Disclosure of Invention
The technical problem to be solved by the invention is to provide a method and a device for network access verification, which improve the security and the usability of a router and facilitate the management of the internet access behavior of a visitor terminal.
The invention adopts the technical scheme that a network access verification method is applied to a router and comprises the following steps:
receiving access authentication information sent by an access terminal, wherein the access authentication information is generated according to a face image of an access terminal user when the access terminal is registered in a network;
and performing network access verification on the access terminal based on the network access verification information, and if the verification is successful, allowing the access terminal to access the network of the router.
Optionally, when the access terminal is a router management terminal, before receiving the network access authentication information sent by the access terminal, the method further includes:
the router management terminal is registered in a network, and a face image of a management terminal user sent by the router management terminal is received;
according to the face image of the management terminal user, calculating the network access verification information of the router management terminal according to a set algorithm;
and storing the network access authentication information of the router management terminal, and sending the network access authentication information of the router management terminal to the router management terminal.
Optionally, when the access terminal is a guest terminal, before receiving the network access authentication information sent by the access terminal, the method further includes:
the method comprises the steps of performing network access registration on a visitor terminal, and receiving a face image of a visitor terminal user sent by the visitor terminal;
sending the face image of the visitor terminal user to a router management terminal so that the router management terminal can perform identity authentication on the visitor terminal according to the face image of the visitor terminal user;
when receiving the identity authentication success information sent by the router management terminal, calculating the network access verification information of the visitor terminal according to the face image of the visitor terminal user and a set algorithm;
and storing the access verification information of the visitor terminal and sending the access verification information of the visitor terminal to the visitor terminal.
Optionally, sending the face image of the user at the visitor terminal to the router management terminal includes:
judging whether the router management terminal is currently accessed to a network of the router;
if so, sending the face image of the visitor terminal user to the router management terminal;
and if not, sending the face image of the visitor terminal user to an external server, so that the external server sends the face image of the visitor terminal user to the router management terminal.
Optionally, when the access terminal is a guest terminal, the method further includes:
and sending an alarm message to the router management terminal under the condition that the access terminal fails to perform network access verification.
The invention also provides a device for network access verification, which is applied to a router and comprises:
the access terminal comprises a receiving module and a processing module, wherein the receiving module is used for receiving access authentication information sent by the access terminal, and the access authentication information is generated according to a face image of an access terminal user when the access terminal is registered in an access network;
and the verification module is used for performing network access verification on the access terminal based on the network access verification information, and if the verification is successful, allowing the access terminal to access the network of the router.
Optionally, the apparatus further comprises:
the manager registration module is used for performing network access registration on the router management terminal and receiving the face image of the management terminal user sent by the router management terminal; according to the face image of the management terminal user, calculating the network access verification information of the router management terminal according to a set algorithm; and storing the network access authentication information of the router management terminal, and sending the network access authentication information of the router management terminal to the router management terminal.
Optionally, the apparatus further comprises:
the visitor registration module is used for performing network access registration on the visitor terminal and receiving a face image of a visitor terminal user sent by the visitor terminal; sending the face image of the visitor terminal user to a router management terminal so that the router management terminal can perform identity authentication on the visitor terminal according to the face image of the visitor terminal user; when receiving the identity authentication success information sent by the router management terminal, calculating the network access verification information of the visitor terminal according to the face image of the visitor terminal user and a set algorithm; and storing the access verification information of the visitor terminal and sending the access verification information of the visitor terminal to the visitor terminal.
Optionally, the visitor registration module is specifically configured to:
judging whether the router management terminal is currently accessed to a network of the router; if so, sending the face image of the visitor terminal user to the router management terminal; and if not, sending the face image of the visitor terminal user to an external server, so that the external server sends the face image of the visitor terminal user to the router management terminal.
Optionally, the apparatus further comprises:
and the alarm module is used for sending an alarm message to the router management terminal under the condition that the access terminal fails to perform network access verification.
By adopting the technical scheme, the invention at least has the following advantages:
the network access authentication method and device provided by the invention adopt the face recognition technology, and form the network access authentication information for replacing the traditional password according to the face image of the user, and compared with the traditional password authentication mode, the authentication mode provided by the invention is more difficult to solve. When a common visitor is connected with the router, the permission of a manager of the router needs to be obtained; when an illegal visitor accesses the router, the manager of the router is informed, so that the safety of the access visitor is ensured. Corresponding to the traditional mode of setting the router, the mode of setting the router is simple, the user does not need to have professional knowledge, and the method is easy to operate and convenient to manage.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the intended purpose, the present invention will be described in detail with reference to the accompanying drawings and preferred embodiments.
A first embodiment of the present invention provides a method for network access authentication, as shown in fig. 2, which specifically includes the following steps:
step S201: and receiving access authentication information sent by the access terminal, wherein the access authentication information is generated by the access terminal according to a face image of an access terminal user during access registration.
Wherein, the access terminal includes: a router management terminal and a visitor terminal; the router management terminal is used for managing the internet access behavior of the visitor terminal.
Specifically, when the access terminal is a router management terminal, before receiving the network access authentication information sent by the access terminal, the method further includes:
step A1: the router management terminal is registered in a network, and a face image of a management terminal user sent by the router management terminal is received; the face image of the management terminal user is acquired through a camera of the management terminal;
step A2: according to the face image of the management terminal user, calculating the network access verification information of the router management terminal according to a set algorithm;
step A3: and storing the network access authentication information of the router management terminal, and sending the network access authentication information of the router management terminal to the router management terminal.
When the router management terminal is connected with the network of the router for the first time, the face image of a management terminal user is obtained through the camera of the management terminal. The router generates network access verification information according to the face image of the management terminal user, and stores the network access verification information into the router and the router management terminal. When the router management terminal is connected with the network of the router again, the router management terminal only needs to send the network access verification information to the router, and the router carries out network access verification according to the network access verification information.
Further, when the access terminal is a visitor terminal, before receiving the network access authentication information sent by the access terminal, the method further includes:
step B1: the method comprises the steps of performing network access registration on a visitor terminal, and receiving a face image of a visitor terminal user sent by the visitor terminal; the method comprises the steps that a face image of a user of a visitor terminal is acquired through a camera of the visitor terminal;
step B2: sending the face image of the visitor terminal user to a router management terminal so that the router management terminal can perform identity authentication on the visitor terminal according to the face image of the visitor terminal user;
step B3: when receiving the identity authentication success information sent by the router management terminal, calculating the network access verification information of the visitor terminal according to the face image of the visitor terminal user and a set algorithm;
step B4: and storing the access verification information of the visitor terminal and sending the access verification information of the visitor terminal to the visitor terminal.
When the visitor terminal is connected with the network of the router for the first time, the face image of the user of the visitor terminal is obtained through the camera of the visitor terminal. And the router sends the face image of the visitor terminal user to the router management terminal. And the router management terminal judges whether the visitor terminal is a trustable user terminal or not according to the face image of the user of the guest terminal, and if so, the router calculates and generates network access verification information according to the face image of the user of the guest terminal. And storing the network access authentication information into the router and the management terminal. When the visitor terminal is connected with the network of the router again, the visitor terminal only needs to send the access verification information to the router, and the router carries out access verification according to the access verification information.
Further, the sending the face image of the visitor terminal user to the router management terminal includes:
judging whether the router management terminal is currently accessed to a network of the router;
if so, sending the face image of the visitor terminal user to the router management terminal;
and if not, sending the face image of the visitor terminal user to an external server, so that the external server sends the face image of the visitor terminal user to the router management terminal.
Step S202: and performing network access verification on the access terminal based on the network access verification information, and if the verification is successful, allowing the access terminal to access the network of the router.
Specifically, when the access terminal is a visitor terminal, the method further includes:
and sending an alarm message to the router management terminal under the condition that the access terminal fails to perform network access verification.
A second embodiment of the present invention is a method for network access authentication, which is applied between a visitor terminal, a management terminal, a router, an external server, and the internet.
The visitor is connected with the Internet through the visitor terminal, and the visitor terminal is a terminal for realizing connection with the router to surf the Internet.
And the manager manages the router through the management terminal. The management terminal is provided with a manager APP for managing the router, and the manager manages the router, performs access authorization on the visitor terminal and checks the state of the router through the manager APP.
A router is a device used to connect to the internet.
And the external server is used for forwarding the network access request of the visitor terminal and the access permission of the management terminal when the management terminal is not in the service range of the router.
When the administrator uses the router for the first time, the administrator needs to perform internet access setting on the router, as shown in fig. 3, which is a schematic diagram of the administrator performing internet access setting through the management terminal. When the administrator sets the internet through the management terminal, the face portrait of the administrator needs to be acquired. After the internet surfing setting is successful, a manager APP is installed on the management terminal, and the number of the online people currently accessing the Internet can be displayed through the manager APP.
As shown in fig. 4, the internet access setting specifically includes the following steps:
step S401: and the manager enters an internet surfing setting page through the management terminal.
As in the prior art, the administrator may enter the Internet settings page via the web site http:// 192.168.1.1.
Step S402: and acquiring a face image of a manager through a camera of the management terminal.
When the manager enters the internet access setting page, the face image information of the manager is required to be input.
Step S403: judging whether the face image of the manager meets the set requirements, if so, executing a step S404; if not, the process is ended.
The setting requirements include: whether the face image is clear and complete.
Step S404: and the management terminal sends the face image of the manager to the router.
Step S405: the router calculates the face recognition code of the manager according to the face image of the manager and a set algorithm, and sends the face recognition code to the management terminal.
The administrator face identification code in this embodiment is equivalent to the administrator network access information in the first embodiment.
Step S406: the router acquires the MAC address information and the IMEI information of the management terminal from the management terminal.
Step S407: the manager inputs the broadband account number to carry out dial-up connection.
Step S408; the router judges whether the dial-up on the internet is successful, if so, the step S409 is executed; if not, the process is ended.
Step S409: and the router sends the MAC address information, the IMEI information and the face identification code of the manager of the management terminal to an external server.
Specifically, after the administrator successfully sets the internet access, the management terminal, the router, and the external server store: MAC address information, IMEI information and manager face identification code of the management terminal.
Further, when the administrator accesses the internet again, as shown in fig. 5, the internet is accessed according to the following steps:
step S501: and the management terminal sends the network access request information to the router. Wherein, the network access request information comprises: MAC address information, IMEI information and manager face identification code of the management terminal.
Step S502: the router verifies the network access request information, if the verification is successful, step S503 is executed, and if not, the process is ended.
Step S503: the router allows the management terminal to access the internet.
A third embodiment of the present invention is a method for network access authentication, which is applied between a visitor terminal, a management terminal, a router, an external server, and the internet.
When the visitor accesses the router for the first time, identity authentication needs to be carried out on the visitor, and the router carries out identity authentication on the visitor and comprises the following two scenes:
the first method comprises the following steps: the management terminal is in the service range of the router, namely the management terminal is currently accessed to the router.
And the second method comprises the following steps: the pipe terminal is not in the service range of the router, namely the management terminal is not accessed to the router currently.
Fig. 6 is a schematic diagram illustrating that in the first scenario, the router authenticates the visitor. The router forwards the received network access request of the visitor to the management terminal, the management terminal authenticates the identity of the visitor, if the authentication is successful, the visitor is allowed to access the network through the router, and if the authentication is failed, the visitor is not allowed to access the router.
As shown in fig. 7, in the first scenario, the process of the router authenticating the identity of the visitor specifically includes the following steps:
step S701: the visitor requests access to the router through the visitor terminal.
Step S702: and acquiring a face image of the visitor through a camera of the visitor terminal.
Step S703: the router verifies whether the face image of the visitor meets the set requirements, and if so, the step S704 is executed; if not, the process is ended.
Step S704: the router sends the face image of the visitor to the management terminal.
Specifically, the router sends the face image of the visitor to the management terminal according to the stored MAC address information of the management terminal.
Step S705: and the manager judges whether the visitor terminal is allowed to access the router or not according to the face information of the visitor, if so, the step S706 is executed, and if not, the process is ended.
The manager can check the face information of the visitor through the management terminal, so that whether the visitor is a trusted visitor is judged, and the judgment result is fed back to the router.
Step S706: the router generates a visitor face identification code according to the face information of the visitor and sends the visitor face identification code to the visitor terminal.
The visitor identification code in this embodiment is equivalent to the visitor network entry information in the first embodiment.
Step S707: and the router acquires the MAC address information and the IMEI information of the visitor terminal.
Step S708: and the router sends the MAC address information, IMEI information and the face identification code of the visitor to an external server.
Further, when the visitor accesses the internet again, as shown in fig. 8, the visitor accesses the internet according to the following steps:
step S801: and the visitor terminal sends the network access request information to the router. Wherein, the network access request information comprises: MAC address information, IMEI information and visitor face identification code of visitor's terminal.
Step S802: the router verifies the network access request information, if the verification is successful, step S803 is executed, and if the verification is failed, the process is ended.
In case of a failure in authentication, the router sends a warning message to the management terminal to alert the manager.
Step S803: the router allows the guest terminal to access the internet and transmits guest access information to the management terminal. The visitor access information includes: the visitor terminal comprises a face image, MAC address information and IMEI information, wherein the face image is input by the visitor when the visitor first accesses the network.
The manager judges whether the visitor accessing the network is legal by checking the visitor access information so as to take corresponding measures when the manager finds that the illegal visitor accesses the network.
Fig. 9 is a schematic diagram illustrating the identity authentication of the visitor by the device in the second scenario. The router forwards the received network access request of the visitor to an external server, the external server sends the network access request to the management terminal, the management terminal performs identity authentication on the visitor, if the authentication is successful, the visitor is allowed to access the network through the router, and if the authentication is failed, the visitor is not allowed to access the router.
As shown in fig. 10, in the second scenario, the process of the router authenticating the identity of the visitor specifically includes the following steps:
step S1001: the visitor requests access to the router through the visitor terminal.
Step S1002: and acquiring a face image of the visitor through a camera of the visitor terminal.
Step S1003: the router verifies whether the face image of the visitor meets the set requirement, and if so, the step S1004 is executed; if not, the process is ended.
Step S1004: the router transmits the face image of the visitor to an external server.
Step S1005: and the external server sends the face image of the visitor to the management terminal.
Specifically, the external server sends the face image of the visitor to the management terminal according to the stored MAC address information of the management terminal.
Step S1006: and the manager judges whether the visitor terminal is allowed to access the router or not according to the face information of the visitor, if so, step 1007 is executed, and if not, the process is ended.
Step S1007: the router generates a visitor face identification code according to the face information of the visitor and sends the visitor face identification code to the visitor terminal.
Step S1008: and the router acquires the MAC address information and the IMEI information of the visitor terminal.
Step S1009: and the router sends the MAC address information, IMEI information and the face identification code of the visitor to an external server.
Further, when the visitor accesses the internet again, as shown in fig. 11, the visitor accesses the internet according to the following steps:
step S1101: and the visitor terminal sends the network access request information to the router. Wherein, the network access request information comprises: MAC address information, IMEI information and visitor face identification code of visitor's terminal.
Step S1102: the router verifies the network access request information, if the verification is successful, step S1103 is executed, and if the verification is unsuccessful, the process is ended.
Step S1103: the router allows the management terminal to access the internet and transmit visitor access information to an external server. The visitor access information includes: the visitor terminal comprises a face image, MAC address information and IMEI information, wherein the face image is input by the visitor when the visitor first accesses the network.
Step S1104: and the external server sends the visitor access information to the management terminal.
The manager judges whether the visitor accessing the network is legal by checking the visitor access information so as to take corresponding measures when the manager finds that the illegal visitor accesses the network.
A fourth embodiment of the present invention provides a device for network access authentication, as shown in fig. 12, which specifically includes the following components:
1) the receiving module 1201 is configured to receive access authentication information sent by an access terminal, where the access authentication information is generated according to a face image of an access terminal user when the access terminal performs access registration.
Wherein, the access terminal includes: a router management terminal and a visitor terminal; the router management terminal is used for managing the internet access behavior of the visitor terminal.
Specifically, the device further comprises:
the manager registration module is used for performing network access registration on the router management terminal and receiving the face image of the management terminal user sent by the router management terminal; the face image of the management terminal user is acquired through a camera of the management terminal; according to the face image of the management terminal user, calculating the network access verification information of the router management terminal according to a set algorithm; and storing the network access authentication information of the router management terminal, and sending the network access authentication information of the router management terminal to the router management terminal.
When the router management terminal is connected with the network of the router for the first time, the face image of a management terminal user is obtained through the camera of the management terminal. The router generates network access verification information according to the face image of the management terminal user, and stores the network access verification information into the router and the router management terminal. When the router management terminal is connected with the network of the router again, the router management terminal only needs to send the network access verification information to the router, and the router carries out network access verification according to the network access verification information.
Further, the apparatus further comprises:
the visitor registration module is used for performing network access registration on the visitor terminal and receiving a face image of a visitor terminal user sent by the visitor terminal; the method comprises the steps that a face image of a user of a visitor terminal is acquired through a camera of the visitor terminal; sending the face image of the visitor terminal user to a router management terminal so that the router management terminal can perform identity authentication on the visitor terminal according to the face image of the visitor terminal user; when receiving the identity authentication success information sent by the router management terminal, calculating the network access verification information of the visitor terminal according to the face image of the visitor terminal user and a set algorithm; and storing the access verification information of the visitor terminal and sending the access verification information of the visitor terminal to the visitor terminal.
When the visitor terminal is connected with the network of the router for the first time, the face image of the user of the visitor terminal is obtained through the camera of the visitor terminal. And the router sends the face image of the visitor terminal user to the router management terminal. And the router management terminal judges whether the visitor terminal is a trustable user terminal or not according to the face image of the user of the guest terminal, and if so, the router calculates and generates network access verification information according to the face image of the user of the guest terminal. And storing the network access authentication information into the router and the management terminal. When the visitor terminal is connected with the network of the router again, the visitor terminal only needs to send the network access verification information to the router, and the router carries out network access verification according to the network access verification information.
Further, the visitor registration module is specifically configured to:
judging whether the router management terminal is currently accessed to a network of the router; if so, sending the face image of the visitor terminal user to the router management terminal; and if not, sending the face image of the visitor terminal user to an external server, so that the external server sends the face image of the visitor terminal user to the router management terminal.
2) And the verification module 1202 is configured to perform network access verification on the access terminal based on the network access verification information, and if the verification is successful, allow the access terminal to access the network of the router.
Specifically, the device further comprises:
and the alarm module is used for sending an alarm message to the router management terminal under the condition that the access terminal fails to perform network access verification.
The network access authentication method and device introduced in the embodiment of the invention adopt the face recognition technology, and form the network access authentication information for replacing the traditional password according to the face image of the user, and compared with the traditional password authentication mode, the authentication mode of the invention is more difficult to be solved. When a common visitor is connected with the router, the permission of a manager of the router needs to be obtained; when an illegal visitor accesses the router, the manager of the router is informed, so that the safety of the access visitor is ensured. Corresponding to the traditional mode of setting the router, the mode of setting the router is simple, the user does not need to have professional knowledge, and the method is easy to operate and convenient to manage.
While the invention has been described in connection with specific embodiments thereof, it is to be understood that it is intended by the appended drawings and description that the invention may be embodied in other specific forms without departing from the spirit or scope of the invention.