CN111770094B - Access control method of wireless network and related device - Google Patents
Access control method of wireless network and related device Download PDFInfo
- Publication number
- CN111770094B CN111770094B CN202010604665.9A CN202010604665A CN111770094B CN 111770094 B CN111770094 B CN 111770094B CN 202010604665 A CN202010604665 A CN 202010604665A CN 111770094 B CN111770094 B CN 111770094B
- Authority
- CN
- China
- Prior art keywords
- user equipment
- equipment
- distance
- preset
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The application provides an access control method and a related device of a wireless network, which are applied to customer premises equipment, wherein the customer premises equipment is used for converting a mobile signal into a wireless fidelity Wi-Fi signal so as to provide a preset Wi-Fi network; the distance between the user equipment and the client front-end equipment can be acquired in real time when the fact that the user equipment is accessed to the preset Wi-Fi network is detected; opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance; and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, and the use experience of the user is greatly improved.
Description
Technical Field
The present application relates to the field of wireless network communications technologies, and in particular, to an access control method for a wireless network and a related device.
Background
With the development of wireless network communication technology, a large number of users can access a wireless network through electronic equipment at any time and any place to acquire massive information. The existing Wireless Fidelity (Wi-Fi) network access method includes password verification access, near Field Communication (NFC) -based access, and Wi-Fi Protected Setup (WPS) -based access.
The existing Wi-Fi network access method is not convenient enough in access and influences user experience.
Disclosure of Invention
Based on the above problems, the present application provides an access control method for a wireless network and a related device, which can provide a Wi-Fi network without a password by combining with a client front-end device, and enable a user device to obtain a network access right within a certain distance. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, and the use experience of the user is greatly improved.
In a first aspect, an embodiment of the present application provides an access control method for a wireless network, which is applied to a client front-end device, where the client front-end device is configured to convert a mobile signal into a Wi-Fi signal to provide a preset Wi-Fi network; the method comprises the following steps:
when detecting that the user equipment is accessed to the preset Wi-Fi network, acquiring the distance between the user equipment and the client front equipment in real time;
opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance;
and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment.
In a second aspect, an embodiment of the present application provides an access control apparatus for a wireless network, which is applied to a client front-end device, where the client front-end device is configured to convert a mobile signal into a Wi-Fi signal to provide a preset Wi-Fi network; the device comprises:
the distance determining unit is used for acquiring the distance between the user equipment and the client front equipment in real time when the user equipment is detected to be accessed to the preset Wi-Fi network;
the networking control unit is used for opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance; and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment.
In a third aspect, an embodiment of the present application provides an electronic device, including an application processor, a memory, and one or more programs, stored in the memory and configured to be executed by the application processor, the program including instructions for performing the steps in the method according to any one of claims 1 to 7.
In a fourth aspect, embodiments of the present application provide a computer storage medium storing a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method according to any one of the first aspect of the embodiments of the present application.
In a fifth aspect, embodiments of the present application provide a computer program product, where the computer program product includes a non-transitory computer-readable storage medium storing a computer program, where the computer program is operable to cause a computer to perform some or all of the steps as described in any one of the methods of the first aspect of the embodiments of the present application. The computer program product may be a software installation package.
Therefore, the access control method of the wireless network and the related device are applied to the customer premises equipment, and the customer premises equipment is used for converting the mobile signals into the Wi-Fi signals to provide the preset Wi-Fi network; the distance between the user equipment and the client front-end equipment can be acquired in real time when the fact that the user equipment is accessed to the preset Wi-Fi network is detected; opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance; and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, and the use experience of the user is greatly improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1A is a system architecture diagram of an access control method for a wireless network according to an embodiment of the present disclosure;
fig. 1B is a schematic structural diagram of a client front-end device according to an embodiment of the present application;
fig. 2 is a flowchart illustrating an access control method of a wireless network according to an embodiment of the present disclosure;
fig. 3A is a schematic diagram illustrating a preset distance between a client front-end device and a user equipment according to an embodiment of the present application;
fig. 3B is a schematic diagram of a preset distance between a client front-end device and a user equipment according to another embodiment of the present application;
fig. 4 is a flowchart illustrating an access control method for a wireless network according to another embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 6 is a block diagram illustrating functional units of an access control apparatus of a wireless network according to an embodiment of the present disclosure;
fig. 7 is a block diagram illustrating functional units of an access control apparatus of another wireless network according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, software, product or apparatus that comprises a list of steps or elements is not limited to those listed but may alternatively include other steps or elements not listed or inherent to such process, method, product or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein may be combined with other embodiments. The embodiments of the present application will be described in detail below with reference to the accompanying drawings.
First, a system architecture of an access control method of a wireless network in the embodiment of the present application is described with reference to fig. 1A, where fig. 1A is a system architecture diagram of an access control method of a wireless network provided in the embodiment of the present application, and includes a client front-end device 110 and a user equipment 120.
The Customer Premise Equipment 110 is called Customer Premise Equipment, CPE for short, and is a mobile signal access device that receives a mobile signal and forwards the mobile signal as a wireless WI-FI signal, and is also a device that converts a high-speed 4G or 5G signal into a WI-FI signal, and the user Equipment may be an electronic device having a wireless network communication function, and may also include various handheld devices, vehicle-mounted devices, wearable devices, a Personal Computer (PC) or other processing devices connected to a wireless modem, and various forms of intelligent terminal devices and internet of things devices.
The ue 120 may Access a preset Wi-Fi network provided by the ue 110 through a Service Set Identifier (SSID), where the preset Wi-Fi network may be a wireless Wi-Fi network based on a wireless communication protocol (Wi-Fi Protected Access 3, WPA 3), and the preset Wi-Fi network may be accessed without a password, and the WPA3 protocol may prevent the air interface information from being leaked due to the setting of the air interface password. The user equipment 120 does not have a network access right after accessing the preset Wi-Fi network provided by the client front-end device 110, and can obtain the network access right after passing the verification and qualification of the client front-end device 110. The client front-end device 110 may determine whether to open a network access right to the user equipment by calculating a distance between the user equipment 120 and the client front-end device 110.
For convenience of understanding, the client front-end device 110 is further described below with reference to fig. 1B, and fig. 1B is a schematic structural diagram of the client front-end device 110 according to an embodiment of the present application, and includes a wireless network module 111, a subscriber identity module 112, a processing module 113, a memory 114, a communication module 115, a power management module 116, and other related modules, which are not listed here, where the wireless network module 111, the subscriber identity module 112, the processing module 113, the memory 114, the communication module 115, the power management module 116, and other related modules may be connected through a bus.
Specifically, the wireless network module 111 is a communication module providing wireless local area network technology of the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, and may provide channel spectrum resources of 2.4GHz and 5GHz to perform reception and transmission of network data.
Specifically, the SIM module 112 may include a SIM card for storing user-related data, operation and management of a Personal Identification Number (PIN) of a user, authentication of a user identity, and a security algorithm and a key in the SIM card, and the like. The stored Subscriber related data may include an International Mobile Subscriber identity Number (IMSI), an Authentication and Key (AKA), a Location area identity code (LAI), a Mobile Subscriber Temporary identity Number (TMSI), a forbidden public telephone network code, and a PIN. In addition, the customer premises equipment 110 may translate the cellular data connection of the subscriber identity card module 112 into a pre-set Wi-Fi network.
Specifically, the processing module 113 is a control center of the customer premises equipment 110, and is connected to each part of the customer premises equipment 110 through various interfaces and lines. In addition, the processing module 113 invokes the stored data in the memory by running or executing software programs and/or modules in the memory 114 to perform various functions of the client premises equipment 110 and process the data and monitor the overall operation of the client premises equipment 110. Optionally, the Processing module 113 may include a Central Processing Unit (CPU) or a Network Processing Unit (NPU), etc.
Specifically, the memory 114 is used for storing software programs and/or modules, and the processing module 113 executes various functional applications and data processing of the client front-end device 110 and performs radio network access control functions by operating the software programs and/or modules stored in the memory 114. The memory 114 may include a program storage area and a data storage area, wherein the program storage area may store an operating system or a software program required for at least one function, etc.; the storage data area may store data created according to the use of the relay apparatus, and the like. Further, the memory 114 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
Specifically, the communication module 115 may include an integrated communication chip, where the communication chip includes a cellular unit and a non-cellular unit, the cellular unit may perform data transmission for 2G/3G/4G/5G communication, and the non-cellular chip may perform data transmission in bluetooth, wi-Fi, lora, zigbee, and the like, and optionally, the communication module 115 in this embodiment may include a positioning module and has a function of positioning other electronic devices.
Specifically, the power management module 116 may include a power management chip and may provide management functions such as power conversion, distribution, detection, and the like for the customer premises equipment 110.
Through the description of the hardware architecture, it can be seen that the embodiment of the application can provide a Wi-Fi network without a password by combining with a client front-end device, and the user device can obtain a network access right within a certain distance. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, and the use experience of the user is greatly improved.
The access control method of a wireless network provided in the embodiment of the present application is described in detail below with reference to fig. 2, and is applied to a client front-end device, where the client front-end device is configured to convert a mobile signal into a Wi-Fi signal to provide a default Wi-Fi network; fig. 2 is a flowchart illustrating an access control method for a wireless network according to an embodiment of the present application, which includes the following steps:
The preset Wi-Fi network is an air password Wi-Fi network based on a WPA3 protocol, wherein the WPA3 is named Wi-Fi Protected Access 3 in all, the Wi-Fi network is a Wi-Fi new encryption protocol which is issued by a Wi-Fi alliance on the International Consumer electronics exhibition of Las Vegas in 2018, 1 month and 8 days, and the problem of air interface information leakage does not need to be worried about when the air password is set under the protocol.
The user equipment can directly access the preset Wi-Fi network through an SSID (service set identifier), the SSID can be set by a user, the user equipment does not have the authority of accessing the network after accessing the preset Wi-Fi network, the user equipment can access the network only through the verification of the client front equipment, the verification can be completed through the distance, and the client front equipment can acquire the distance between the user equipment and the client front equipment through various modes:
in an optional embodiment, the ue may monitor a first Signal Strength of the ue, where the first Signal Strength includes Received Signal Strength Indication (RSSI), and the distance between the ue and the ue may be determined according to the Strength of the RSSI Signal, so as to perform positioning calculation according to corresponding data, that is, according to the principle that radio waves or sound waves are transmitted in a medium, and the Signal power is attenuated along with a propagation distance, and according to the transmission power of a known Signal of a beacon node and the Signal power Received by a node, the distance between the nodes may be calculated through an attenuation model between the Signal and the distance. The client front-end device may monitor whether the RSSI signal strength of the user equipment is greater than a preset signal strength value, or the user equipment may report the RSSI signal strength of the client front-end device to the server after acquiring the RSSI signal strength, determine the distance between the client front-end device and the user equipment according to the feedback of the server, and send the distance data to the client front-end device. When the first signal strength is greater than or equal to a preset signal strength value, the distance between the user equipment and the client front equipment is less than or equal to a preset distance; when the first signal strength is smaller than a preset signal strength value, the distance between the user equipment and the client front-end equipment is larger than the preset distance. The preset signal strength value may be set by itself or determined empirically, and is not limited specifically herein.
In an optional embodiment, the client front-end device may attempt to acquire second signal data of the user equipment, where the second signal data may include Near Field Communication (NFC) signals, bluetooth signals, and a user equipment identifier carried in the second signal data, and when the second signal data of the user equipment is acquired, a distance between the user equipment and the client front-end device is less than or equal to the preset distance; and when the second signal data of the user equipment is not acquired, the distance between the user equipment and the client front equipment is greater than the preset distance.
In an optional embodiment, when the client front-end device sends a data packet to the user equipment at a preset power and attempts to receive an Acknowledgement Character (ACK) for the data packet, which is fed back by the user equipment, a distance between the user equipment and the client front-end device is less than or equal to the preset distance; and when the ACK which is fed back by the user equipment and aims at the data packet is not received, the distance between the user equipment and the client front equipment is greater than the preset distance. The ACK is a transmission-type control character that is sent by a receiving station to a sending station in a data communication. Indicating that the transmitted data is received without errors. Generally, in the TCP/IP protocol, if the receiving side successfully receives the data, an ACK data is replied. The ACK has a preset format and length.
In an optional embodiment, the client front-end device may further use a Wi-Fi assisted positioning function to position the user equipment, that is, send a received positioning signal of the user equipment to the positioning server; and acquiring the distance between the user equipment and the client front equipment in real time according to the feedback data of the positioning server. The positioning server stores the position information of the client front-end equipment and the information of the peripheral router, and can be used for positioning the user equipment connected with the preset Wi-Fi network.
Therefore, when the fact that the user equipment is accessed to the preset Wi-Fi network is detected, the distance between the user equipment and the client front-end equipment is obtained in real time, relevant distance information is obtained in multiple modes in real time, the obtaining modes can be flexibly switched according to different scenes, and the accuracy of indoor positioning is improved.
For example, as shown in fig. 3A, the customer premises equipment is arranged in the center of a 10 × 10 circular area, and the user wants to have network access right only in the circular area, then the preset distance may be set to 10, when the distance between the user equipment and the customer premises equipment is less than or equal to 10, the customer premises equipment adds the user equipment to a networking white list, and the user equipment may normally connect to the network; when the distance between the ue and the ue is greater than 10, see step 203 for details, which is not described herein again.
In an optional embodiment, the preset distance is not limited to one numerical value, and a plurality of preset distance criteria may be set according to the direction of the client front-end device, as shown in fig. 3B, the preset distance of the client front-end device in the north direction is a, the preset distance in the east direction is B, and the preset distance in the southwest direction is c, so that an irregular area is formed, the area is a preset area where the user device can be networked, and the preset distances in the other directions are not described herein again. It can be seen that when the user equipment is located in the north direction of the customer premises equipment and the distance between the user equipment and the customer premises equipment is less than or equal to a, the customer premises equipment adds the user equipment to a networking list, and the user equipment can be normally networked; when the user equipment is positioned in the east direction of the client front-end equipment and the distance between the user equipment and the client front-end equipment is less than or equal to b, the client front-end equipment adds the user equipment into a networking list, and the user equipment can be normally networked; when the user equipment is located in the southwest direction of the client front-end equipment and the distance between the user equipment and the client front-end equipment is smaller than or equal to c, the client front-end equipment adds the user equipment into a networking list, and the user equipment can be normally networked. It will be appreciated that the networking license authorization of the client premises equipment is only obtained when the user equipment is within the predetermined area and is not listed any further.
Therefore, the Wi-Fi network without the password can be provided by combining with the customer front-end equipment, the user equipment can obtain the network access authority within a certain distance, and the convenience of user networking is improved.
For convenience of understanding, as described in conjunction with fig. 3A, when the distance between the user equipment and the client front-end device is greater than 10, the client front-end device does not add the user equipment to the networking white list, and if the user equipment has already added to the networking white list at this time, the client front-end device removes the user equipment beyond the preset distance from the networking white list.
By the method, the Wi-Fi network without the password can be provided by combining with the customer front-end equipment, and the user equipment can obtain the network access right only within a certain distance. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, and the use experience of the user is greatly improved.
Fig. 4 is a flowchart illustrating another method for controlling access to a wireless network in this embodiment in detail, where fig. 4 is a flowchart of another method for controlling access to a wireless network in this embodiment, and specifically includes the following steps:
Wherein, every time a user equipment accesses a preset WiFi network, the identity of the user equipment is stored in the preset equipment database, and the method of step 402 is continuously executed by obtaining the equipment identifier of the currently accessed user equipment to match with the historical equipment identifier of the historical user equipment in the preset equipment data, and if not, the mapping relationship is null. If there is a match, the mapping relationship is not null, which indicates that the electronic device is a familiar device, and step 403 is directly executed.
By obtaining the mapping relation between the user equipment and the historical user equipment in the preset equipment database, whether the user equipment currently accessed to the wireless WiFi network is the common user equipment can be determined.
The notification message includes information such as a name, an access time, and an access location of the user equipment, and the primary device may set itself, and the set primary device may bind a device identifier or a specific account, which is not limited herein.
Therefore, the reminding message can be sent to the main device when the new device is accessed to the preset WiFi network, and user experience is improved.
By the method, the Wi-Fi network without the password can be provided by combining with the customer front-end equipment, and the user equipment can obtain the network access right only within a certain distance. The safety of the Wi-Fi network is guaranteed while the convenience of the user for accessing the Wi-Fi network is improved, the main device is informed when the new device accesses the network, and the use experience of the user is greatly improved through double insurance.
The steps not described in detail above may refer to part or all of the method steps in fig. 2, and are not described herein again.
In accordance with the embodiment described in the method above, please refer to fig. 5. Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device 500 includes an application processor 510, a memory 520, a communication interface 530, and one or more programs 521, where the one or more programs 521 are stored in the memory 520 and configured to be executed by the application processor 510, and the one or more programs 521 include instructions for:
when detecting that user equipment accesses a preset Wi-Fi network, acquiring the distance between the user equipment and client front equipment in real time;
opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance;
and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment.
In a possible embodiment, in the aspect of obtaining the distance between the user equipment and the client front-end device in real time, the instructions in the program are specifically configured to:
monitoring a first signal strength of the user equipment, the first signal strength comprising received signal strength indication information;
when the first signal strength is greater than or equal to a preset signal strength value, the distance between the user equipment and the customer premises equipment is less than or equal to the preset distance;
and when the first signal intensity is smaller than a preset signal intensity value, the distance between the user equipment and the client front equipment is larger than the preset distance.
In a possible embodiment, in the aspect of obtaining the distance between the user equipment and the client front-end device in real time, the instructions in the program are specifically configured to:
when second signal data of the user equipment are acquired, the distance between the user equipment and the client front equipment is smaller than or equal to the preset distance, and the second signal data comprise near field communication signals, bluetooth signals and user equipment identification;
and when the second signal data of the user equipment is not acquired, the distance between the user equipment and the client front equipment is greater than the preset distance.
In a possible embodiment, in the aspect of obtaining the distance between the user equipment and the client front-end device in real time, the instructions in the program are specifically configured to:
sending a data packet to the user equipment by preset power;
when receiving a confirmation character which is fed back by the user equipment and aims at the data packet, the distance between the user equipment and the client front equipment is smaller than or equal to the preset distance;
and when the confirmation character which is fed back by the user equipment and aims at the data packet is not received, the distance between the user equipment and the client front equipment is greater than the preset distance.
In a possible embodiment, in the aspect of obtaining the distance between the user equipment and the client front-end device in real time, the instructions in the program are specifically configured to:
sending the received positioning signal of the user equipment to a positioning server;
and acquiring the distance between the user equipment and the client front equipment in real time according to the feedback data of the positioning server.
In one possible embodiment, the default Wi-Fi network is a wireless communication protocol 3-based air password Wi-Fi network.
In a possible embodiment, in the aspect before the obtaining of the distance between the user equipment and the client front-end device in real time, the instructions in the program are specifically further configured to:
acquiring a mapping relation between the user equipment and historical user equipment in a preset equipment database;
and when the mapping relation between the user equipment and the historical user equipment is null, sending a notification message to the main equipment, wherein the notification message comprises the name, the access time and the access place of the user equipment.
The above description has introduced the solution of the embodiment of the present application mainly from the perspective of the method-side implementation process. It is understood that the electronic device comprises corresponding hardware structures and/or software modules for performing the respective functions in order to realize the above-mentioned functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative elements and algorithm steps described in connection with the embodiments provided herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the electronic device may be divided into the functional units according to the method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 6 is a block diagram showing functional units of an access control device of a wireless network according to the above embodiment, in a case where functional modules are divided according to respective functions. As shown in fig. 6, the access control apparatus 600 of the wireless network is applied to a client front-end device for converting mobile signals into Wi-Fi signals to provide a default Wi-Fi network; the access control device 600 of the wireless network comprises:
a distance determining unit 610, configured to obtain, in real time, a distance between the user equipment and the client front-end device when it is detected that the user equipment accesses the preset Wi-Fi network;
a networking control unit 620, configured to open a network access right to the user equipment when a distance between the user equipment and the client front-end device is less than or equal to a preset distance; and when the distance between the user equipment and the client front equipment is greater than a preset distance, refusing to open the network access authority to the user equipment.
In the case of an integrated unit, fig. 7 shows a block diagram of functional units of an access control device of a wireless network according to the above-described embodiment. As shown in fig. 7, an access control apparatus 700 of a wireless network includes a processing unit 701 and a communication unit 702, where the processing unit 701 is configured to execute any step in the above method embodiments, and when performing data transmission, such as sending, and the like, optionally invokes the communication unit 702 to complete the corresponding operation.
The access control apparatus 700 of the wireless network may further include a storage unit 703 for storing program codes and data of an electronic device. The processing unit 701 may be a central processing unit, the communication unit 702 may be a radio frequency module, and the storage unit 703 may be a memory.
It can be understood that, since the method embodiment and the apparatus embodiment are different presentation forms of the same technical concept, the content of the method embodiment portion in the present application should be synchronously adapted to the apparatus embodiment portion, and is not described herein again.
Embodiments of the present application also provide a computer storage medium, where the computer storage medium stores a computer program for electronic data exchange, the computer program enabling a computer to execute part or all of the steps of any one of the methods described in the above method embodiments, and the computer includes an electronic device.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any one of the methods as set out in the above method embodiments. The computer program product may be a software installation package, the computer comprising an electronic device.
It should be noted that for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art will recognize that the embodiments described in this specification are preferred embodiments and that acts or modules referred to are not necessarily required for this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the above-described units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit may be stored in a computer readable memory if it is implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above-mentioned method of the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash Memory disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (8)
1. The access control method of the wireless network is characterized by being applied to customer premises equipment, wherein the customer premises equipment is used for converting a mobile signal into a wireless fidelity Wi-Fi signal to provide a preset Wi-Fi network, the preset Wi-Fi network is a blank password wireless Wi-Fi network based on a wireless communication protocol WPA3, and the preset Wi-Fi network can be accessed without a password; the method comprises the following steps:
when detecting that the user equipment is accessed to the preset Wi-Fi network, acquiring a mapping relation between the user equipment and historical user equipment in a preset equipment database;
when the mapping relation between the user equipment and the historical user equipment is empty, sending a notification message to main equipment, wherein the notification message comprises the name, the access time and the access place of the user equipment;
acquiring the distance between the user equipment and the client front equipment in real time;
when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance, adding the user equipment into a networking white list, and opening network access permission to the user equipment;
when the distance between the user equipment and the client front-end equipment is larger than the preset distance, the user equipment is not added into the networking white list or removed from the networking white list, the network access authority is refused to be opened to the user equipment, and the preset distance accords with a preset distance standard corresponding to the direction of the user equipment relative to the client front-end equipment.
2. The method of claim 1, wherein the obtaining the distance between the user equipment and the customer premises equipment in real time comprises:
monitoring a first signal strength of the user equipment, the first signal strength comprising received signal strength indication information;
when the first signal strength is greater than or equal to a preset signal strength value, the distance between the user equipment and the client front equipment is less than or equal to the preset distance;
and when the first signal intensity is smaller than a preset signal intensity value, the distance between the user equipment and the client front equipment is larger than the preset distance.
3. The method of claim 1, wherein the obtaining the distance between the user equipment and the customer premises equipment in real time comprises:
when second signal data of the user equipment are acquired, the distance between the user equipment and the client front equipment is smaller than or equal to the preset distance, and the second signal data comprise near field communication signals, bluetooth signals and user equipment identification;
and when the second signal data of the user equipment is not acquired, the distance between the user equipment and the client front equipment is greater than the preset distance.
4. The method of claim 1, wherein the obtaining the distance between the user equipment and the customer premises equipment in real time comprises:
sending a data packet to the user equipment by preset power;
when receiving the confirmation character which is fed back by the user equipment and aims at the data packet, the distance between the user equipment and the client front equipment is smaller than or equal to the preset distance;
and when the confirmation character which is fed back by the user equipment and aims at the data packet is not received, the distance between the user equipment and the client front equipment is greater than the preset distance.
5. The method of claim 1, wherein the obtaining the distance between the user equipment and the customer premises equipment in real time comprises:
sending the received positioning signal of the user equipment to a positioning server;
and acquiring the distance between the user equipment and the client front equipment in real time according to the feedback data of the positioning server.
6. The access control device of the wireless network is applied to customer premises equipment, the customer premises equipment is used for converting mobile signals into wireless fidelity Wi-Fi signals to provide a preset Wi-Fi network, the preset Wi-Fi network is a blank password wireless Wi-Fi network based on a wireless communication protocol WPA3, and the preset Wi-Fi network can be accessed without passwords; the device comprises:
the distance determining unit is used for acquiring the mapping relation between the user equipment and historical user equipment in a preset equipment database when the user equipment is detected to be accessed to the preset Wi-Fi network;
when the mapping relation between the user equipment and the historical user equipment is empty, sending a notification message to main equipment, wherein the notification message comprises the name, the access time and the access place of the user equipment;
acquiring the distance between the user equipment and the client front equipment in real time;
the networking control unit is used for adding the user equipment into a networking white list and opening network access authority to the user equipment when the distance between the user equipment and the client front equipment is smaller than or equal to a preset distance; when the distance between the user equipment and the customer premises equipment is larger than a preset distance, the user equipment is not added into the networking white list or removed from the networking white list, the network access authority is refused to be opened to the user equipment, and the preset distance accords with a preset distance standard corresponding to the direction of the user equipment relative to the customer premises equipment.
7. An electronic device comprising an application processor, a memory, and one or more programs stored in the memory and configured to be executed by the application processor, the programs including instructions for performing the steps of the method of any of claims 1-5.
8. A computer storage medium, characterized in that it stores a computer program comprising program instructions which, when executed by a processor, cause the processor to carry out the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010604665.9A CN111770094B (en) | 2020-06-29 | 2020-06-29 | Access control method of wireless network and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010604665.9A CN111770094B (en) | 2020-06-29 | 2020-06-29 | Access control method of wireless network and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111770094A CN111770094A (en) | 2020-10-13 |
| CN111770094B true CN111770094B (en) | 2022-12-13 |
Family
ID=72723019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010604665.9A Active CN111770094B (en) | 2020-06-29 | 2020-06-29 | Access control method of wireless network and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111770094B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112312372A (en) * | 2020-10-26 | 2021-02-02 | Oppo广东移动通信有限公司 | Network access method and system |
| CN113133082B (en) * | 2021-04-20 | 2022-08-23 | 深圳市多酷科技有限公司 | Regional wireless access method, device, system and terminal equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106507359A (en) * | 2016-11-16 | 2017-03-15 | 广东浪潮大数据研究有限公司 | A kind of method for limiting online, router and system |
| CN107396303A (en) * | 2017-06-20 | 2017-11-24 | 中兴通讯股份有限公司 | Connection control method and system, safety zone determine method and device |
| CN111031545A (en) * | 2019-12-24 | 2020-04-17 | Oppo广东移动通信有限公司 | Wireless network access control method and device, relay equipment and electronic equipment |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8350666B2 (en) * | 2008-10-15 | 2013-01-08 | Honeywell International Inc. | Apparatus and method for location-based access control in wireless networks |
| CN104581615B (en) * | 2014-12-25 | 2018-05-29 | 小米科技有限责任公司 | service providing method and device |
| CN105992208A (en) * | 2015-05-15 | 2016-10-05 | 乐视致新电子科技(天津)有限公司 | Wireless connection authentication method and wireless connection authentication device |
| CN104902500B (en) * | 2015-05-21 | 2019-11-22 | 南京创维信息技术研究院有限公司 | The automatic connection method and system of Wireless Communication Equipment and radio reception device |
| CN105827583A (en) * | 2015-09-30 | 2016-08-03 | 维沃移动通信有限公司 | Method and device for access to mobile data network |
| CN106102088A (en) * | 2016-06-01 | 2016-11-09 | 上海斐讯数据通信技术有限公司 | The connection control method of a kind of wireless router and wireless router |
| CN106851642A (en) * | 2017-02-16 | 2017-06-13 | 深圳市欣博跃电子有限公司 | Wireless networking authorization method and device |
-
2020
- 2020-06-29 CN CN202010604665.9A patent/CN111770094B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106507359A (en) * | 2016-11-16 | 2017-03-15 | 广东浪潮大数据研究有限公司 | A kind of method for limiting online, router and system |
| CN107396303A (en) * | 2017-06-20 | 2017-11-24 | 中兴通讯股份有限公司 | Connection control method and system, safety zone determine method and device |
| CN111031545A (en) * | 2019-12-24 | 2020-04-17 | Oppo广东移动通信有限公司 | Wireless network access control method and device, relay equipment and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111770094A (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110798833B (en) | Method and device for verifying user equipment identification in authentication process | |
| CN107529160B (en) | VoWiFi network access method and system, terminal and wireless access point equipment | |
| US20120036557A1 (en) | Wi-fi access method, access point and wi-fi access system | |
| US20010048744A1 (en) | Access point device and authentication method thereof | |
| US7428747B2 (en) | Secure channel reservation | |
| CN109716810A (en) | Authority checking method and apparatus | |
| CN106921963A (en) | A kind of smart machine accesses the method and device of WLAN | |
| CN111464934B (en) | Data transmission system, method and device | |
| CN109922474B (en) | Method for triggering network authentication and related equipment | |
| CN102883320A (en) | WiFi (Wireless Fidelity) authentication method and system thereof | |
| US11871223B2 (en) | Authentication method and apparatus and device | |
| CN105493539A (en) | Porting WIFI settings | |
| CN104144463A (en) | Wi-fi network access method and system | |
| CN104168561A (en) | Hot-spot configuration method and accessing method and device in wireless local-area network | |
| CN111770094B (en) | Access control method of wireless network and related device | |
| CN110351725B (en) | Communication method and device | |
| WO2016131289A1 (en) | Method, device and user equipment for testing security of wireless hotspot | |
| EP4142328A1 (en) | Network authentication method and apparatus, and system | |
| CN113132334A (en) | Method and device for determining authorization result | |
| CN107027121A (en) | A kind of WiFi network safety access method and device | |
| CN111031545A (en) | Wireless network access control method and device, relay equipment and electronic equipment | |
| EP3169031B1 (en) | Method, device and platform for sharing wireless local area network | |
| CN105992208A (en) | Wireless connection authentication method and wireless connection authentication device | |
| CN102821424A (en) | Auxiliary mobile data distribution method, communication device and mobile device | |
| CN103281693A (en) | Wireless communication authentication method, network translation equipment and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |