CN107306267A - Method and apparatus for controlling wireless network access - Google Patents
Method and apparatus for controlling wireless network access Download PDFInfo
- Publication number
- CN107306267A CN107306267A CN201610262789.7A CN201610262789A CN107306267A CN 107306267 A CN107306267 A CN 107306267A CN 201610262789 A CN201610262789 A CN 201610262789A CN 107306267 A CN107306267 A CN 107306267A
- Authority
- CN
- China
- Prior art keywords
- wireless network
- user equipment
- network
- related information
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiments of the invention provide the method and apparatus for controlling wireless network access.This method includes:The related information of at least one second wireless network is obtained, related information is used for the user equipment for indicating to be currently connected at least one second wireless network;Based on related information, it is determined whether meet control condition, control condition includes specifying user equipment to have been coupled at least one second wireless network;And based on whether meet the determination result of control condition, the connection between the first user equipment of control and the first wireless network.It can be seen that, the embodiments of the invention provide a kind of new NS software scheme, compared with being related to the authentication mode of password in the prior art, can be more flexible and NS software purpose be more effectively realized, so as to prevent the network access do not supervised.
Description
Technical field
The present invention relates to communication technical field, more particularly, to control wireless network access method and
Device.
Background technology
For the purpose of safety etc., it may be desirable to control access of the certain user to ad hoc wireless networks.
For example, in corporate environment, it may be desirable to control access of the enterprise visitor to enterprise wireless networks;
In home environment, it may be desirable to control access of the child to family wireless network;In industrial control condition
In, it may be desirable to the connection of production equipment and wireless network is limited in some cases;In Training Environment
In, it may be desirable to access of the student to the wireless network in Training Environment is controlled, and then limitation training is set
It is standby with the connection of wireless network etc..
At present, the access control to wireless network is typically realized by authentication mode, for example, being directed to
WLAN (Wireless Local Area Network, WLAN) can be protected using Wi-Fi and visited
2 (Wi-Fi Protected Access2, WPA2) modes are asked to realize access control.Specifically,
User needs to provide corresponding password or key when desiring access to wireless network, by server to close
After code or key are authenticated, the user can conduct interviews to the network.Or further,
The password or key can be effective in certain time period, or it can be taken by short message
Business is sent to the user.
However, existing this mode can not reach preferable access control purpose.If for example,
The password or key for accessing wireless network are compromised or propagated, then be just unable to reach network visit
Ask the purpose of control.Such as, under the scene of above-mentioned example, child is knowing family wireless network
After password or key, family wireless network can be accessed in the case where no father and mother supervise.Cause
This is, it is necessary to improved NS software scheme.
The content of the invention
In view of the above mentioned problem of prior art, The embodiment provides for controlling wireless network
The method and apparatus that network is accessed, can realize more flexible and effective NS software purpose.
A kind of method for controlling wireless network access according to embodiments of the present invention, including:Obtain
The related information of at least one second wireless network, the related information is currently connected to institute for instruction
State the user equipment of at least one second wireless network;Based on the related information, it is determined whether meet
Control condition, the control condition include specifying user equipment have been coupled to it is described at least one second
Wireless network;And based on whether meeting the determination result of the control condition, the first user of control sets
The standby connection between the first wireless network.
Wherein, the related information of at least one second wireless network includes described in the acquisition:From public
Storage resource reads the related information stored by least one described second wireless network.
Wherein, the related information of at least one second wireless network includes described in the acquisition:Obtain institute
Related information is stated, wherein the related information is received from least one described second wireless network.
Wherein, the connection bag controlled between first user equipment and first wireless network
Include:Permit the connection between first user equipment and first wireless network;Or refusal institute
State the connection between the first user equipment and first wireless network.
Wherein, the connection bag permitted between first user equipment and first wireless network
Include at least one in the following operation:Activate first wireless network;Or enable described
The white list of one wireless network, the white list includes first user equipment, wherein the white name
User equipment included by list has access rights to first wireless network.
Wherein, the connection bag refused between first user equipment and first wireless network
Include at least one in the following operation:Deactivate first wireless network;Or enable described
The blacklist of first wireless network, wherein the blacklist includes first user equipment, wherein,
User equipment included by the blacklist does not have access rights to first wireless network.
A kind of device for being used to control wireless network access according to embodiments of the present invention, including:Obtain
Module, the related information for obtaining at least one second wireless network, the related information is used to refer to
Show the user equipment for being currently connected at least one second wireless network;Judge module, for base
In the related information, it is determined whether meet control condition, the control condition includes specifying user to set
It is standby to have been coupled at least one described second wireless network;And control module, for based on described
Judge module is about whether the determination result for meeting the control condition, the first user equipment of control and the
Connection between one wireless network.
Wherein, the acquisition module is further used for:Read from common storage resource by described at least one
The related information of individual second wireless network storage.
Wherein, the acquisition module is further used for:The related information is obtained, wherein the association
Information is received from least one described second wireless network.
Wherein, the control module is further used for:Permit first user equipment and described first
Connection between wireless network;Or refuse first user equipment and first wireless network it
Between connection.
Wherein, for permitting what is be connected between first user equipment and first wireless network
The control module is further used for performing at least one in the following operation:Activate described first
Wireless network;Or enabling the white list of first wireless network, the white list includes described the
One user equipment, wherein the user equipment included by the white list has to first wireless network
Access rights.
Wherein, for refusing what is be connected between first user equipment and first wireless network
The control module is further used for performing at least one in the following operation:Deactivate described
One wireless network;Or the blacklist of first wireless network is enabled, wherein the blacklist includes
First user equipment, wherein, the user equipment included by the blacklist is wireless to described first
Network does not have access rights.
From the above, it can be seen that the embodiments of the invention provide a kind of new NS software scheme,
, can be more flexible and more effectively real compared with being related to the authentication mode of password in the prior art
Existing NS software purpose, so as to prevent the network access do not supervised.In addition, the present invention is implemented
The technical scheme that example is provided to the network hardware without carrying out additional modifications, it is not required that increases additionally
The network equipment, thus cost it is low and it is easy realize.
Brief description of the drawings
Further feature, feature, advantage and the benefit of the present invention passes through the detailed description below in conjunction with accompanying drawing
It will become apparent.
Figure 1A is the schematic diagram of an example of the scene that can apply the embodiment of the present invention.
Figure 1B is the schematic diagram of another example for the scene that can apply the embodiment of the present invention.
Fig. 1 C are the schematic diagrames of another example for the scene that can apply the embodiment of the present invention.
Fig. 2 is the signal according to an embodiment of the invention for being used to control the method for wireless network access
Property flow chart.
Fig. 3 is the signal according to an embodiment of the invention for being used to control the device of wireless network access
Figure.
Fig. 4 is the signal according to an embodiment of the invention for being used to control the device of wireless network access
Figure.
Embodiment
It is known that access point (Access Point, AP) can be configured to supply multiple virtual nothings
Gauze network.For example, single AP can be configured to supply one or more virtual wireless networks, it is multiple
AP can be configured as multiple virtual wireless networks or provide a virtual wireless network jointly.Can be with
Different network identifiers are set respectively for multiple virtual wireless networks.For example, being marked in IEEE 802.11
In standard, such network identifier is properly termed as ESSID (Extended Service Set
Identifier, ESSID).So, different user equipmenies can be selected accordingly based on ESSID
Virtual wireless network is accessed, so as to carry out network access.The technology that the embodiment of the present invention is provided
Scheme is based on such premise.
First, the applicable scene of the embodiment of the present invention is illustrated by example.It should be noted that following example
Son is intended merely to help those skilled in the art to more fully understand the embodiment of the present invention, and unrestricted is sent out
The scope of bright embodiment.
Figure 1A is the schematic diagram of an example of the scene that can apply the embodiment of the present invention.For example, figure
Scene shown in 1A can be home network environment.The scene can include AP 110A and wired bone
Dry net, wherein AP 110A may be coupled to wired backbone, and thus AP 110 can provide network visit
The service of asking.
In Figure 1A example, it is assumed that AP 110A can be configured as supporting virtual wireless network
120A-1 and 120A-2.Virtual wireless network 120A-1 and 120A-2 can have different respectively
ESSID。
Each user equipment can select corresponding virtual wireless network based on ESSID, to AP 110A
Initiate association request.AP 110A can be authenticated after association request is received to association request
Deng being asked in certification by being followed by by user equipment.Thus, just to access this corresponding for user equipment
Virtual wireless network.
For example, in Figure 1A example, user equipment 130A-1 can access wireless network 120A-1
Network access is carried out, and user equipment 130A-2 and 130A-3 can access wireless network 120A-2 and enter
Row network access.
It should be appreciated that for the ease of description, showing that an AP provides two virtual nothings in Figure 1A
Gauze network.And multiple AP are may be typically present in actual conditions.As described above, multiple AP can be by
It is configured to provide for multiple virtual wireless networks or a virtual wireless network is provided jointly.It is some compared with
In small-sized network, these AP are respectively provided with the relevant treatment energy to the association request of user equipment etc. in itself
Power (for example, certification etc.), and between them can by wired or be wirelessly in communication with each other,
To exchange the information related to communication process.In addition, these AP can also be by accessing public net
Network storage resource realizes the interaction of the information related to communication process.
In the case of catenet, for the ease of management, one or more AP controllers are usually provided with.
Each AP controllers can manage multiple AP.In this case, to the association request of user equipment
Deng processing function can realize that and AP can need not possess such in itself by AP controllers
Ability.Therefore, AP can forward association request after the association request of user equipment is received
Handled to AP controllers.In addition, in the case where there is AP controllers, also may be used between AP
So that without being in communication with each other, the information reporting related to communication process can be given AP controllers by them,
It is managed collectively by AP controllers.
Such scene will be illustrated by example below.It should be appreciated that for the ease of description,
Illustrated in Figure 1B and Fig. 1 C by taking two AP as an example.
Figure 1B is the schematic diagram of another example for the scene that can apply the embodiment of the present invention.For example, figure
Scene shown in 1B can be business network environment etc..As shown in Figure 1B, the scene can include two
Individual AP, i.e. AP 110B and AP 110C.AP 110B and AP 110C may be coupled to wired bone
Dry net (not shown), so as to provide network access service.
In the example in fig. 1b, it is assumed that AP 110B and AP 110C can be configured to supply three
Virtual wireless network 120B-1,120B-2 and 120B-3.As shown in Figure 1B, virtual wireless network
120B-2 can jointly be provided by AP 110B and AP 110C, and virtual wireless network 120B-1 can be with
There is provided by AP 110B, and virtual wireless network 120B-3 can be provided by AP 110C.Wherein, this
Three virtual wireless networks can have different ESSID respectively.
Each user equipment can select corresponding virtual wireless network based on ESSID, then to carrying
Association request is initiated for the AP of the virtual wireless network.From user equipment receive association request it
Afterwards, AP can be authenticated waiting processing, and in certification after, AP can be related to user equipment
Connection, so as to provide network access service by corresponding virtual wireless network for the user equipment.
For example, in fig. ib, user equipment 130B-1 can access wireless network 120B-1 and carry out net
Network is accessed, and user equipment 130B-2 and 130B-3 can access wireless network 120B-2 and carry out network visit
Ask, and user equipment 130B-4 can access wireless network 120B-3 and carry out network access.
Shown scene in fig. ib, it is assumed that in the absence of AP controllers, AP 110B and AP 110C
Between can be in communication with each other so that interaction various information related to communication process.
In another implementation, AP 110B and AP 110C can access the public network storage
Resource.The various information related to communication process can be stored in public by AP 110B and AP 110C
Network storage resource on, so as to realize the shared of information between AP 110B and AP 110C.
Fig. 1 C are the schematic diagrames of another example for the scene that can apply the embodiment of the present invention.For example, figure
Scene shown in 1C can be business network environment, industrial control condition or Training Environment etc..As schemed
Shown in 1C, the scene can include two AP, i.e. AP 110D and AP 110E.AP 110D and
AP 110E may be coupled to wired backbone (not shown), so as to provide network access
Service.
In fig. 1 c, it is still assumed that AP 110D and AP 110E can be configured to supply three void
Intend wireless network 120C-1,120C-2 and 120C-3.As shown in Figure 1 C, virtual wireless network 120C-2
Can jointly it be provided by AP 110D and AP 110E, virtual wireless network 120C-1 can be by AP 110D
There is provided, and virtual wireless network 120C-3 can be provided by AP 110E.Wherein, these three virtual nothings
Gauze network can have different ESSID respectively.
User equipment can select corresponding virtual wireless network to be accessed according to ESSID.For example,
In fig. 1 c, user equipment 130C-1 may be coupled to wireless network 120C-1, user equipment 130C-2
Wireless network 120C-2 is may be coupled to 130C-3, and user equipment 130C-4 may be coupled to nothing
Gauze network 120C-3.
From unlike Figure 1B scene, AP controllers can also be included in the scene shown in Fig. 1 C
140.AP controllers 140 can be managed to AP 110D and AP 110E.In this case,
Disposal ability (for example, certification etc.) to association request can realize by AP controllers 140, and
APAP 110D and AP 110E can need not possess such ability in itself.For example, user equipment
130C-1 can be by this to the AP 110D for the providing virtual wireless network 120C-1 association requests initiated
AP is transmitted to AP controllers 140.Then, 140 pairs of association requests of AP controllers are authenticated
Processing, is associated in certification by rear allowance user equipment 130C-1 with AP 110D, so that should
User equipment access of virtual wireless network 120C-1.
Further, since there is AP controllers 140, can be without phase between AP 110D and AP 110E
Mutual communication.AP 110D and AP 110E can report the information relevant with communication process AP controls
Device 140 processed, so as to be uniformly processed by AP controllers 140.
It should be appreciated that the AP quantity and its branch that are shown in above-mentioned Figure 1A, Figure 1B and Fig. 1 C
It is only exemplary to hold the quantity of virtual wireless network and the quantity of user equipment.The embodiment of the present invention
In, there may be more or less AP, AP controller, virtual wireless network and users and set
It is standby.
For purposes such as safety, it may be necessary to control access of the specific user to wireless network.For example,
Assuming that the scene shown in Figure 1A is home network environment, user equipment 130A-1 can be made by child
With, and user equipment 130A-2 can be used by father and mother.Father and mother may want to control child to family
The use of wireless network, for example, when father and mother wish that father and mother are on the scene, child could use user equipment
130A-1 carries out network access.Accordingly, it would be desirable to control user equipment 130A-1 to the family wireless network
Access.
For another example the scene shown in hypothesis Figure 1B is business network environment, wireless network 120B-1,
One or two in 120B-2 and 120B-3 can be used by enterprise staff, and remaining wireless network
It can be used by visitor.Such as, wireless network 120B-2 can be used by enterprise staff, and wireless network
Network 120B-1 and 120B-3 can be used by visitor.Or, wireless network 120B-2 and 120B-3
It can be used by enterprise staff, and wireless network 120B-1 can be used by visitor.It is equally possible for
The purposes such as safety, it is desirable to control access of the visitor to enterprise wireless networks.Such as, it is necessary to control visitor
Access of the user equipment 130B-1 to wireless network 120B-1.
For another example assume that the scene shown in Fig. 1 C is industrial control condition, wherein wireless network 120C-2
For connecting each production equipment 130C-2 and 130C-3, and wireless network 120C-1 and 120C-3 can
To be used by senior personnel or supervisor.Now, it may be desirable in senior personnel or superintendent
Member is in the case of field, between allowance production equipment 130C-2 and 130C-3 and wireless network 120C-2
Connection, allow for common operating personnel and these production equipments operated.
For another example assume that the scene shown in Fig. 1 C is Training Environment, wherein, wireless network 120C-2
It can be used with 120C-3 by student, and wireless network 120B-1 can be by instructing librarian use.Together
Sample may be for purposes such as safety, it is desirable to instructing personnel in the case of field, student could use nothing
Gauze network 120C-2 or 120C-3, or and then using being connected to wireless network 120C-2 or 120C-3
Any one into 130C-4 of equipment 130C-2.
So, for these above-mentioned problems, the embodiments of the invention provide effective solution.
Hereinafter, Fig. 2 will be combined and the embodiment of the present invention is described in detail.
Fig. 2 is the signal according to an embodiment of the invention for being used to control the method for wireless network access
Property flow chart.Fig. 2 method can be performed by AP, can also by AP controllers (as described above,
If there is AP controllers) perform.For example, this method can be by the AP 110A in Figure 1A
Or AP controllers 140 in AP 110B, the AP 110C or Fig. 1 C in Figure 1B are performed.
As shown in Fig. 2 in step 210, the related information of at least one second wireless network is obtained,
The related information is used for the user equipment for indicating to be currently connected at least one second wireless network.
In a step 220, based on the related information, it is determined whether meet control condition, the control
Condition includes specifying user equipment to have been coupled at least one second wireless network.
In step 230, based on whether meeting the determination result of the control condition, control first is used
Connection between family equipment and the first wireless network.
Herein, the first wireless network and at least one second wireless network can be AP supported it is virtual
Wireless network.First wireless network and at least one second wireless network can be provided by identical AP,
It can also be provided respectively by different AP.In first wireless network and at least one second wireless network
Each wireless network can be provided by one or more AP.For example, the first wireless network can be by
The network of single AP offers or the network provided jointly by multiple AP;Each second is wireless
Network can be the network provided jointly by the single AP networks provided or by multiple AP.
The embodiment of the present invention is not construed as limiting to this.In addition, the first wireless network and at least one second wireless network
Network may belong to same physical network, can also belong to different physical networks.
In above-mentioned steps 210, obtaining the related information of at least one second wireless network can pass through
Various ways are realized.
In one implementation, in step 210, it can be read from common storage resource by described
The related information of at least one second wireless network storage.The common storage resource is the first wireless network
It can be accessed jointly with least one second wireless network.For example there is provided the AP of second wireless network
Its related information can be stored in common storage resource, so there is provided the AP of the first wireless network just
The user equipment for being currently connected at least one second wireless network can be known.In another implementation
In, above-mentioned related information can be received from least one second wireless network.The related information can
To be to be received in advance from least one second wireless network, for example, before step 210, AP controls
The AP of the first wireless network of device processed or offer can be received from least one second wireless network to be associated
The related information, is then stored in locally by information.So, the is accessed in the first user equipment requests
During one wireless network, the AP of the first wireless network of AP controllers or offer can be somebody's turn to do from local read
Related information.In addition, the related information can also be need judge whether to meet control condition when from
What at least one second wireless network was received.
In step 230, the connection between the first user equipment of control and the first wireless network can be wrapped
Include the connection between the first user equipment of allowance and the first wireless network, or the first user equipment of refusal
With the connection between the first wireless network.
In one implementation, the connection permitted between the first user equipment and the first wireless network can
With including at least one in the following:Activate the first wireless network;Or enable the first wireless network
The white list (Whitelist) of network, white list includes the first user equipment, wherein included by white list
User equipment has access rights to the first wireless network.Visited for example, can include to have in white list
Ask the user equipment of authority medium access control identifier (Media Access Control Identifier,
MAC ID).So, the first user equipment just can be determined by the MAC ID of the first user equipment
Whether in the white list of the first wireless network.
In another implementation, the connection between the first user equipment of refusal and the first wireless network can
With including at least one in the following:Deactivate the first wireless network;Or to enable first wireless
The blacklist (Blacklist) of network, wherein blacklist include the first user equipment, wherein, blacklist
Included user equipment does not have access rights to the first wireless network.For example, blacklist can be wrapped
Include the MAC ID of the user equipment without access rights.
In some cases, this mode of the wireless network of activation/deactivation first compared to enable white list/
It is easier to realize for the mode of blacklist.Because, the setting of white list/blacklist may need
It is known a priori by the MAC ID of user equipment.However, the feelings for there may be potentially large number of user equipment
Under condition, it is difficult to obtain its MAC ID.
In addition, it is to be understood that whether meeting determination result and the first user of control of control condition
The relation for the operation being connected between equipment and the first wireless network can be set according to actual conditions.
For example, in the case of it is determined that meeting control condition, can permit or refuse the first user equipment with
Connection between first wireless network;In the case of it is determined that being unsatisfactory for control condition, can permit or
Person refuses the connection between the first user equipment and the first wireless network.The embodiment of the present invention to this not
Limit.
Thus, it will also be appreciated that above-mentioned rate-determining steps can be expressed simply as:If<Control
Condition>Meet, then perform<Control operation>.Wherein, control operation can include in the following
At least one of:Activate the first wireless network;Deactivate the first wireless network;Enable the first wireless network
White list;Enable the blacklist of the first wireless network.
Wherein, control condition can be set in advance according to actual needs, and can be stored in
On AP or AP controllers.The condition is it can be appreciated that specify user equipment with providing at least
The AP associations of one second wireless network.Herein, one can be more than or equal to by specifying the quantity of user equipment.
The control condition can essentially be interpreted as including one or more sub- conditions.Every sub- condition can
To be expressed as " group of user equipments is associated with AP groups ".Group of user equipments can be a user equipment,
Can also be by with the logical relation such as (AND) or (OR), XOR (XOR), non-(NOT)
Multiple user equipmenies of definition.AP groups single AP or can be specified by a certain specific ESSID
One group of AP or by its respective MAC ID one group of AP specified etc..In addition, many sub- conditions
Between relation can be with or, XOR, the logical relation such as non-.
In addition, the first wireless network can between second wireless network Compliance control condition.Namely
Say, can be with Compliance control condition, so as to realize desired system action between each AP.
From the above, it can be seen that because control condition and control operation can be flexible according to the actual requirements
Ground is set, therefore, it is possible to neatly realize NS software purpose.
In order to help those skilled in the art to more fully understand the embodiment of the present invention, below in conjunction with Figure 1A
Example be described in detail the implementation process of the embodiment of the present invention.
Assuming that the scene shown in Figure 1A is home network environment.The wireless network that AP 110A are provided
There is 120A-2 ESSID " master network ", wireless network 120A-1 to have ESSID " child's network ".
Different WPA passwords can be respectively configured for the two networks.In this scenario, it is assumed that father and mother make
With user equipment 130A-2 or 130A-3, and child uses user equipment 130A-1.Wherein, father
Female user equipment 130A-2 or 130A-3 acquiescence is connected to " master network ".
Assuming that control condition is redefined in the user equipment 130A-2 and 130A-3 of father and mother extremely
Few one is connected to wireless network 120A-2, and presets when control condition is met, and permits child
The user equipment 130A-1 of son is connected to " child's network ".For example, the relation can be expressed as:Such as
Really<User equipment 130A-2 MAC ID>Or<User equipment 130A-3 MAC ID>Association
To " master network ", then " child's network " is activated.
So, when it is determined that at least one in user equipment 130A-2 or 130A-3 has been coupled to
When " master network ", it can activate " child's network ".Now, child can be by inputting " child's net
The WPA passwords of network " so that its user equipment 130A-1 accesses " child's network ".
It can thus be seen that when wherein people's father and mother is in, " child's network " will be it is movable, from
And provide network access service for the user equipment 130A-1 of child.If however, father and mother are away from house
The coverage of front yard network, that is to say, that user equipment 130A-2 and 130A-3 are not connected to
When " master network ", " child's network " will be deactivated.Now " master network " is still activity.And
During once at least people return in father and mother is got home, " child's network " will be activated again, thus child
" child's network " can be used again by user equipment 130A-1.
It can be seen that, by the technical scheme, it can simply and efficiently realize that father and mother use family to child
Network-based control, so as to prevent the network access of non-administrated.
For another example assume that the scene shown in Figure 1B is business network environment, wherein, wireless network 120B-2
It can be used by enterprise staff, and wireless network 120B-1 and 120B-3 can be used by visitor.Control
The user equipment 130B-2 and 130B-2 that condition processed can be set to employee are connected to wireless network
120B-2, and assume when meeting control condition, the user equipment for permitting visitor is connected to the first nothing
Gauze network.So, when the user equipment 130B-1 of visitor accesses wireless network 120B-1, or
When the user equipment 130B-4 of visitor accesses wireless network 120B-3, enterprise staff can enter to this
Row supervision.
For another example under Training Environment, using technical scheme provided in an embodiment of the present invention, can make
Obtain student and carry out wireless network access under in the case that teacher or instructor are in field to the environment;
In the environment of plant, it can to permit production equipment and wireless network in the case of field in overseer
Connect, thus operating personnel can operate in the case where overseer supervises to production equipment;Deng
Deng.
By foregoing description as can be seen that the embodiments of the invention provide a kind of new NS software
Scheme, compared with being related to the authentication mode of password in the prior art, can be more flexible and more has
Prevent to effect the network access do not supervised.In addition, the technical scheme that is provided of the embodiment of the present invention without
Additional modifications need to be carried out to the network hardware, it is not required that the extra network equipment of increase, therefore cost is low
And easily realize.
Referring now to Fig. 3, it is according to an embodiment of the invention for controlling wireless network access
The schematic diagram of device.Device 300 shown in Fig. 3 can utilize software, hardware (such as integrated circuit
Or DSP etc.) or the mode of software and hardware combining realize.One example of Fig. 3 device 300 can be with
It is AP 110B, the AP 110C or Fig. 1 C in the AP 110A or Figure 1B in above-mentioned Figure 1A
In AP controllers 140.
As shown in figure 3, device 300 includes acquisition module 310, judge module 320 and control module
330.Acquisition module 310 is used for the related information for obtaining at least one second wireless network, related information
The user equipment of at least one second wireless network is currently connected to for instruction.Judge module 320 is used
In based on related information, it is determined whether meet control condition, control condition includes having specified user equipment
Through being connected at least one second wireless network.Control module 330 is used to close based on judge module 320
In whether meeting the determination result of control condition, between the first user equipment of control and the first wireless network
Connection.
In one implementation, acquisition module 310 be further used for from common storage resource read by
The related information of at least one second wireless network storage.
In another implementation, acquisition module 310 is further used for obtaining related information, wherein closing
Connection information is received from least one second wireless network.
In another implementation, control module 330 is further used for permitting the first user equipment and the
Connection between one wireless network;Or the company between the first user equipment of refusal and the first wireless network
Connect.
In another implementation, in order to permit the company between the first user equipment and the first wireless network
Connect, control module 330 is further used for performing at least one in the following operation:Activation first
Wireless network;Or the white list of the first wireless network is enabled, white list includes the first user equipment,
User equipment wherein included by white list has access rights to the first wireless network.
In another implementation, in order to refuse the company between the first user equipment and the first wireless network
Connect, control module 330 is further used for performing at least one in the following operation:Deactivate the
One wireless network;Or the blacklist of the first wireless network is enabled, wherein blacklist includes the first user
Equipment, wherein, the user equipment included by blacklist does not have access rights to the first wireless network.
Referring now to Fig. 4, it is according to an embodiment of the invention for controlling wireless network access
The schematic diagram of device.As shown in figure 4, device 400 can include being used to store depositing for executable instruction
Reservoir 410 and the processor 420 being connected with memory 410, wherein, before processor 420 can be performed
State the operation performed by the modules of device 300.
The embodiment of the present invention also provides a kind of machine readable media, and executable instruction is stored thereon, when this
When executable instruction is performed so that machine realizes the operation of processor 420.
Detailed displaying and explanation have been carried out to the present invention above by accompanying drawing and preferred embodiment, but originally
Invention is not limited to these embodiments having revealed that, other sides that those skilled in the art therefrom derive
Case is also within protection scope of the present invention.
Claims (14)
1. a kind of method for controlling wireless network access, including:
The related information of at least one second wireless network is obtained, the related information is used to indicate currently
It is connected to the user equipment of at least one second wireless network;
Based on the related information, it is determined whether meet control condition, the control condition includes specifying
User equipment has been coupled at least one described second wireless network;And
Based on whether the determination result of the control condition is met, the first user equipment of control and the first nothing
Connection between gauze network.
2. according to the method described in claim 1, wherein, at least one second nothing described in the acquisition
The related information of gauze network includes:
The association stored by least one described second wireless network is read from common storage resource to believe
Breath.
3. according to the method described in claim 1, wherein, at least one second nothing described in the acquisition
The related information of gauze network includes:
The related information is obtained, wherein the related information is from least one described second wireless network
What network was received.
4. according to the method in any one of claims 1 to 3, wherein, the control described the
Connection between one user equipment and first wireless network includes:
Permit the connection between first user equipment and first wireless network;Or
Refuse the connection between first user equipment and first wireless network.
5. method according to claim 4, wherein, it is described permit first user equipment with
Connection between first wireless network includes at least one in the following operation:
Activate first wireless network;Or
The white list of first wireless network is enabled, the white list includes first user equipment,
User equipment included by wherein described white list has access rights to first wireless network.
6. method according to claim 4, wherein, refusal first user equipment with
Connection between first wireless network includes at least one in the following operation:
Deactivate first wireless network;Or
The blacklist of first wireless network is enabled, wherein the blacklist includes first user
Equipment, wherein, the user equipment included by the blacklist is to first wireless network without visit
Ask authority.
7. a kind of device for being used to control wireless network access, including:
Acquisition module, the related information for obtaining at least one second wireless network, the association letter
Cease the user equipment that at least one second wireless network is currently connected to for instruction;
Judge module, for based on the related information, it is determined whether meet control condition, the control
Condition processed includes specifying user equipment to have been coupled at least one described second wireless network;And
Control module, for based on the judge module about whether the determination for meeting the control condition
As a result, the connection between the first user equipment of control and the first wireless network.
8. device according to claim 7, wherein, the acquisition module is further used for:
The association stored by least one described second wireless network is read from common storage resource to believe
Breath.
9. device according to claim 7, wherein, the acquisition module is further used for:
The related information is obtained, wherein the related information is from least one described second wireless network
What network was received.
10. the device according to any one of claim 7 to 9, wherein, the control module
It is further used for:
Permit the connection between first user equipment and first wireless network;Or
Refuse the connection between first user equipment and first wireless network.
11. device according to claim 10, wherein, for permitting first user equipment
The control module being connected between first wireless network is further used for performing the following
At least one of in operation:
Activate first wireless network;Or
The white list of first wireless network is enabled, the white list includes first user equipment,
User equipment included by wherein described white list has access rights to first wireless network.
12. device according to claim 10, wherein, for refusing first user equipment
The control module being connected between first wireless network is further used for performing the following
At least one of in operation:
Deactivate first wireless network;Or
The blacklist of first wireless network is enabled, wherein the blacklist includes first user
Equipment, wherein, the user equipment included by the blacklist is to first wireless network without visit
Ask authority.
13. a kind of device for being used to control wireless network access, including:
Memory;And
Processor, for the operation included by perform claim requirement any one of 1 to 6.
14. a kind of machine readable media, is stored thereon with executable instruction, when the executable instruction
When being performed so that the operation included by machine perform claim requirement any one of 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610262789.7A CN107306267B (en) | 2016-04-25 | 2016-04-25 | Method and apparatus for controlling wireless network access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610262789.7A CN107306267B (en) | 2016-04-25 | 2016-04-25 | Method and apparatus for controlling wireless network access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107306267A true CN107306267A (en) | 2017-10-31 |
| CN107306267B CN107306267B (en) | 2021-07-09 |
Family
ID=60150444
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610262789.7A Active CN107306267B (en) | 2016-04-25 | 2016-04-25 | Method and apparatus for controlling wireless network access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107306267B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515868A (en) * | 2009-03-31 | 2009-08-26 | 华为技术有限公司 | Network privilege management method, device and system |
| EP2109286A1 (en) * | 2008-03-28 | 2009-10-14 | Huveur Technologies Ins. | Multimedia display device with dual wireless modules |
| CN104640175A (en) * | 2015-02-12 | 2015-05-20 | 成都西加云杉科技有限公司 | Method and device for accessing to wireless network |
| CN104639522A (en) * | 2013-11-15 | 2015-05-20 | 华为终端有限公司 | Network access control method and device |
| CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
| CN105100207A (en) * | 2015-06-18 | 2015-11-25 | 深圳市美贝壳科技有限公司 | Method and system for intelligently controlling child for getting online by parents |
| CN105100010A (en) * | 2014-05-14 | 2015-11-25 | 青岛海尔智能家电科技有限公司 | Network access method and respective devices |
| US9204470B2 (en) * | 2012-08-30 | 2015-12-01 | Lite-On Electronics (Guangzhou) Limited | Method for a wireless target device to automatically connect to a target network, wireless network system with automatic network setting ability, and wireless target device thereof |
| CN105491406A (en) * | 2015-11-18 | 2016-04-13 | 北京智享科技有限公司 | Video sharing device, method, system and portable device |
| CN105516972A (en) * | 2015-12-17 | 2016-04-20 | 小米科技有限责任公司 | Network connection method and device |
-
2016
- 2016-04-25 CN CN201610262789.7A patent/CN107306267B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2109286A1 (en) * | 2008-03-28 | 2009-10-14 | Huveur Technologies Ins. | Multimedia display device with dual wireless modules |
| CN101515868A (en) * | 2009-03-31 | 2009-08-26 | 华为技术有限公司 | Network privilege management method, device and system |
| US9204470B2 (en) * | 2012-08-30 | 2015-12-01 | Lite-On Electronics (Guangzhou) Limited | Method for a wireless target device to automatically connect to a target network, wireless network system with automatic network setting ability, and wireless target device thereof |
| CN104639522A (en) * | 2013-11-15 | 2015-05-20 | 华为终端有限公司 | Network access control method and device |
| CN105100010A (en) * | 2014-05-14 | 2015-11-25 | 青岛海尔智能家电科技有限公司 | Network access method and respective devices |
| CN104640175A (en) * | 2015-02-12 | 2015-05-20 | 成都西加云杉科技有限公司 | Method and device for accessing to wireless network |
| CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
| CN105100207A (en) * | 2015-06-18 | 2015-11-25 | 深圳市美贝壳科技有限公司 | Method and system for intelligently controlling child for getting online by parents |
| CN105491406A (en) * | 2015-11-18 | 2016-04-13 | 北京智享科技有限公司 | Video sharing device, method, system and portable device |
| CN105516972A (en) * | 2015-12-17 | 2016-04-20 | 小米科技有限责任公司 | Network connection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107306267B (en) | 2021-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101760229B1 (en) | Establishing a device-to-device communication session | |
| CN104270758B (en) | The method for connecting and authorizing is established by WIFI and server security | |
| EP3357170B1 (en) | Method for controlling access to an in-vehicle wireless network | |
| US9071968B2 (en) | Method, apparatus, and system for centralized 802.1X authentication in wireless local area network | |
| CN104144463B (en) | Wi Fi method for network access and system | |
| US10952036B2 (en) | Method for regrouping multiple groups and device | |
| EP2846586B1 (en) | A method of accessing a network securely from a personal device, a corporate server and an access point | |
| KR20210042241A (en) | Device access control method and apparatus for internet of things | |
| JP2012054918A (en) | Wi-fi access method, access point and wi-fi access system | |
| JP2016530733A (en) | Secure discovery for proximity-based service communication | |
| CN104468565B (en) | The login method and system of Wi-Fi hotspot | |
| EP2408140B1 (en) | Method, control point, apparatus and communication system for configuring access right | |
| CN104247486A (en) | Establishing connectivity between an enterprise security perimeter of a device and an enterprise | |
| CN103442338B (en) | The construction method and device of temporary social network | |
| CN108990063A (en) | Communication system, network and user equipment and its communication means | |
| CN110798459B (en) | Multi-safety-node linkage defense method based on safety function virtualization | |
| CN102348206A (en) | Secret key insulating method and device | |
| CN105814924A (en) | Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network | |
| CN106792684A (en) | The wireless network secure guard system and means of defence of a kind of multiple-protection | |
| CN104012130B (en) | Communication security processing method and processing device | |
| KR101324056B1 (en) | Method and system for switching station in centralized wlan when wpi is performed by access controller | |
| US20230354037A1 (en) | Methods and systems for identifying ausf and accessing related keys in 5g prose | |
| CN100527894C (en) | Secure roaming between wireless access points | |
| TWI685267B (en) | Method and equipment for access control | |
| CN108810892A (en) | A kind of wireless network management method, smart machine and router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |