CN113163404B - Network access authentication method and related equipment - Google Patents
Network access authentication method and related equipment Download PDFInfo
- Publication number
- CN113163404B CN113163404B CN202110464362.6A CN202110464362A CN113163404B CN 113163404 B CN113163404 B CN 113163404B CN 202110464362 A CN202110464362 A CN 202110464362A CN 113163404 B CN113163404 B CN 113163404B
- Authority
- CN
- China
- Prior art keywords
- network
- equipment
- information
- accessible
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application provides a network access authentication method and related equipment, wherein the network access authentication method comprises the following steps: storing the accessible network personnel information; storing network access equipment information matched with the personnel information; receiving a network access request of equipment to be authenticated; and allowing the device to be authenticated to access the network under the condition that the device to be authenticated is matched with the stored network access equipment information. According to the network access authentication method, on one hand, only the equipment to be authenticated which stores the network access equipment information can access the network, the external equipment which is not stored and recorded is prevented from accessing the network, the leakage of the network information can be avoided, and meanwhile, the attack probability of a network system is reduced; on the other hand, the network access equipment information is matched with the personnel information, so that the personnel information and the network access equipment have a binding relationship, each network access equipment can be provided with a responsible person, and the network access equipment can be managed and supervised conveniently.
Description
Technical Field
The present invention relates to the field of network authentication technology, and in particular, to a network access authentication method, a network access authentication system, an electronic device, and a computer readable storage medium.
Background
Along with the rapid development of information technology, paperless office work gradually replaces existing paperless office work, and in order to achieve paperless office work, a great number of office areas or factories achieve wireless network coverage.
However, the security requirement on the wireless network is not high in the prior art, only the wireless access password WPA/WPA2 is required to be provided for authentication to access the network, and then more and more management software based on wireless WiFi is generated (such as a master key), and the wireless WiFi management software uploads the SSID, the position coordinates, the authentication mode and the password to a wireless WiFi management software background server to share the WiFi information to other users who install the application, which directly leads to that external equipment can be randomly accessed into the wireless network in an office area or a factory, so that quality materials in the office area and the factory are easily leaked, and meanwhile, the external equipment is convenient to attack network systems in the office area and the factory, and great threat is brought to office security in the office area or the factory.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art or related art.
In view of this, according to a first aspect of an embodiment of the present application, a network access authentication method is provided, including: storing the accessible network personnel information;
storing network access equipment information matched with the personnel information;
receiving a network access request of equipment to be authenticated;
and allowing the equipment to be authenticated to access the network under the condition that the equipment to be authenticated is matched with the stored network access equipment information.
In a first possible implementation manner of the first aspect, the step of storing the accessible person information includes:
constructing a department frame, wherein the department frame comprises a plurality of departments;
storing the network-accessible personnel information in a department corresponding to the network-accessible personnel information;
wherein the network accessible personnel information includes: person name, contact, and first status information.
In a second possible implementation manner of the first aspect, the network access authentication method further includes:
allowing storage of network access equipment information matched with the network access personnel information under the condition that the first state information is in an enabling state, wherein the enabling state is executed after receiving a starting state instruction;
and under the condition that the first state information is in a forbidden state, storing the network access equipment information matched with the network access personnel information is not allowed, wherein the forbidden state is executed after receiving a forbidden state instruction.
In a third possible implementation manner of the first aspect, the step of storing network-accessible device information matched with the personnel information includes:
judging the equipment type of the network access equipment;
if the equipment type of the network access equipment is determined to be the terminal equipment, storing the terminal equipment information matched with the personnel information;
if the equipment type of the network access equipment is determined to be network equipment, storing network equipment information matched with the personnel information;
wherein the terminal equipment information includes: MAC address, terminal type, deadline information, and second state information;
wherein the network device information includes: IP address, network device type, key information, and third state information.
In a fourth possible implementation manner of the first aspect, the step of allowing the device to be authenticated to access the network if the device to be authenticated matches the stored network-accessible device information includes:
allowing the equipment to be authenticated to access a network under the condition that the MAC address of the equipment to be authenticated is matched with the terminal equipment information and the second state information of the terminal equipment information matched with the equipment to be authenticated is in an enabling state;
and allowing the equipment to be authenticated to access a network under the condition that the verification key of the equipment to be authenticated is matched with the key information of the network equipment, the network equipment is matched with the network equipment information and the third state information of the network equipment information is enabled.
In a fifth possible implementation manner of the first aspect, the network access authentication method further includes:
verifying whether the equipment to be authenticated is network-accessible equipment or not under the condition that the equipment to be authenticated is not matched with the stored network-accessible equipment information;
storing network access equipment information of the equipment to be authenticated under the condition that the equipment to be authenticated is network access equipment, and allowing the equipment to be authenticated to access a network; and/or
Storing an authentication log of the device to be authenticated; and/or
Storing network information of the equipment to be authenticated under the condition that the equipment to be authenticated is accessed to a network;
wherein the network information includes: network start time, network end time, current status information, and device type information.
In a sixth possible implementation manner of the first aspect, the network access authentication method further includes:
performing physical location division on a network coverage area, and constructing an equipment storage location frame, wherein the equipment storage location frame comprises a plurality of equipment points;
identifying all network-accessible equipment information, and counting the network-accessible equipment information to acquire physical position information of each network-accessible equipment;
based on the physical location information of each network-accessible device, the network-accessible device is stored within the corresponding device point.
According to a second aspect of embodiments of the present application, there is provided a network access authentication system, including:
the user management module is used for storing the network-accessible personnel information;
the equipment management module is used for storing network access equipment information matched with the personnel information;
the receiving module is used for receiving a network access request of equipment to be authenticated;
and the authentication management module is used for allowing the equipment to be authenticated to access the network under the condition that the equipment to be authenticated is matched with the stored network access equipment information.
According to a third aspect of embodiments of the present application, there is provided a network access authentication system, including: the network access authentication method according to any of the above technical solutions is characterized in that the processor is configured to implement the steps of the network access authentication method according to any of the above technical solutions when executing the computer program stored in the memory.
According to a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the network access authentication method according to any of the above-mentioned technical aspects.
Compared with the prior art, the invention at least comprises the following beneficial effects: according to the network access authentication method, the network access personnel information and the network access equipment information matched with the network access personnel information are stored, and when a network access request of equipment to be authenticated is received, the equipment to be authenticated is allowed to access to a network only under the condition that the equipment to be authenticated is matched with the network access information. On the one hand, only the equipment to be authenticated which stores the network access equipment information can be accessed to the network, so that the access of the external equipment which is not stored and recorded to the network is avoided, the leakage of the network information can be avoided, and meanwhile, the attack probability of a network system is reduced; on the other hand, the network access equipment information is matched with the personnel information, so that the personnel information and the network access equipment have a binding relationship, each network access equipment can be provided with a responsible person, and the network access equipment can be managed and supervised conveniently.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
fig. 1 is a schematic flowchart of a network access authentication method provided in an embodiment of the present application;
fig. 2 is a schematic block diagram of a network access authentication system according to an embodiment of the present application;
FIG. 3 is a schematic block diagram of an electronic device according to an embodiment of the present application;
fig. 4 is a schematic block diagram of a computer readable storage medium according to an embodiment of the present application.
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized below, may be had by reference to the appended drawings. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those described herein, and therefore the scope of the present invention is not limited to the specific embodiments disclosed below.
As shown in fig. 1, according to an aspect of an embodiment of the present application, a network access authentication method is provided, including:
step 101: storing the accessible network personnel information. The stored network-accessible personnel information is bound with network-accessible personnel, the network-accessible personnel can be operators in a factory area and an office area within the network coverage, and the operators in the factory area and the office area can be authorized by storing the network-accessible personnel information.
In some examples, storing the accessible network personnel information may include: and receiving a personnel holding request, generating an accessible personnel information storage interface, and storing accessible personnel information based on the information recorded in the accessible personnel information storage interface.
Step 102: storing the network access equipment information matched with the personnel information. The network access equipment information is matched with the personnel information, so that the network access equipment and the personnel can have a binding relationship, each network equipment can be provided with a responsible person, the network access equipment can be conveniently monitored and maintained, and the responsible person can be conveniently known as soon as possible under the condition that the network access equipment is abnormal.
In some examples, the step of storing the network-accessible device information that matches the personnel information may include: receiving an information storage instruction of the network access equipment, selecting personnel information matched with the network access equipment, generating an information storage interface of the network access equipment, and storing the information of the network access equipment based on the information recorded in the information storage interface of the network access equipment.
Step 103: and receiving a network access request of the device to be authenticated. When any equipment, such as a mobile terminal, a terminal and network equipment, needs to be accessed to a network, a network access request needs to be sent out, so that the network access authentication method can monitor and authenticate all network access operations, and the network use is safer.
Step 104: and allowing the device to be authenticated to access the network under the condition that the device to be authenticated is matched with the stored network access equipment information. In the case where the device to be authenticated is matched with the stored network-accessible device information, the device to be authenticated can be considered as the network-accessible device, and the device to be authenticated is allowed to access the network at this time. It can be understood that in the case that the device to be authenticated fails to match with the network-accessible device, the device to be authenticated is considered not to belong to the network-accessible device, and the device to be authenticated may be an external device, and access to the network may cause data to leak, so that the network is easily supplied, and the device to be authenticated will not allow access to the network.
According to the network access authentication method, the network access personnel information and the network access equipment information matched with the network access personnel information are stored, and when a network access request of equipment to be authenticated is received, the equipment to be authenticated is allowed to access to a network only under the condition that the equipment to be authenticated is matched with the network access information. On one hand, only the equipment to be authenticated which stores the network access equipment information can be accessed to the network, the access of the external equipment which is not stored and recorded to the network is avoided, the leakage of the network information can be avoided, and meanwhile, the attack probability of the network system is reduced; on the other hand, the network access equipment information is matched with the personnel information, so that the personnel information and the network access equipment have a binding relationship, each network access equipment can be provided with a responsible person, and the network access equipment can be managed and supervised conveniently.
In some examples, the network access authentication method may further include: stored accessible personnel information is deleted to accommodate personnel changes such as personnel departure or personnel loss of equipment management rights, etc.
In some examples, the network access authentication method may further include: the stored network-accessible personnel information is modified to facilitate altering the content of the network-accessible personnel information.
In some examples, the network access authentication method may further include: the stored network access equipment information is deleted to adapt to the change of the network access equipment, such as damage or scrapping of the network access equipment.
In some examples, the network access authentication method may further include: the stored network-accessible device information is modified to facilitate altering the content of the network-accessible device information.
In some examples, the step of storing the accessible network personnel information includes: constructing a department frame, wherein the department frame comprises a plurality of departments; storing the network-accessible personnel information in a department corresponding to the network-accessible personnel information; wherein the accessible personnel information includes: person name, contact, and first status information.
By constructing the department frame and then storing the network-accessible personnel information in the department corresponding to the network-accessible personnel information, personnel can be divided based on different departments, the network-accessible personnel information can be confirmed step by step conveniently, and the storage of the network-accessible personnel information is more perfect.
The accessible network personnel information includes: the name, the contact way and the first state information of the personnel are convenient for confirming and contacting the personnel bound with the network access equipment as soon as possible when the network access equipment is abnormal.
In some examples, building the department frame may include a plurality of levels, each level may include sub-levels, and the step of building the department frame may include: receiving department construction information, determining a hierarchy to which a department belongs based on the department construction information, and storing the department in a hierarchy corresponding to the department; and receiving a department deletion instruction, and deleting the departments stored in the department framework. This arrangement facilitates maintenance and updating of the department framework.
In some examples, the network access authentication method further comprises: allowing storage of network access equipment information matched with the network access personnel information under the condition that the first state information is an enabling state, wherein the enabling state is executed after receiving a starting state instruction; and under the condition that the first state information is in a forbidden state, storing the network access equipment information matched with the network access personnel information is not allowed, wherein the forbidden state is executed after receiving a forbidden state instruction.
By storing the first state information, only in the case where the first state information of the network-accessible person information is the enabled state, the network-accessible device information matching the network-accessible person information is permitted to be stored. The method is convenient for controlling the authorized state of the network-accessible personnel information, and the network-accessible equipment information matched with the network-accessible personnel information can be recorded only in the authorized state of the network-accessible personnel information, so that the safety of the network-accessible equipment information storage is ensured.
In some examples, storing the network-accessible device information that matches the personnel information includes: judging the equipment type of the network access equipment; if the equipment type of the network access equipment is determined to be the terminal equipment, storing the terminal equipment information matched with the personnel information; if the equipment type of the network access equipment is determined to be the network equipment, storing the network equipment information matched with the personnel information; wherein the terminal equipment information includes: MAC address, terminal type, deadline information, and second state information; wherein the network device information includes: IP address, network device type, key information, and third state information.
When the stored network access equipment is a terminal, the MAC address, the terminal type, the time limit information and the second state information of the terminal are stored; and storing the IP address of the network device, the network device type, the key information and the third state information when the network access device is the network device. Different information storage modes are adopted for different network access equipment types, so that subsequent equipment to be authenticated can be conveniently authenticated. The MAC address and the IP address have uniqueness, so that different network access devices can be distinguished conveniently.
The network access permission of the terminal equipment is conveniently controlled by setting the second state information for the terminal equipment, and the network access permission of the terminal equipment is conveniently controlled by setting the third state information for the network equipment.
In some examples, the terminal device includes, but is not limited to: computers and cell phones. Network devices include, but are not limited to, controllers, switches, and routers.
In some examples, the step of allowing the device to be authenticated to access the network if the device to be authenticated matches the stored network-accessible device information comprises: allowing the equipment to be authenticated to access the network under the condition that the MAC address of the equipment to be authenticated is matched with the terminal equipment information and the second state information of the terminal equipment information matched with the equipment to be authenticated is in an enabling state; and allowing the device to be authenticated to access the network under the condition that the verification key of the device to be authenticated is matched with the key information of the network device, the network device is matched with the network device information and the third state information of the network device information is enabled.
When the equipment to be authenticated is a terminal, the terminal to be authenticated is matched with the MAC address of any network access equipment in the stored multiple network access equipment information, and the terminal to be authenticated is the network access equipment, and further the second state information of the network access equipment is in an enabling state, so that the terminal can be accessed to a network, and the access of an external equipment to the network can be avoided through double authentication of the MAC address and the second state information.
When the equipment to be authenticated is network equipment, the authentication key of the authentication equipment is matched with the key information of the network equipment, so that the authentication equipment can pass the authentication of the key information, further the authentication equipment is matched with the stored network access equipment information, so that the network equipment is the network access equipment, further the third state information of the network access equipment information is the enabling state, the network equipment can be accessed to the network, and the network access equipment can be prevented from being accessed to the network through the triple authentication of the key authentication, the network access equipment information authentication and the third state information.
In some examples, the network device matching the network device information means that the IP address of the network device to be authenticated matches the IP address of any one of the stored plurality of network-accessible device information.
In some examples, the network access authentication method further comprises: under the condition that the equipment to be authenticated is not matched with the stored network access equipment information, verifying whether the equipment to be authenticated is the network access equipment; and storing network access equipment information of the equipment to be authenticated under the condition that the equipment to be authenticated is the network access equipment, and allowing the equipment to be authenticated to access the network.
And under the condition that the equipment to be authenticated is not matched with the stored network access equipment information, the equipment to be authenticated does not belong to the stored network access equipment, the network access authority of the equipment to be authenticated is further judged, if the equipment to be authenticated is the network access equipment, the network access equipment information of the equipment to be authenticated is stored, the equipment to be authenticated is permitted to access the network, and the stored network access equipment information can be perfected.
In some examples, the network access authentication method further comprises: an authentication log of the device to be authenticated is stored.
By storing the authentication log of the equipment to be authenticated, on one hand, the authentication process of the equipment to be authenticated can be monitored, the authentication process can be traced back conveniently when the abnormality occurs, and the reason of the abnormality can be confirmed conveniently; on the other hand, when authentication fails, the reason that the equipment to be authenticated cannot access the network is conveniently known.
In some examples, the network access authentication method further comprises: storing network information of the equipment to be authenticated under the condition that the equipment to be authenticated is accessed to a network; wherein the network information includes: network start time, network end time, current status information, and device type information.
The network information of each network access equipment is convenient to count by storing the network information of the equipment to be authenticated.
In some examples, the network access authentication method further comprises: performing physical location division on a network coverage area, and constructing a device storage location frame, wherein the device storage location frame comprises a plurality of device points; identifying all network-accessible equipment information, counting the network-accessible equipment information, and acquiring physical position information of each network-accessible equipment; based on the physical location information of each network-accessible device, the network-accessible device is stored within the corresponding device point.
By dividing the physical positions of the network coverage areas and constructing an equipment storage position frame, all the network-accessible equipment can be stored in the corresponding equipment points, and all the network-accessible equipment can be divided based on the actual physical positions, so that network access of the network-accessible equipment is facilitated, meanwhile, when the network-accessible equipment sends an abnormality, the area where the abnormal network-accessible equipment belongs is conveniently determined as soon as possible, and maintenance can be performed as soon as possible.
In some examples, the step of counting the network-accessible device information, and obtaining physical location information for each network-accessible device includes:
sending out physical location query information to network access equipment;
controlling the network access equipment to start an image acquisition device, and acquiring image information of the circumference side of the network access equipment through the image acquisition device;
and analyzing the image information to obtain the physical position information of the network access equipment.
In some examples, the step of counting the network-accessible device information, and obtaining physical location information for each network-accessible device includes:
sending out physical location query information to network access equipment;
controlling the network access equipment to start an image acquisition device, and acquiring image information of a user on the periphery of the network access equipment through the image acquisition device;
analyzing the image information of the user to obtain the network-accessible personnel information of the user;
and determining the physical position information of the network-accessible equipment based on the department to which the network-accessible personnel information belongs.
The image acquisition device is controlled to be started by the network access equipment, so that the circumference measurement of the network access equipment or the image of a user is acquired, the physical position information of the network access equipment can be accurately known, and the network access equipment can be positioned more accurately.
As shown in fig. 2, according to a second aspect of the embodiments of the present application, there is provided a network access authentication system, including:
a user management module 201, configured to store accessible network personnel information;
a device management module 202, configured to store network-accessible device information that matches the personnel information;
a receiving module 203, configured to receive a network access request of a device to be authenticated;
the authentication management module 204 is configured to allow the device to be authenticated to access the network if the device to be authenticated matches the stored network-accessible device information.
According to the network access authentication system provided by the embodiment of the application, the user management module 201 and the device management module 202 are used for storing the network accessible personnel information and the network accessible device information matched with the network accessible personnel information, and when the receiving module 203 receives a network access request of the device to be authenticated, the authentication management module 304 allows the device to be authenticated to access the network under the condition that the device to be authenticated is matched with the network accessible information. On the one hand, only the equipment to be authenticated which stores the network access equipment information can be accessed to the network, so that the access of the external equipment which is not stored and recorded to the network is avoided, the leakage of the network information can be avoided, and meanwhile, the attack probability of a network system is reduced; on the other hand, the network access equipment information is matched with the personnel information, so that the personnel information and the network access equipment have a binding relationship, each network access equipment can be provided with a responsible person, and the network access equipment can be managed and supervised conveniently.
As shown in fig. 3, according to a third aspect of an embodiment of the present application, there is provided an electronic device, including: the network access authentication method comprises a memory 301, a processor 302 and a computer program stored in the memory 301 and executable on the processor 302, wherein the processor 302 is configured to implement the steps of the network access authentication method according to any of the above technical solutions when executing the computer program stored in the memory 301.
In the electronic device provided in this embodiment, the processor 302 is configured to implement the steps of the network access authentication method according to any of the above-described aspects when executing the computer program stored in the memory 301, so that the electronic device has all the advantageous effects of the network access authentication method.
As shown in fig. 4, a fourth aspect according to an embodiment of the present application provides a computer-readable storage medium having stored thereon a computer program 401, which when executed by a processor, implements the steps of the network access authentication method of any of the above technical aspects.
The computer readable storage medium provided in this embodiment implements the steps of the network access authentication method according to any of the above-described aspects when the computer program 401 is executed by a processor, and thus has all the advantageous effects of the network access authentication method.
In the description of the present invention, the term "plurality" means two or more, unless explicitly defined otherwise, the orientation or positional relationship indicated by the terms "upper", "lower", etc. are based on the orientation or positional relationship shown in the drawings, merely for convenience of description of the present invention and to simplify the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be construed as limiting the present invention; the terms "coupled," "mounted," "secured," and the like are to be construed broadly, and may be fixedly coupled, detachably coupled, or integrally connected, for example; can be directly connected or indirectly connected through an intermediate medium. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
In the description of the present invention, the terms "one embodiment," "some embodiments," "particular embodiments," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In the present invention, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A network access authentication method, comprising:
storing the accessible network personnel information;
wherein the step of storing the accessible network personnel information comprises:
constructing a department frame, wherein the department frame comprises a plurality of departments;
storing the network-accessible personnel information in a department corresponding to the network-accessible personnel information;
wherein the network accessible personnel information includes: person name, contact and first status information;
storing network access equipment information matched with the personnel information;
wherein the step of storing network accessible device information matched with the personnel information comprises:
judging the equipment type of the network access equipment;
if the equipment type of the network access equipment is determined to be the terminal equipment, storing the terminal equipment information matched with the personnel information;
if the equipment type of the network access equipment is determined to be network equipment, storing network equipment information matched with the personnel information;
wherein the terminal equipment information includes: MAC address, terminal type, deadline information, and second state information;
wherein the network device information includes: IP address, network device type, key information, and third state information;
receiving a network access request of equipment to be authenticated;
allowing the equipment to be authenticated to access a network under the condition that the equipment to be authenticated is matched with the stored network access equipment information;
wherein the network-accessible device information includes physical location information of the network-accessible device,
the step of obtaining the physical location information of each network access equipment comprises the following steps:
sending out physical location query information to the network access equipment;
controlling the network access equipment to acquire image information of a user on the periphery of the network access equipment;
acquiring the network accessible personnel information of the network accessible equipment according to the image information of the user;
the physical location information of the network-accessible device is determined based on the network-accessible personnel information and the department architecture.
2. The network access authentication method of claim 1, further comprising:
allowing storage of network access equipment information matched with the network access personnel information under the condition that the first state information is in an enabling state, wherein the enabling state is executed after receiving a starting state instruction;
and under the condition that the first state information is in a forbidden state, storing the network access equipment information matched with the network access personnel information is not allowed, wherein the forbidden state is executed after receiving a forbidden state instruction.
3. The network access authentication method according to claim 1, wherein the step of allowing the device to be authenticated to access the network in the case where the device to be authenticated matches the stored network-accessible device information comprises:
allowing the equipment to be authenticated to access a network under the condition that the MAC address of the equipment to be authenticated is matched with the terminal equipment information and the second state information of the terminal equipment information matched with the equipment to be authenticated is in an enabling state;
and allowing the equipment to be authenticated to access a network under the condition that the verification key of the equipment to be authenticated is matched with the key information of the network equipment, the network equipment is matched with the network equipment information and the third state information of the network equipment information is enabled.
4. The network access authentication method of claim 1, further comprising:
verifying whether the equipment to be authenticated is network-accessible equipment or not under the condition that the equipment to be authenticated is not matched with the stored network-accessible equipment information;
storing network access equipment information of the equipment to be authenticated under the condition that the equipment to be authenticated is network access equipment, and allowing the equipment to be authenticated to access a network; and/or
Storing an authentication log of the device to be authenticated; and/or
Storing network information of the equipment to be authenticated under the condition that the equipment to be authenticated is accessed to a network;
wherein the network information includes: network start time, network end time, current status information, and device type information.
5. The network access authentication method of claim 1, further comprising:
performing physical location division on a network coverage area, and constructing an equipment storage location frame, wherein the equipment storage location frame comprises a plurality of equipment points;
identifying all network-accessible equipment information, and counting the network-accessible equipment information to acquire physical position information of each network-accessible equipment;
based on the physical location information of each network-accessible device, the network-accessible device is stored within the corresponding device point.
6. A network access authentication system, comprising:
the user management module is used for storing the network-accessible personnel information;
the equipment management module is used for storing network access equipment information matched with the personnel information;
wherein the step of storing the accessible network personnel information comprises:
constructing a department frame, wherein the department frame comprises a plurality of departments;
storing the network-accessible personnel information in a department corresponding to the network-accessible personnel information;
wherein the network accessible personnel information includes: person name, contact and first status information;
the receiving module is used for receiving a network access request of equipment to be authenticated;
wherein the step of storing the accessible network personnel information comprises:
constructing a department frame, wherein the department frame comprises a plurality of departments;
storing the network-accessible personnel information in a department corresponding to the network-accessible personnel information;
wherein the network accessible personnel information includes: person name, contact and first status information;
the authentication management module is used for allowing the equipment to be authenticated to access a network under the condition that the equipment to be authenticated is matched with the stored network access equipment information;
the location obtaining module is configured to obtain physical location information of each network-accessible device, and includes:
sending out physical location query information to the network access equipment;
controlling the network access equipment to acquire image information of a user on the periphery of the network access equipment;
acquiring the network accessible personnel information of the network accessible equipment according to the image information of the user;
the physical location information of the network-accessible device is determined based on the network-accessible personnel information and the department architecture.
7. An electronic device, comprising: memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor is adapted to implement the steps of the network access authentication method according to any of claims 1-5 when executing the computer program stored in the memory.
8. A computer readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, implements the steps of the network access authentication method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110464362.6A CN113163404B (en) | 2021-04-28 | 2021-04-28 | Network access authentication method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110464362.6A CN113163404B (en) | 2021-04-28 | 2021-04-28 | Network access authentication method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113163404A CN113163404A (en) | 2021-07-23 |
| CN113163404B true CN113163404B (en) | 2023-04-28 |
Family
ID=76871640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110464362.6A Active CN113163404B (en) | 2021-04-28 | 2021-04-28 | Network access authentication method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113163404B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
| CN105208560A (en) * | 2015-09-15 | 2015-12-30 | 新浪网技术(中国)有限公司 | WiFi certification-free log-in method, device and system |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
| CN107302543A (en) * | 2017-08-02 | 2017-10-27 | 福建星瑞格软件有限公司 | A kind of wireless LAN safety access management method and device |
| CN107547565A (en) * | 2017-09-28 | 2018-01-05 | 新华三技术有限公司 | A kind of network access verifying method and device |
| CN110177015A (en) * | 2019-05-24 | 2019-08-27 | 杭州迪普科技股份有限公司 | A kind of method and device of management terminal access network |
| CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
| CN111711631A (en) * | 2020-06-17 | 2020-09-25 | 北京字节跳动网络技术有限公司 | Network access control method, device, equipment and storage medium |
| CN111818034A (en) * | 2020-06-30 | 2020-10-23 | 中国工商银行股份有限公司 | Network access control method, device, electronic equipment and medium |
| CN111866881A (en) * | 2020-08-12 | 2020-10-30 | 腾讯科技(深圳)有限公司 | Wireless local area network authentication method and wireless local area network connection method |
-
2021
- 2021-04-28 CN CN202110464362.6A patent/CN113163404B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
| CN105208560A (en) * | 2015-09-15 | 2015-12-30 | 新浪网技术(中国)有限公司 | WiFi certification-free log-in method, device and system |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
| CN107302543A (en) * | 2017-08-02 | 2017-10-27 | 福建星瑞格软件有限公司 | A kind of wireless LAN safety access management method and device |
| CN107547565A (en) * | 2017-09-28 | 2018-01-05 | 新华三技术有限公司 | A kind of network access verifying method and device |
| CN110177015A (en) * | 2019-05-24 | 2019-08-27 | 杭州迪普科技股份有限公司 | A kind of method and device of management terminal access network |
| CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
| CN111711631A (en) * | 2020-06-17 | 2020-09-25 | 北京字节跳动网络技术有限公司 | Network access control method, device, equipment and storage medium |
| CN111818034A (en) * | 2020-06-30 | 2020-10-23 | 中国工商银行股份有限公司 | Network access control method, device, electronic equipment and medium |
| CN111866881A (en) * | 2020-08-12 | 2020-10-30 | 腾讯科技(深圳)有限公司 | Wireless local area network authentication method and wireless local area network connection method |
Non-Patent Citations (7)
| Title |
|---|
| 叶水勇.基于网络接入认证对终端设备的管控研究.《电力信息与通信技术》.2018,(第05期), * |
| 张洪莉.大型水电厂WiFi认证系统的开发及应用.《红水河》.2020,(第04期), * |
| 杨永兴.网络准入系统在供电企业的应用研究.《信息通信》.2017,(第01期), * |
| 毛大彬.企业内部网络接入安全控制.《计算机光盘软件与应用》.2014,(第21期), * |
| 金飞等.企业无线网络解决方案与实施的探讨――以嘉兴欣创科技有限公司为例.《现代信息科技》.2017,(第01期), * |
| 高波等.企业WLAN无线宽带网络共享方案探索.《电信科学》.2009, * |
| 黄懿.浅析零信任安全模型在水电集控管理信息大区网络安全中的应用.《红水河》.2019,(第06期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113163404A (en) | 2021-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9769655B2 (en) | Sharing security keys with headless devices | |
| EP1760945A2 (en) | Wireless LAN security system and method | |
| CN106789986B (en) | Monitoring equipment authentication method and device | |
| EP2579220A1 (en) | Entrance guard control method and system thereof | |
| US20070066280A1 (en) | Connection management system, method and program | |
| EP1950931A1 (en) | Devices, system and method for distributing and synchronizing service data | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN104125567A (en) | Femto and authentication method and authentication device for access of femto to network side | |
| US20120225641A1 (en) | Method, device and system for updating security algorithm of mobile terminal | |
| KR102229345B1 (en) | Time and attendance management system server capable of performing time and attendance management based on wireless ap access information and operating method thereof | |
| CN111614686A (en) | Key management method, controller and system | |
| CN111770087A (en) | Service node verification method and related equipment | |
| US20150181423A1 (en) | Method and System for Encrypting Terminal Using Subscriber Identity Module Card | |
| CN113163404B (en) | Network access authentication method and related equipment | |
| CN110611913B (en) | Wireless network access method, system management platform and access system for nuclear power plant | |
| CN113922975B (en) | Security control method, server, terminal, system and storage medium | |
| CN109756899B (en) | Network connection method, device, computer equipment and storage medium | |
| CN102801728A (en) | Management method and system for automatic login of client side | |
| CN114338132B (en) | Secret-free login method, client application, operator server and electronic equipment | |
| KR100250976B1 (en) | Detection and managment method of terminal copying in wireless communication service | |
| CN104540183A (en) | Control method and control device for wireless hotspots | |
| CN113704061A (en) | Secret-related computer protection system | |
| KR101365889B1 (en) | Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof | |
| CN114501441A (en) | User authentication method and device | |
| CN112669490A (en) | Emergency unlocking method, terminal equipment, server and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230919 Address after: 562400 Tianyi Power Plant Production Dispatch Building, Middle Section of Jufeng Road, Jushan Street, Xingyi City, Qianxinan Buyi and Miao Autonomous Prefecture, Guizhou Province Patentee after: HYDROELECTRIC POWER GENERATION FACTORY, TIANSHENGQIAO FIRST-STAGE HYDROPOWER DEVELOPMENT Co.,Ltd. Patentee after: TIANSHENGQIAO HYDROPOWER GENERATION Co.,Ltd. Address before: 562400 No.1 Beijing Road, Xingyi City, Qianxinan Buyi and Miao Autonomous Prefecture, Guizhou Province Patentee before: HYDROELECTRIC POWER GENERATION FACTORY, TIANSHENGQIAO FIRST-STAGE HYDROPOWER DEVELOPMENT Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20210723 Assignee: Chengdu Full Code Technology Co.,Ltd. Assignor: HYDROELECTRIC POWER GENERATION FACTORY, TIANSHENGQIAO FIRST-STAGE HYDROPOWER DEVELOPMENT Co.,Ltd.|TIANSHENGQIAO HYDROPOWER GENERATION Co.,Ltd. Contract record no.: X2024980006020 Denomination of invention: Network access authentication methods and related equipment Granted publication date: 20230428 License type: Common License Record date: 20240523 |