigger when continuously pressed twice), so that the gateway device receives the temporary service set identification SSID trigger. Accordingly, when the gateway device receives the temporary service set identification SSID trigger, a temporary SSID for the client 1 of the guest 1 to connect to the wireless network is generated (at this time, when the client 1 of the guest 1 turns on the WPS function, the client 1 of the guest 1 can connect to the wireless network through the temporary SSID). For example, in one embodiment, the primary SSID is family and the generated temporary SSID is family 123.
S102, if the client is connected to the wireless network through the temporary SSID, a Dynamic Host Configuration Protocol (DHCP) server is requested to allocate an Internet Protocol (IP) address to the client, and the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID is recorded.
It should be noted that, after the gateway device generates the temporary SSID, it sends the temporary SSID to the client that starts the WPS function (note that, if the gateway device also generates a password for encrypting the temporary SSID while generating the temporary SSID, at this time, the gateway device sends both the generated temporary SSID and the password for encrypting the temporary SSID to the client that starts the WPS function), so that the client can connect to the wireless network through the temporary SSID (in combination with the above example, the client 1 of the visitor 1 starts the WPS function, at this time, the gateway device sends the generated temporary SSID and the password for encrypting the temporary SSID (family123) to the client 1 that starts the WPS function, so that the client 1 of the visitor 1 can connect to the wireless network through the SSID). It should be noted that each time a trigger is triggered, only one client is allowed to connect to the wireless network, and when there are other clients that need to connect to the wireless network, the operation needs to be performed again (for example, when visitor 2 visits, at this time, in order for visitor 2's client 2 to connect to the wireless network. at this time, the family member needs to press the WPS button on the gateway device twice in succession again to cause the gateway device to generate a temporary SSID for visitor 2's client 2 to connect to the wireless network).
With reference to the above example, in this step, when it is determined that the client 1 is connected to the wireless network through the above temporary SSID, the client 1 is requested to be allocated an internet protocol IP address by a DHCP server. It should be noted that the DHCP server may or may not be integrated in the gateway device. When the gateway device does not have the integrated DHCP server, when the DHCP server is requested to allocate an IP address to the client device, the DHCP server is requested to return allocation information (i.e., the DHCP server is requested to inform the IP address allocated to the client).
Further, after the DHCP server assigns an IP address to the client, in this step, a correspondence between the IP address assigned to the client by the DHCP server and the temporary SSID is recorded, that is, the temporary SSID and the IP address assigned to the client 1 connected to the wireless network by the DHCP server are recorded as one node. For example, in one embodiment, the client 1 connects to the wireless network through the above-mentioned temporary SSID (family123), and the IP address allocated to the client 1 by the DHCP server is: 192.168.1.12, the correspondence is as follows: client 1, family123, 192.168.1.12.
And S103, deleting the recorded corresponding relation and deleting the recorded temporary SSID if the client is determined to disconnect the wireless network connection.
Specifically, when the gateway device is integrated with a DHCP server, it may be determined whether the client disconnects from the network according to the following method: that is, a DHCP server in the gateway equipment sends a query message to the client terminal which is allocated with the IP address according to a preset time interval; and when the response message returned by the client is not received for a preset number of times (for example, the number of times may be 3), determining that the client disconnects the wireless network. Of course, when the gateway device does not integrate the DHCP server, at this time, it may be determined whether the client disconnects the wireless network according to the WiFi protocol. The specific implementation process and implementation principle of determining whether the client disconnects the wireless network connection according to the WiFi protocol may be referred to the description in the prior art, and will not be described here.
Specifically, in the above example, when it is determined that the client 1 disconnects the wireless network connection, in this step, the recorded correspondence relationship (client 1, family123, 192.168.1.12) is deleted, and the recorded provisional SSID (family123) is deleted. It should be noted that, in a specific implementation, multiple clients (guest clients) may be connected to the wireless network simultaneously (each client is connected to the wireless network through a temporary SSID), and at this time, multiple sets of corresponding relationships are recorded in the gateway device. Therefore, at this time, when the client 1 disconnects the network connection, and deletes the recorded correspondence, it is necessary to find the correspondence including the IP address from the recorded correspondence according to the IP address released by the client 1 that disconnects the wireless network at this time, delete the correspondence, and further delete the recorded temporary SSID corresponding to the IP address. When the SSID is generated and the password for encrypting the SSID is generated at the same time, the password for encrypting the SSID is also deleted at the same time when the SSID is deleted in this step.
In the method provided by the embodiment, when the trigger of the temporary service set identifier SSID is received, the temporary SSID and the password for encrypting the temporary SSID are generated and recorded, so that the guest client can connect to the wireless network through the temporary SSID. Further, if it is determined that the client is connected to the wireless network through the temporary SSID, an internet protocol IP address is allocated to the client by requesting a dynamic host configuration protocol DHCP server, and a correspondence between the IP address allocated to the client by the DHCP server and the temporary SSID is recorded, and further, if it is determined that the client is disconnected from the wireless network, the recorded correspondence is deleted, and the recorded temporary SSID is deleted. In this way, the recorded provisional SSID is deleted, thereby disabling the provisional SSID. Thus, even if the temporary SSID is leaked, other clients cannot be connected to the wireless network through the temporary SSID because the gateway device does not already have the temporary SSID, and the security of network connection can be improved.
Further, in a possible implementation manner of the present application, after step S103, the method further includes:
and when the updating condition of the IP address occurs, updating the IP address in the corresponding relation.
Specifically, the update condition of the IP address may be that a lease period of the IP address allocated to the client by the DHCP server expires, and the DHCP server allocates a new IP address to the client; or the previously allocated IP address conflicts, and the DHCP server allocates a new IP address to the client. For example, in an embodiment, after the lease period of the IP address allocated to the client by the DHCP server expires, the new IP address allocated to the client by the DHCP server is 192.198.1.15, at this time, the IP address in the correspondence relationship is updated, and the updated correspondence relationship is: client 1, family123, 192.168.1.15. When updating the IP address in the correspondence relationship, the correspondence relationship including the old IP address may be found from the old IP, and the IP address in the found correspondence relationship may be updated to the new IP address.
The method provided by this embodiment updates the IP address in the recorded correspondence when the update condition of the IP address occurs. Therefore, after the client disconnects the network connection, the corresponding relation containing the IP address can be accurately found according to the IP address released by the client, and then the corresponding relation is deleted. Thus, efficiency can be improved.
Optionally, in a possible implementation manner of the present application, after step S101, the method may further include:
and setting the access authority of the temporary SSID so as to control the client connected to the wireless network through the temporary SSID to access network resources through the access authority.
For example, a client connected to the wireless network through the above-mentioned provisional SSID may be blocked from accessing the internal network by the above-mentioned access right. It should be noted that, for how to set the access right of the temporary SSID, a specific implementation procedure and implementation principle for controlling, through the access right, the client connected to the wireless network through the temporary SSID to access the network resource may be referred to in the description of the prior art, and details are not described here.
In the method provided by this embodiment, after the temporary SSID is generated, the access right of the temporary SSID is set, so that a client connected to a wireless network through the temporary SSID is controlled to access network resources through the access right. Therefore, the access authority of the visitor client can be effectively controlled, and the network security is further improved (for example, the visitor client can be prevented from accessing the internal network by setting the access authority, so that the internal information can be prevented from being leaked).
Fig. 2 is a flowchart of a second embodiment of a method for controlling Wi-Fi protection settings according to the present application. The present embodiment relates to a specific process for deleting a recorded temporary SSID, where deleting the recorded temporary SSID on the basis of the above embodiment specifically includes:
s201, when the set detection period is reached, aiming at each recorded temporary SSID, searching the corresponding relation containing the IP address corresponding to the temporary SSID from the recorded corresponding relation.
S202, if the temporary SSID is not found, deleting the temporary SSID.
The set detection period is set according to actual needs, and in the present embodiment, the set detection period is not limited. For example, the set detection period may be 1800 seconds.
A specific example is given below for describing in detail the control method of the Wi-Fi protection settings provided in the present application. Fig. 3 is a schematic view of an application scenario of the control method for Wi-Fi protection setting according to the present application. Referring to fig. 3, for example, in an embodiment, there are three visitors visiting, and the clients of the three visitors are client 1, client 2 and client 3, respectively, at this time, the clients of the three visitors are all connected to the wireless network through the temporary SSID, the temporary SSID recorded in the gateway device is shown in table one, and the recorded correspondence relationship is shown in table two:
table one recorded SSID
Temporary SSID Passwords for encrypting temporary SSIDs
family123 123456
family456 1234567
family789 12345678
Corresponding relation recorded in table two
Figure BDA0001330526670000101
Figure BDA0001330526670000111
At a certain moment, after the visitor 1 leaves, at this time, the client 1 disconnects the network connection, the client 1 releases the IP address (192.168.1.12) assigned thereto, the gateway device finds the corresponding relationship (visitor 1, family123, 192.168.1.12) including the IP address from the recorded corresponding relationship, and deletes the corresponding relationship, at this time, the recorded corresponding relationship becomes as shown in table three:
correspondence recorded in table three
Identity Temporary SSID Assigned IP address
Visitor 2 family456 192.168.1.13
Visitor 3 family789 192.168.1.14
Further, when the set detection period is reached, for each recorded temporary SSID, a correspondence relation including an IP address corresponding to the temporary SSID is searched for from the recorded correspondence relation. With reference to the above example, that is, for family123, a corresponding relationship containing an IP address corresponding to family123 is searched from the recorded corresponding relationship; for family456, searching the recorded corresponding relation for the corresponding relation containing the IP address corresponding to family 456; for family789, the correspondence including the IP address corresponding to family789 is searched for from the recorded correspondences. At this time, since the visitor 1 has left, the recorded correspondence has become as shown in table three, and at this time, the correspondence containing the IP address corresponding to family123 is found out by searching. At this point, the recorded family123 is deleted. At this time, the recorded SSID is as shown in table four:
TABLE IV SSID recorded
Temporary SSID Passwords for encrypting temporary SSIDs
family456 1234567
family789 12345678
Note that, when the visitor 1 leaves, the temporary SSID (family123) for the client 1 of the visitor 1 to connect to the wireless network is deleted, and thus the SSID is invalidated. Thus, even if the SSID is leaked, other clients cannot be connected with the wireless network through the SSID, and the security of network connection is high.
For another example, at the next time, if the visitor 2 also leaves, at this time, the client 2 disconnects the network connection, the client 2 releases the IP address (192.168.1.13) assigned thereto, the gateway device finds the corresponding relationship (visitor 2, family456, 192.168.1.13) including the IP address from the recorded corresponding relationship, and deletes the corresponding relationship, at this time, the recorded corresponding relationship is changed to table five:
table five recorded corresponding relation
Identity Temporary SSID Assigned IP address
Visitor 3 family789 192.168.1.14
Then, when the set detection period is reached, for each recorded temporary SSID, a correspondence relationship including an IP address corresponding to the temporary SSID is searched for from the recorded correspondence relationship. With reference to the above example, that is, for family456, a corresponding relationship containing an IP address corresponding to family456 is searched from the recorded corresponding relationship; for family789, the correspondence including the IP address corresponding to family789 is searched for from the recorded correspondences. At this time, since the visitor 2 has left, the recorded correspondence becomes as shown in table five, and at this time, the correspondence including the IP address corresponding to family456 is found out by searching. At this point, the recorded family456 is deleted, so that the recorded SSID is as shown in Table six:
TABLE VI SSID recorded
Temporary SSID Passwords for encrypting temporary SSIDs
family789 12345678
Likewise, when the visitor 2 leaves, the temporary SSID (family456) for the client 2 of the visitor 2 to connect to the wireless network is invalidated by being deleted. Thus, even if the SSID is leaked, other clients cannot be connected with the wireless network through the SSID, and the security of network connection is high.
In the method provided in this embodiment, when the set detection period arrives, for each recorded temporary SSID, the corresponding relationship including the IP address corresponding to the temporary SSID is searched from the recorded corresponding relationship, and when the corresponding relationship is not searched, the temporary SSID is deleted. In this way, the SSID may be invalidated. Thus, even if the temporary SSID is leaked, other clients cannot be connected to the wireless network through the temporary SSID because the gateway device does not already have the temporary SSID, and the security of network connection can be improved.
Fig. 4 is a schematic structural diagram of a gateway device according to a first embodiment of the present application. The gateway device can be implemented by software, hardware or a combination of software and hardware. Referring to fig. 4, the gateway device provided in this embodiment includes: a creation module 100, a processing module 200, and a deletion module 300, wherein,
the creating module 100 is configured to generate and record a temporary SSID when receiving a trigger of the temporary service set identifier SSID; wherein the temporary SSID is used for a client to connect to a wireless network;
the processing module 200 is configured to, if it is determined that the client is connected to the wireless network through the temporary SSID, request a dynamic host configuration protocol DHCP server to allocate an internet protocol IP address to the client, and record a correspondence between the IP address allocated to the client by the DHCP server and the temporary SSID;
the deleting module 300 is configured to delete the recorded correspondence and delete the recorded temporary SSID if it is determined that the client disconnects the wireless network connection.
The gateway device of this embodiment may be configured to execute the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a second gateway device according to the present application. Referring to fig. 5, on the basis of the foregoing embodiment, in the gateway device provided in this embodiment, the deleting module 300 includes a searching unit 301 and a deleting unit 302, wherein,
the searching unit 301 is configured to search, for each recorded temporary SSID, a corresponding relationship including an IP address corresponding to the temporary SSID from the recorded corresponding relationship when the set detection period arrives;
the deleting unit 302 is configured to delete the temporary SSID when the searching unit 301 does not find the corresponding relationship including the IP address corresponding to the temporary SSID from the recorded corresponding relationship.
The gateway device of this embodiment may be configured to execute the technical solution of the method embodiment shown in fig. 2, and the implementation principle and the technical effect are similar, which are not described herein again.
Further, the processing module 200 is further configured to, after recording a corresponding relationship between the IP address allocated to the client by the DHCP server and the temporary SSID, update the IP address in the corresponding relationship when an update condition of the IP address occurs.
Further, the creating module 100 is specifically configured to automatically generate a random character string, and add the random character string to a specified location of the primary SSID stored in the gateway device to form a temporary SSID.
Further, the processing module 200 is further configured to, after the creating module 100 generates and records a temporary SSID, set an access right of the temporary SSID to control, by the access right, a client connected to a wireless network through the temporary SSID to access a network resource.
Further, the trigger of the temporary service set identifier SSID is generated by a physical key or a virtual key on the gateway device when a setting operation is performed; in the alternative, the first and second sets of the first,
the trigger of the temporary service set identifier SSID is generated by an application APP corresponding to the gateway device or a virtual key on a webpage when a setting operation is executed.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The aforementioned program may be stored in a readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (8)

1. A control method of Wi-Fi protection setting is characterized in that the method is applied to a gateway device and comprises the following steps:
when receiving the trigger of the temporary service set identifier SSID, generating and recording the temporary SSID;
if the client is determined to be connected to the wireless network through the temporary SSID, requesting a Dynamic Host Configuration Protocol (DHCP) server to allocate an Internet Protocol (IP) address to the client, and recording the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID;
if the client is determined to be disconnected from the wireless network connection, deleting the recorded corresponding relation and the temporary SSID;
the deleting the recorded temporary SSID specifically includes:
when the set detection period is reached, aiming at each recorded temporary SSID, searching the corresponding relation containing the IP address corresponding to the temporary SSID from the recorded corresponding relation;
and if the temporary SSID is not found, deleting the temporary SSID.
2. The method according to claim 1, wherein after the recording of the correspondence between the IP address assigned to the client by the DHCP server and the temporary SSID, the method further comprises:
and when the updating condition of the IP address occurs, updating the IP address in the corresponding relation.
3. The method according to claim 1, wherein the generating a temporary SSID specifically comprises:
and automatically generating a random character string, and adding the random character string to the specified position of the primary SSID stored in the gateway equipment to form a temporary SSID.
4. The method of claim 1, wherein after said generating and recording a temporary SSID, the method further comprises:
and setting the access authority of the temporary SSID so as to control the client connected to the wireless network through the temporary SSID to access network resources through the access authority.
5. The method of claim 1,
the trigger of the temporary service set identifier SSID is generated by a physical key or a virtual key on the gateway equipment when a setting operation is executed; in the alternative, the first and second sets of the first,
the trigger of the temporary service set identifier SSID is generated by an application APP corresponding to the gateway device or a virtual key on a webpage when a setting operation is executed.
6. A gateway device, comprising: a creation module, a processing module, and a deletion module, wherein,
the creation module is used for generating and recording a temporary Service Set Identifier (SSID) when receiving the trigger of the SSID;
the processing module is used for requesting a Dynamic Host Configuration Protocol (DHCP) server to allocate an Internet Protocol (IP) address to the client and recording the corresponding relation between the IP address allocated to the client by the DHCP server and the temporary SSID if the client is determined to be connected to the wireless network through the temporary SSID;
the deleting module is used for deleting the recorded corresponding relation and the temporary SSID if the client is determined to be disconnected from the wireless network;
the deletion module comprises a search unit and a deletion unit, wherein,
the searching unit is used for searching the corresponding relation containing the IP address corresponding to each recorded temporary SSID from the recorded corresponding relation when the set detection period is reached;
and the deleting unit is used for deleting the temporary SSID when the corresponding relation containing the IP address corresponding to the temporary SSID is not found in the recorded corresponding relation by the searching unit.
7. The gateway device of claim 6,
the processing module is further configured to, after recording a corresponding relationship between the IP address allocated to the client by the DHCP server and the temporary SSID, update the IP address in the corresponding relationship when an update condition of the IP address occurs.
8. The gateway device of claim 6,
the creation module is specifically configured to automatically generate a random character string, and add the random character string to a specified location of the primary SSID stored in the gateway device to form a temporary SSID.
CN201710486221.8A 2017-06-23 2017-06-23 Control method for Wi-Fi protection setting and gateway equipment Active CN107295504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710486221.8A CN107295504B (en) 2017-06-23 2017-06-23 Control method for Wi-Fi protection setting and gateway equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710486221.8A CN107295504B (en) 2017-06-23 2017-06-23 Control method for Wi-Fi protection setting and gateway equipment

Publications (2)

Publication Number Publication Date
CN107295504A CN107295504A (en) 2017-10-24
CN107295504B true CN107295504B (en) 2020-03-10

Family

ID=60098152

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710486221.8A Active CN107295504B (en) 2017-06-23 2017-06-23 Control method for Wi-Fi protection setting and gateway equipment

Country Status (1)

Country Link
CN (1) CN107295504B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110366173A (en) * 2019-08-23 2019-10-22 中国联合网络通信集团有限公司 A kind of method that realizing terminal equipment access network and gateway
CN113727336B (en) * 2021-09-13 2024-01-16 深圳市联洲国际技术有限公司 Operation method of IOT equipment and intelligent gateway, terminal equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860856A (en) * 2010-04-21 2010-10-13 杭州华三通信技术有限公司 Method and equipment for providing differentiated service in wireless local area network
CN101895875A (en) * 2010-07-29 2010-11-24 杭州华三通信技术有限公司 Method and system of using gateway device to provide differentiated services in wireless network
CN102711215A (en) * 2012-05-23 2012-10-03 海信集团有限公司 Method and system for automatically connecting wireless network and smart television
CN106547496A (en) * 2015-09-17 2017-03-29 佳能株式会社 The control method of the communicator with direct wireless communication function and communicator

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160337922A1 (en) * 2015-05-14 2016-11-17 Nokia Technologies Oy RAN-WLAN Traffic Steering

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860856A (en) * 2010-04-21 2010-10-13 杭州华三通信技术有限公司 Method and equipment for providing differentiated service in wireless local area network
CN101895875A (en) * 2010-07-29 2010-11-24 杭州华三通信技术有限公司 Method and system of using gateway device to provide differentiated services in wireless network
CN102711215A (en) * 2012-05-23 2012-10-03 海信集团有限公司 Method and system for automatically connecting wireless network and smart television
CN106547496A (en) * 2015-09-17 2017-03-29 佳能株式会社 The control method of the communicator with direct wireless communication function and communicator

Also Published As

Publication number Publication date
CN107295504A (en) 2017-10-24

Similar Documents

Publication Publication Date Title
US10666661B2 (en) Authorization processing method and device
US11178134B2 (en) Method and apparatus for allocating device identifiers
CN108337677B (en) Network authentication method and device
EP3512181B1 (en) Network access control
CN111107171B (en) Security defense method and device for DNS (Domain name Server), communication equipment and medium
US9973399B2 (en) IPV6 address tracing method, apparatus, and system
US9538357B2 (en) Method and apparatus for processing D2D device identity
JP2005072639A (en) Apparatus, method and program for assigning identifier
US10158602B2 (en) Method and apparatus for setting up an internet protocol address in a wireless communication system
CN104038402A (en) Method for realizing visitor network, and wireless router
WO2018196329A1 (en) Access device, authentication server, and method and system for controlling access of terminal device
WO2017219748A1 (en) Method and device for access permission determination and page access
CN106686592B (en) Network access method and system with authentication
CN105050086A (en) Method for terminal to log in Wifi hotspot
CN107295504B (en) Control method for Wi-Fi protection setting and gateway equipment
EP3016423A1 (en) Network safety monitoring method and system
US10863555B2 (en) Access method, apparatus, device, and system
CN109379339B (en) Portal authentication method and device
CN114238879A (en) Data processing method and device
JP2017520181A (en) Method, apparatus and system for controlling the total number of users attached online
WO2016090927A1 (en) Management method and system for sharing wlan and wlan sharing registration server
JP6503420B2 (en) Wireless communication terminal authentication control device, wireless communication terminal authentication control system, wireless communication terminal authentication control method, and program
CN106535189B (en) Network access control information configuration method and device and exit gateway
CN106572077B (en) A kind of gate verification method and device
CN110933199B (en) Address allocation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant