CN113765842B - Network on-line management system for information device - Google Patents

Network on-line management system for information device Download PDF

Info

Publication number
CN113765842B
CN113765842B CN202010483810.2A CN202010483810A CN113765842B CN 113765842 B CN113765842 B CN 113765842B CN 202010483810 A CN202010483810 A CN 202010483810A CN 113765842 B CN113765842 B CN 113765842B
Authority
CN
China
Prior art keywords
mac address
data
identification data
list
website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010483810.2A
Other languages
Chinese (zh)
Other versions
CN113765842A (en
Inventor
李坤荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taizhong Computer Co ltd
Original Assignee
Taizhong Computer Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taizhong Computer Co ltd filed Critical Taizhong Computer Co ltd
Priority to CN202010483810.2A priority Critical patent/CN113765842B/en
Publication of CN113765842A publication Critical patent/CN113765842A/en
Application granted granted Critical
Publication of CN113765842B publication Critical patent/CN113765842B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a network online management system of an information device, comprising: more than one information device, a network point data verification device and a network point online management device. The information device is a network point, the network point adopts a mobile network card, and the MAC address of the mobile network card and the identification data of the network point are transmitted to the network point data verification device by data return software. The network point data verification device receives the MAC address and the network point identification data acquired by the data reporting software. The network point online management device is connected with the network point data verification device and blocks the network online of the network point according to a comparison result.

Description

Network on-line management system for information device
Technical Field
The present invention relates to an information system, and more particularly, to a network connection management system for an information device.
Background
The existing network connection management system gives the network connection authority to the network node by identifying the IP Address (Internet Protocol Address) or the MAC Address (Media Access Control Address) of the network node, so as to achieve the management of network connection. The network point is an information device to be networked, such as: personal computer, notebook computer, 8230, 8230.
On the other hand, with the development of network technology, the use of USB network cards with hot plug convenience is becoming widespread. Under the premise that the MAC address of the USB network card is identified and authenticated by the network online management system, the user can carry the USB network card and plug in any information device to carry out network online. Therefore, the user can obtain the maximum network on-line degree of freedom and the use convenience of the information device under the management of the network on-line management system.
However, when the USB network card (authenticated by the network connection management system) is pulled from the original information device and plugged into a regulatory information device (e.g., an information device that stores important data and is not allowed to connect to the network in response to the information management policy), the regulatory information device can easily obtain the authority of the network connection management system to connect to the network, thereby causing a doubt in information security. Or, some users falsely use the MAC address of the USB network card (authenticated by the network connection management system) to enable other unregulated information devices to obtain the authority of the network connection management system and connect to the network, thereby causing a vulnerability in network connection management.
Disclosure of Invention
Therefore, an objective of the present invention is to provide a network connection management system for an information device, which ensures that a mobile network card (e.g., a USB network card) authenticated by the network connection management system is used in the same information device, so as to prevent the mobile network card from being plugged into another information device for use when being pulled out from the information device. Moreover, the invention can prevent the MAC address of the mobile network card from being falsely used, so that other information devices can be connected on line under the condition of not being controlled.
The technical means adopted by the invention to solve the problems of the prior art provides a network online management system of an information device, which comprises: more than one information device, each information device is a network node, each network node is provided with data return software comprising Agent data return software and/or WMI data return software, wherein the WMI data return software provides information related to the network node when the network node is online on the premise that the network node is provided with a Windows operating system, the Agent data return software provides the information of the network node in a mode of not limiting the network node to be the Windows operating system, each network node adopts an inserted action network card and transmits the MAC address of the action network card and the identification data of the network node to a network node data verification device by the data return software, and the data reliability of the MAC address acquired by the Agent data return software and the identification data of the network node acquired by the Agent data return software is higher than that of the MAC address acquired by the WMI data return software and the identification data of the network node acquired by the WMI data return software; the website data verifying device is provided with a list management unit, the website data verifying device is in signal connection with the mobile network card to receive the MAC address and the affiliated website identification data acquired by the data reporting software of the website, and/or the website data verifying device scans the website through Nmap network security scanning software to acquire the MAC address and the affiliated website identification data of the website, so as to record the MAC address acquired for the first time and the affiliated website identification data into an information device list, wherein the Nmap network security scanning software is a network security scanning tool for network scanning and network host exploration, the WMI data reporting software acquires the MAC address and the data reliability of the acquired affiliated website identification data, the data reliability of the MAC address and the acquired affiliated website identification data is higher than that of the MAC address acquired by the Nmap network security scanning software and the acquired affiliated identification data, the website list management unit replaces the MAC address with high data reliability with the MAC address and the affiliated website identification data with low data with the MAC address with the data reliability with the website data to obtain the MAC address and the website data comparison result of the website device to compare the MAC address and the current identification data; and the network point online management device is connected with the network point data verification device, blocks the network online of the network point according to the comparison result when the comparison result is not matched, and prevents the network point to be online from falsely using the MAC address to be online when the MAC address in the information device list corresponds to the identification data of the network point to which the MAC address belongs, and allows the network online of the network point when the comparison result is matched.
In an embodiment of the present invention, in a process of collecting the MAC address of the information apparatus and the identification data of the corresponding node by replacing the MAC address of the low data reliability and the identification data of the corresponding node with the MAC address of the high data reliability and the identification data of the corresponding node in the list management unit, the Agent data reporting software or the WMI data reporting software continuously queries the corresponding node, or the Nmap network security scanning software continuously scans the corresponding node to obtain the MAC address and the identification data of the corresponding node, and comparing the MAC address and the identification data of the affiliated website received currently by the website data verifying device with the MAC address and the identification data of the affiliated website in the information device list to check the MAC address of the information device and the identification data of the affiliated website, when the Agent data reporting software acquires the MAC address and the identification data of the affiliated website, the WMI data reporting software skips the execution of inquiring the MAC address and the identification data of the affiliated website, or when the WMI data reporting software acquires the MAC address and the identification data of the affiliated website, the WMI data reporting software skips the scanning of the website by the Nmap network security scanning software.
In an embodiment of the present invention, the network online management system further includes a list confirmation device connected to at least one of the information devices and the site data verification device, the list confirmation device compares the MAC address and the site identification data received currently with the MAC address and the site identification data in the information device list to confirm whether the MAC address and the site identification data received currently are recorded in the information device list, and when it is confirmed that the MAC address and the site identification data received currently are not recorded in the information device list, the list confirmation device transmits the MAC address and the site identification data received currently to a list management unit of the site data verification device, so that the MAC address and the site identification data acquired first can be recorded in the information device list.
In an embodiment of the present invention, a network online management system for an information device further includes a list checking device connected between the list confirmation device and the site data verification device, wherein when the list checking device receives a message from the list confirmation device that "the MAC address and the site identification data are recorded in the information device list", the list checking device further confirms whether a one-to-one correspondence relationship has not been set between the MAC address and the site identification data in the information device list by a list management unit of the site data verification device, and when it confirms that a one-to-one correspondence relationship has not been set between the MAC address and the site identification data in the information device list, sets the MAC address and the site identification data in the information device list as: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship.
In an embodiment of the present invention, a network online management system of an information device further includes a list re-checking device connected between the list checking device and the website data verifying device, wherein when the list re-checking device receives a message from the list checking device that the MAC address and the website identification data in the list of the information device are not yet configured as a one-to-one correspondence, the list re-checking device further confirms by the list management unit of the point data verification device whether the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence, and when it is confirmed that the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence, the list re-checking device transmits the MAC address and the identification data of the node to which the MAC address belongs to the verification device, the website data verifying device discards the currently received MAC address and the affiliated website identification data, or stops the comparison between the currently received MAC address and the affiliated website identification data and the MAC address and the affiliated website identification data in the information device list, or when it is determined that the MAC address and the mesh point id in the information device list are not set and do not need to have a one-to-one correspondence, the list re-checking device transmits the currently received MAC address and the identification data of the affiliated node to the node data verification device, and comparing the MAC address and the identification data of the affiliated node which are currently received with the MAC address and the identification data of the affiliated node in the information device list.
In one embodiment of the present invention, a network connection management system of an information device is provided, wherein the network point identification data includes: the computer name and/or hardware fingerprint value, the hardware fingerprint value is generated by Hash operation of UUID code of the information device, when the computer name of the currently received affiliated website identification data is different from the computer name of the affiliated website identification data in the information device list, the website data verifying device sends out the comparison result of 'computer name is not consistent', when the hardware fingerprint value of the currently received affiliated website identification data is different from the hardware fingerprint value of the affiliated website identification data in the information device list, the website data verifying device sends out the comparison result of 'hardware fingerprint value is not consistent', or when the computer name of the currently received affiliated website identification data and the hardware fingerprint value are different from the computer name and the hardware fingerprint value of the website identification data in the information device list, the website data verifying device sends out the comparison result of 'computer name and hardware fingerprint value are not consistent'.
In an embodiment of the present invention, when the data reporting software cannot acquire the MAC address and the affiliated node identification data and cannot transmit the MAC address and the affiliated node identification data to the node data verifying device, the node data verifying device sends the comparison result that the one-to-one correspondence between the MAC address of the information device and the affiliated node identification data cannot be verified, so as to block the network connection of the information device.
The technical means adopted by the network on-line management system adopting the information device of the invention can obtain the following technical effects. The mobile network card is used for one information device one to one, so that the situation that the mobile network card is pulled out from the information device and is plugged into another information device for use is avoided. In addition, the invention prevents the MAC address of the mobile network card from being falsely used so as to avoid the situation that a malicious person uses the MAC address to log on the network from other information devices in order to avoid the control of the network online management system.
Drawings
FIG. 1 is a block diagram illustrating a network connection management system of an information device according to a first embodiment of the present invention;
FIG. 2 is a block diagram of a network connection management system of an information device according to a second embodiment of the present invention;
FIG. 3 is a block diagram of a network connection management system of an information device according to a third embodiment of the present invention;
FIG. 4 is a block diagram illustrating a network connection management system of an information device according to a fourth embodiment of the present invention;
FIG. 5 is a flowchart illustrating the process of collecting MAC addresses and identification data of the nodes in the network online management system of the information apparatus according to the present invention; and
FIG. 6 is a flow chart showing the process of checking the MAC address and the identification data of the belonging node by the network online management system of the information device according to the present invention.
Reference numerals:
100. network online management system
100A network online management system
100B network online management system
100C network online management system
1A information device
1B information device
1C information device
11A mobile network card
11B mobile network card
11C mobile network card
2. Mesh point data verification device
21. List management unit
2A list confirming device
2B list viewing device
2C list coverage inspection device
3. Network point on-line management device
S1 flow
S1A Process
Procedure of S1B
S1C procedure
S1D procedure
S2 flow
S20 flow
S201A flow
S201B flow
S201C procedure
S202A flow
S202B procedure
S202C procedure
S203B flow
S21A flow
S21B flow
S2A Process
S2B procedure
S2C procedure
S2E flow
S2R procedure
S301 flow
S302 flow
S303 flow
S304 flow
S3R1 flow
S3R2 flow
S3R3 flow
Detailed Description
Embodiments of the present invention will be described below with reference to fig. 1 to 6. The description is not intended to limit the embodiments of the present invention, but is one example of the present invention.
As shown in fig. 1, a network connection management system 100 of an information device according to a first embodiment of the present invention includes: one or more information devices (1A, 1B, 1C), a point data verification device (2), and a point online management device (3). Therefore, the invention can ensure that the mobile network card identified and authenticated by the network online management system 100 can be used for the same information device (1A, 1B, 1C), and avoid the mobile network card from being pulled out from the information device (1A, 1B, 1C) and being plugged into another information device for use; furthermore, the invention can prevent the MAC address of the mobile network card from being falsely used, so that other information devices can be connected on line under the condition that the other information devices are not controlled.
Further, each of the information devices (1A, 1B, or 1C) is a website, and each website is provided with data reporting software including Agent data reporting software and/or WMI (Windows Management Instrumentation) data reporting software. In detail, the WMI data reporting software provides information about the website when the website is online on the premise that the website installs a Windows operating system; and the Agent data reporting software is software developed by the applicant and applied to Terminal (Computer Terminal) equipment, and provides the information of the website in a mode of not limiting the website to be a Windows operating system.
Furthermore, as shown in FIG. 1, each node (i.e., the information device 1A, 1B, or 1C) employs an inserted mobile network card (11A, 11B, 11C, such as a USB network card) and the data reporting software transmits the MAC address of the mobile network card and the identification data of the node to the node data verification device 2. Specifically, according to a preset setting, the data reliability of the MAC address acquired by the Agent data reporting software and the acquired identification data of the affiliated node is higher than the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the affiliated node.
As shown in fig. 1, the mesh point data verification apparatus 2 has a list management unit 21. The website data verifying device 2 is connected to the mobile network card (11A, 11B, 11C) through signals to receive the MAC address and the affiliated website identification data acquired by the data reporting software from the website, and records the MAC address and the affiliated website identification data acquired for the first time into an information device list. Specifically, the list management unit 21 searches the MAC addresses of the nodes described in the information device list based on the MAC address to determine whether the MAC address of the information device (node, 1A, 1B, or 1C) and the node identification data belonging thereto are acquired for the first time.
Furthermore, but not limited to, as shown in fig. 1, the website data verifying device 2 may further scan the website through Nmap (Network Mapper) Network security scanning software to obtain the MAC address of the website and the identification data of the website to which the website belongs, so as to record the first obtained MAC address and the identification data of the website to the information device list, where the Nmap Network security scanning software is a Network security scanning tool for performing Network scanning and Network host (Network host) exploration, and is used by the website data verifying device 2 to obtain the information of the website. Further, according to a preset setting, the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the affiliated node is higher than the data reliability of the MAC address acquired by the Nmap network security scanning software and the acquired identification data of the affiliated node.
As shown in fig. 1, in the process of collecting the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node according to the present invention, the list management unit 21 replaces the MAC address with high data reliability and the identification data of the home node with the MAC address with low data reliability and the identification data of the home node according to the data reliability, so as to update the data of the information device (1A, 1B, or 1C) in the information device list. Specifically, the Agent data reporting software or the WMI data reporting software will continuously query the MAC address of the node and the identification data of the node to which the node belongs, and/or the Nmap network security scanning software continuously scans the node to obtain the MAC address of the node and the identification data of the node to which the node belongs.
In the process of checking the MAC address of the information device (1A, 1B, or 1C) and the identification data of the belonging node, the node data verification device 2 compares the MAC address and the identification data of the belonging node, which are currently received, with the MAC address and the identification data of the belonging node in the information device list to obtain a comparison result. Further, since the data reliability of the Agent data reporting software is higher than that of the WMI data reporting software, when the Agent data reporting software acquires the MAC address of the website and the identification data of the website, the WMI data reporting software skips the query of the MAC address of the website and the execution of the identification data of the website. Or, because the reliability of the data acquired by the WMI data reporting software is higher than that of the Nmap network security scanning software, when the WMI data reporting software acquires the MAC address of the website and the identification data of the website, the WMI data reporting software skips scanning the website by the Nmap network security scanning software.
As shown in fig. 1, the website online management apparatus 3 is connected to the website data verification apparatus 2. The network point online management device 3 blocks the network online of the network point (i.e. the information device 1A, 1B, or 1C) according to the comparison result when the comparison result is not matched, and the MAC address in the information device list and the identification data of the network point to which the MAC address belongs are in a one-to-one correspondence relationship, so as to prevent other network points which want to perform network online from using the MAC address to perform online. Or, when the comparison result is matched, the network connection management device 3 allows the network connection of the network.
In addition, in the present invention, the site data verifying device 2 and the site online management device 3 may be installed in the same equipment (for example, the site data verifying device 2 and the site online management device 3 are installed in the same equipment housing). However, the present invention is not limited thereto, and the website data verifying apparatus 2 and the website online management apparatus 3 may be separately installed in different devices according to the installation requirements of the system.
As shown in fig. 2, the difference between the network connection management system 100A of the information apparatus according to the second embodiment of the present invention and the network connection management system 100 is that, based on the technology of the network connection management system 100, the network connection management system 100A further has a list confirmation apparatus 2A. The list confirmation means 2A is connected to one or more of the information devices (1A, 1B, 1C) and the mesh point data verification means 2. The list confirmation means 2A compares the MAC address and the home node identification data received at present with the MAC address and the home node identification data in the information device list of the node data verification means 2, and confirms whether the MAC address and the home node identification data received at present are already described in the information device list. When the list confirmation apparatus 2A confirms that "the currently received MAC address and the home node identification data are not recorded in the information apparatus list", the currently received MAC address and the home node identification data are transmitted to the list management unit 21 of the node data verification apparatus 2, so that the MAC address and the home node identification data acquired for the first time are recorded in the information apparatus list.
As shown in fig. 3, the difference between the network connection management system 100B and the network connection management system 100A of the information apparatus according to the third embodiment of the present invention is that the network connection management system 100B further has a list viewing apparatus 2B based on the technology of the network connection management system 100A. The list viewing means 2B is connected between the list confirmation means 2A and the dot data verification means 2. When the list check device 2B receives the message that "the MAC address and the home node identification data that are currently received are already described in the information device list" from the list confirmation device 2A, the list check device 2B further confirms whether or not the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one by the list management unit 21 of the node data verification device 2. When the list inspection device 2B confirms that "the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one", the MAC address and the home node identification data in the information device list are set to: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship.
As shown in fig. 4, the difference between the network connection management system 100C and the network connection management system 100B of the information apparatus according to the fourth embodiment of the present invention is that the network connection management system 100C further has a list re-check device 2C based on the technology of the network connection management system 100B. The list review device 2C is connected between the list inspection device 2B and the dot data verification device 2. When the list re-check device 2C receives the message that "the correspondence between the MAC address and the home node identification data in the information device list is not yet set as one-to-one correspondence" from the list check device 2B, the list re-check device 2C further confirms whether the correspondence between the MAC address and the home node identification data in the information device list is set without having one-to-one correspondence by the list management unit 21 of the node data verification device 2. When it is determined that "the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence", the list re-inspection device 2C transmits the currently received MAC address and the home node identification data to the node data verification device 2, and the node data verification device 2 discards the data of "the currently received MAC address and the home node identification data", or stops the comparison between "the currently received MAC address and the home node identification data", and "the MAC address and the home node identification data" in the information device list ". Conversely, if the list rechecking device 2C confirms that "the MAC address and the home node identification data in the information device list are not set and do not need to have a one-to-one correspondence", the MAC address and the home node identification data received currently are transmitted to the node data verification device 2, and the node data verification device 2 compares "the MAC address and the home node identification data received currently, and the MAC address and the home node identification data in the information device list".
Specifically, in the network connection management system (100, 100A, 100B, 100C) of the information apparatus according to the embodiment of the present invention, the mesh point identification data includes: a computer name, and/or a hardware fingerprint value (i.e., a computer name, and/or a hardware fingerprint value of each of the information devices 1A, 1B, or 1C). The hardware fingerprint value is generated by Hashing the UUID code of the information device (1A, 1B, 1C).
Further, the network online management system (100, 100A, 100B, or 100C) of the information apparatus according to the embodiment of the present invention performs a work flow of "collecting the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the home node" and a work flow of "checking the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the home node" in synchronization. For this reason, the two operation flows are described in detail as follows.
As shown in fig. 5, the "collecting the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the corresponding node" process of the network online management system (100, 100A, 100B, or 100C) of the information apparatus according to the embodiment of the present invention includes the following processes.
As shown in fig. 5, in the process S1A, the Agent data reporting software provides information related to the website; in process S1B, the WMI data report software provides information about the website. In the process S1C, the website data verifying apparatus 2 uses the Nmap network security scanning software to obtain the information of the website.
As shown in fig. 5, in a process S2A, the network connection management system (100, 100A, 100B, or 100C) uses the list confirmation device 2A to confirm whether the MAC address and the website identification data currently received or scanned are recorded in the information device list. And if the currently received MAC address and the identification data of the network node are not recorded in the information device list, the first acquired MAC address and the identification data of the affiliated node are recorded in the information device list in step S21A. On the contrary, if the MAC address and the home node identification data received currently are already recorded in the information device list, then in the process S2E, the list inspection device 2B and the list coverage inspection device 2C further determine whether there is a one-to-one correspondence relationship between the MAC address and the home node identification data in the information device list.
As shown in fig. 5, if the MAC address and the identification data of the affiliated node in the information device list are in one-to-one correspondence, the network connection management system (100, 100A, 100B, or 100C) ends the process of collecting the MAC address of the information device (1A, 1B, or 1C) and the identification data of the affiliated node. On the contrary, if the MAC address and the affiliated site identification data in the information device list do not correspond to each other one to one, the data reliability of the data reporting software or the network security scanning software for acquiring the currently received MAC address and the affiliated site identification data is checked by the site data verifying device 2 in the process S1D to see whether the data reliability is higher than the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the affiliated site identification data recorded in the information device list.
As shown in fig. 5, in the process S1D, when the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data currently received is not higher than the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data recorded in the information device list, the Agent data reporting software and the WMI data reporting software continuously query the website, or the Nmap network security scanning software continuously scans the website (thereby acquiring the MAC address and the corresponding website identification data of the website).
On the contrary, as shown in fig. 5, if the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the affiliated node identification data currently received is higher than the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the affiliated node identification data recorded in the information device list, the list management unit 21 replaces the MAC address and the affiliated node identification data acquired by the data reporting software or the network security scanning software with the data reliability in the process S20. For example: the MAC address and the affiliated website identification data which are acquired by the Agent data reporting software at present are used for replacing the MAC address and the affiliated website identification data of the WMI data reporting software on the information device list; or the MAC address and the associated site identification data "currently acquired by the WMI data reporting software" are used to replace the MAC address and the associated site identification data "acquired by the Nmap network security scanning software on the information device list". And the Agent data reporting software, the WMI data reporting software or the Nmap network security scanning software continuously collects the MAC address of the website and the identification data of the website.
As shown in fig. 6, "checking the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the node to which the MAC address belongs" of the network online management system (100, 100A, 100B, or 100C) of the information apparatus according to the embodiment of the present invention includes the following processes.
As shown in fig. 6, in a flow S1, each of the information apparatuses (1A, 1B, or 1C) prepares to perform network connection.
As shown in fig. 6, the flow S2A is executed by the list confirmation means 2A to confirm whether the MAC address and the home node identification data of the information device (1A, 1B, or 1C) currently received are already recorded in the information device list. If the currently received MAC address and the identification data of the node to which the MAC address belongs are not recorded in the information device list, in step S21A, the MAC address and the identification data of the node to which the MAC address belong are recorded in the information device list. On the contrary, if the MAC address and the home node identification data received currently are already recorded in the information device list, then in the process S2B, the list inspection device 2B confirms "whether the correspondence between the MAC address and the home node identification data in the information device list is not set to be one-to-one" yet ".
Next, as shown in fig. 6, if the MAC address and the home node identification data in the information device list are not set to have a one-to-one correspondence, the MAC address and the home node identification data in the information device list are set to: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship. On the contrary, if the MAC address and the home node identification data in the information device list are not yet set to have a one-to-one correspondence, the list rechecking device 2C confirms whether the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence in the process S2C.
As shown in fig. 6, if it is determined that the MAC address and the home node identification data in the information device list are set and do not need to have a one-to-one correspondence, the node data verification device 2 discards the currently received MAC address and the home node identification data, or stops the comparison between the currently received MAC address and the home node identification data, and the MAC address and the home node identification data in the information device list. Alternatively, if it is determined that the MAC address and the home node identification data in the information device list are not set and do not need to have a one-to-one correspondence, the node data verification device 2 continues the "one-to-one correspondence between the MAC address and the home node identification data in the information device list" determination operation in the process S2.
As shown in fig. 6, the process S201A queries the Agent data reporting software for information about the website. In the process S202A, the website data verifying device 2 determines whether the Agent data reporting software successfully inquires about the website information. If the Agent data reporting software successfully provides the information about the website, a comparison between the currently received MAC address and the website identification data and the MAC address and the website identification data in the information device list is performed in a process S2R. Further, when the Agent data reporting software acquires the MAC address of the node and the identification data of the node, the WMI data reporting software skips the execution of querying the MAC address of the node and the identification data of the node, wherein the data reliability of the MAC address acquired by the Agent data reporting software and the data reliability of the identification data of the node acquired by the Agent data reporting software are higher than the data reliability of the MAC address acquired by the WMI data reporting software and the data reliability of the identification data of the node acquired by the Agent data reporting software.
As shown in fig. 6, if the Agent data reporting software does not successfully provide information about the website, the WMI data reporting software queries the website for information in a process S201B. In step S202B, the website data verifying device 2 determines whether the WMI data report software successfully inquires information about the website. If the WMI data reporting software successfully provides the information about the node, a comparison between "the MAC address and the identification data of the node currently received" and "the MAC address and the identification data of the node in the information device list" is performed in a process S2R. Specifically, when the WMI data reporting software acquires the MAC address of the node and the identification data of the node, scanning the node by using the Nmap network security scanning software is skipped, wherein the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the node is higher than the data reliability of the MAC address acquired by the Nmap network security scanning software and the acquired identification data of the node.
On the contrary, as shown in fig. 6, if the WMI data reporting software does not successfully provide the information about the website, in the process S203B, the website data verification apparatus 2 further confirms whether the MAC address and the website identification data in the information device list form a one-to-one correspondence relationship by "the MAC address of the information device and the computer name of the website identification data".
As shown in fig. 6, when the MAC address and the affiliated node identification data in the information device list form a one-to-one correspondence relationship by "the MAC address and the computer name of the affiliated node identification data", in a process S201C, the Nmap network security scanning software of the node data verification device 2 scans information related to the node. On the contrary, if the MAC address and the home node identification data in the information device list do not form a one-to-one correspondence relationship with the "MAC address and the computer name of the home node identification data", the process S304 sends the comparison result that the one-to-one correspondence relationship between the MAC address of the information device and the home node identification data cannot be verified (for example, the network connection of the information device 1A, 1B, or 1C is blocked by sending the comparison result from the node data verification device 2). That is, in the case where the Agent data reporting software and the WMI data reporting software cannot successfully provide information about the website, and the MAC address and the website identification data in the information device list do not form a one-to-one correspondence with the MAC address and the computer name of the website identification data, the network connection management system (100, 100A, 100B, or 100C) of the present invention issues the comparison result that the one-to-one correspondence between the MAC address of the information device and the website identification data cannot be verified.
In the process S202C, the website data verifying device 2 confirms whether the Nmap network security scanning software successfully obtains the information about the website. If the Nmap network security scanning software successfully obtains the information about the node (i.e., the MAC address and the computer name of the affiliated node identification data), a comparison between "the MAC address and the affiliated node identification data currently received" and "the MAC address and the affiliated node identification data in the information device list" is performed in a process S2R. On the contrary, if the Nmap network security scanning software cannot successfully acquire the information about the node, the process S304 sends the comparison result that "the one-to-one correspondence between the MAC address of the information apparatus and the identification data of the node to which the MAC address belongs cannot be verified". In other words, when the Nmap network security scanning software cannot acquire the MAC address and the computer name of the home node identification data, the MAC address of the information device (1A, 1B, or 1C) and the computer name of the home node identification data cannot be transmitted to the node data verification device 2, so that the node data verification device 2 cannot verify the one-to-one correspondence between the MAC address of the information device and the home node identification data.
Further, as shown in fig. 6, in a process S2R, a comparison between the MAC address and the home node identification data currently received and the MAC address and the home node identification data in the information device list is performed. In other words, according to the currently received MAC address of the information device, the present invention can find the information device having the same MAC address in the information device list, and compare the currently received home node identification data with the home node identification data in the information device list.
In addition, in the process S301, the present invention further determines whether "the computer name and the hardware fingerprint value of the currently received affiliated website identification data" are different from "the computer name and the hardware fingerprint value of the affiliated website identification data in the information device list". When "the computer name and the hardware fingerprint value of the currently received belonging site identification data" are different from "the computer name and the hardware fingerprint value of the belonging site identification data in the information device list", the comparison result of "the computer name and the hardware fingerprint value are not identical" is issued in the flow S3R1 (that is, the comparison result is issued by the site data verification device 2).
As shown in fig. 6, if it is determined in step S301 that "the computer name and the hardware fingerprint value of the currently received belonging dot identification data" are not different from "the computer name and the hardware fingerprint value of the belonging dot identification data in the information device list", it is further determined in step S302 whether "the hardware fingerprint value of the currently received belonging dot identification data" is different from "the hardware fingerprint value of the belonging dot identification data in the information device list". When the hardware fingerprint value of the currently received affiliated node identification data is different from the hardware fingerprint value of the affiliated node identification data in the information device list, the process S3R2 issues the comparison result of "hardware fingerprint value is not matched" (i.e., the node data verification device 2 issues the comparison result).
As shown in fig. 6, if it is confirmed in the process S303 that "the computer name of the currently received home site identification data" is different from "the computer name of the home site identification data in the information device list", the comparison result of "the computer name is not matched" is issued in the process S3R3 (that is, the comparison result is issued by the dot data verification device 2). Conversely, if the "computer name of the currently received home node identification data" is not different from the "computer name of the home node identification data in the information device list", the flow of "checking the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node" is terminated.
As described above, the network connection management system (100, 100A, 100B, 100C) of the information apparatus of the present invention receives the Agent data reporting software and/or the WMI data reporting software through the website data verifying device 2, or the website data verifying device 2 scans the website through the Nmap network security scanning software to obtain the MAC address and the affiliated website identification data of each information apparatus (1A, 1B, 1C), compares the MAC address and the affiliated website identification data received currently with the MAC address and the affiliated website identification data in the information apparatus list, and blocks the network connection of the website with the connection management device 3 when the comparison result is not matched. Thus, the invention can ensure that the mobile network cards (11A, 11B, 11C) are used in one information device (1A, 1B, 1C) in a one-to-one manner, so as to avoid the situation that the mobile network cards (11A, 11B, or 11C) are plugged into another information device (1A, 1B, or 1C) for use after being pulled out from the information device (1A, 1B, or 1C).
And the network online management system (100, 100A, 100B, 100C) of the information device sends the comparison result when the computer name and the hardware fingerprint value are not consistent, the hardware fingerprint value is not consistent, or the computer name is not consistent through the comparison between the MAC address and the computer name and/or the hardware fingerprint value of the identification data of the affiliated website which are currently received and the computer name and/or the hardware fingerprint value of the identification data of the affiliated website in the information device list, so as to block the network online of the website. Therefore, the invention can prevent the MAC address of the mobile network card (11A, 11B or 11C) from being falsely used, so as to avoid the situation that a person with worry uses the MAC address to log on the network from other information devices in order to avoid the control of the network online management system.
While the foregoing description and description are of the preferred embodiment of the present invention, other modifications will be apparent to those skilled in the art from this description and it is intended that all such modifications be included within the spirit and scope of the present invention.

Claims (7)

1. A network online management system of an information device, comprising:
the network site data reporting software is used for providing information related to the network site when the network site is online on the premise that the network site is provided with a Windows operating system, the Agent data reporting software is used for providing the information of the network site in a mode that the network site is not limited to be a Windows operating system, each network site adopts an inserted action network card and transmits an MAC address of the action network card and identification data of the network site to a network site data verification device through the data reporting software, and the data reliability of the MAC address acquired by the Agent data reporting software and the acquired identification data of the network site is higher than that of the MAC address acquired by the WMI data reporting software and the acquired identification data of the network site;
the website data verifying device is provided with a list management unit, the website data verifying device is in signal connection with the action network card to receive the MAC address and the affiliated website identification data acquired by the data reporting software from the website, and/or the website data verifying device acquires the MAC address and the affiliated website identification data of the website by scanning the website through Nmap network security scanning software, so as to record the MAC address and the affiliated website identification data acquired for the first time into an information device list, wherein the Nmap network security scanning software is a network security scanning tool for network scanning and network host exploration, the data reliability of the MAC address and the acquired affiliated website identification data acquired by the MAC I data reporting software is higher than that of the MAC address and the acquired affiliated website identification data acquired by the Nmap network security scanning software, and the list management unit compares the MAC address and the affiliated website identification data acquired by the MAC address verifying device with high data reliability with the MAC address and the MAC address acquired by the MAC address and the affiliated website identification data acquired by the WMI data reporting software with the data reliability to obtain the MAC address and the affiliated website identification data which are compared with the MAC address and the MAC identification data acquired by the MAC address and the website identification data acquired by the WMI data reporting software; and
the network point online management device is connected with the network point data verification device and blocks the network online of the network point when the comparison result is not accordant according to the comparison result, and the MAC address in the information device list and the affiliated network point identification data have one-to-one corresponding relation so as to prevent the network point to be subjected to network online from being online by using the MAC address, and the network point to be subjected to network online is allowed to be online when the comparison result is accordant.
2. The system of claim 1, wherein in the process of collecting the MAC address of the information device and the identification data of the associated website by replacing the MAC address with low data reliability and the identification data of the associated website with the MAC address with high data reliability and the identification data of the associated website, the Agent data reporting software or the WMI data reporting software will continuously inquire about the website, or the Nmap network security scanning software continuously scans the website to obtain the MAC address and the identification data of the associated website, and the list management unit further obtains the MAC address and the identification data of the associated website by replacing the MAC address with low data reliability and the identification data of the associated website with the MAC address with the identification data of the associated website
Comparing the MAC address and the identification data of the affiliated website received currently by the website data verifying device with the MAC address and the identification data of the affiliated website in the information device list to check the MAC address of the information device and the identification data of the affiliated website, when the Agent data reporting software acquires the MAC address of the website and the identification data of the affiliated website, the WMI data reporting software skips the execution of inquiring the MAC address of the website and the identification data of the affiliated website, or when the WMI data reporting software acquires the MAC address of the website and the identification data of the affiliated website, skips the scanning of the website by the Nmap network security scanning software.
3. The system of claim 1, further comprising a list confirmation unit connected to at least one of the information devices and the point data verification device, wherein the list confirmation unit compares the MAC address and the point identification data received currently with the MAC address and the point identification data in the information device list to confirm whether the MAC address and the point identification data received currently are recorded in the information device list, and when it is confirmed that the MAC address and the point identification data received currently are not recorded in the information device list, transmits the MAC address and the point identification data received currently to a list management unit of the point data verification device, so that the MAC address and the point identification data acquired first are recorded in the information device list.
4. The system according to claim 3, further comprising a list check device connected between said list check device and said dot data verifier, wherein when said list check device receives a message from said list check device that said MAC address and said dot data are recorded in said information device list, said list check device further determines whether said MAC address and said dot data in said information device list are not in a one-to-one correspondence by a list management unit of said dot data verifier, and when said MAC address and said dot data in said information device list are not in a one-to-one correspondence, said MAC address and said dot data in said information device list are set to: the one-to-one correspondence relationship does not need to be one-to-one correspondence relationship, or the MAC addresses of the nodes in the information device list and the identification data of the nodes are not set to one-to-one correspondence relationship.
5. The system of claim 4, further comprising a list re-check device connected between said list check device and said point-of-presence verification device, wherein when said list re-check device receives a message from said list check device that said MAC address and said point-of-presence identification data in said list of information devices are not yet set to have a one-to-one correspondence, said list re-check device further confirms by said list management unit of said point-of-presence verification device whether said MAC address and said point-of-presence identification data in said list of information devices are set without having a one-to-one correspondence,
when the MAC address and the affiliated node identification data in the information device list are confirmed to be set without one-to-one correspondence, the list rechecking device transmits the currently received MAC address and the affiliated node identification data to the node data verifying device, and the node data verifying device abandons the currently received MAC address and the affiliated node identification data or stops the comparison between the currently received MAC address and the affiliated node identification data and the MAC address and the affiliated node identification data in the information device list, or
When the MAC address and the home node identification data in the information device list are determined not to be set and do not need to have a one-to-one correspondence, the list re-inspection device transmits the currently received MAC address and the home node identification data to the node data verification device, and performs a comparison between the currently received MAC address and the home node identification data, and the MAC address and the home node identification data in the information device list.
6. The system according to claim 1, wherein the site identification data comprises: a computer name, and/or a hardware fingerprint value generated by hashing the UUID code of the information device,
when the computer name of the currently received affiliated network point identification data is different from the computer name of the affiliated network point identification data in the information device list, the network point data verification device sends out the comparison result of 'computer name is not matched',
when the hardware fingerprint value of the currently received affiliated network point identification data is different from the hardware fingerprint value of the affiliated network point identification data in the information device list, the network point data verification device sends out the comparison result of 'hardware fingerprint value is not met', or
When the computer name and the hardware fingerprint value of the currently received affiliated website identification data are different from the computer name and the hardware fingerprint value of the affiliated website identification data in the information device list, the website data verification device sends out the comparison result of 'the computer name and the hardware fingerprint value are not consistent'.
7. The system as claimed in claim 1, wherein when the software fails to obtain the MAC address and the site id data and fails to transmit the MAC address and the site id data to the site data verifier, the site data verifier sends the comparison result indicating that the one-to-one correspondence between the MAC address of the information device and the site id data cannot be verified to block the network connection of the information device.
CN202010483810.2A 2020-06-01 2020-06-01 Network on-line management system for information device Active CN113765842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010483810.2A CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010483810.2A CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Publications (2)

Publication Number Publication Date
CN113765842A CN113765842A (en) 2021-12-07
CN113765842B true CN113765842B (en) 2023-04-07

Family

ID=78782475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010483810.2A Active CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Country Status (1)

Country Link
CN (1) CN113765842B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501637A (en) * 2002-11-13 2004-06-02 上海宽讯时代科技有限公司 Wireless local area network safety protection wall system device
CN1509002A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall link layer and internet protocol layer address binding method
CN103246851A (en) * 2013-05-10 2013-08-14 榆林学院 Wireless network card anti-theft method
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501637A (en) * 2002-11-13 2004-06-02 上海宽讯时代科技有限公司 Wireless local area network safety protection wall system device
CN1509002A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall link layer and internet protocol layer address binding method
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103246851A (en) * 2013-05-10 2013-08-14 榆林学院 Wireless network card anti-theft method
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
宋敏 ; .供电企业无线局域网安全防护.电力信息化.2010,(06),全文. *

Also Published As

Publication number Publication date
CN113765842A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
US7587201B2 (en) Network apparatus capable of confirming whether a device is operating properly after a change of communication settings
CN103414881B (en) A kind of Active Eyes quickly configuration method
CN106331189B (en) Log obtaining method and device and network management server
CN110493195B (en) Network access control method and system
JP5093247B2 (en) Wireless access system, wireless access method, and access point device
CN109684155B (en) Monitoring configuration method, device, equipment and readable storage medium
CN102474741A (en) Diagnosing and resolving wireless network malfunctions
CN1659898B (en) Determining the state of a station in a local area
CN101491008A (en) Station, setting information managing device, wireless communication system, setting information obtaining method, computer-readable medium
CN106060072B (en) Authentication method and device
CN102625230A (en) Building system communication method, apparatus and system thereof
CN101790155A (en) Method, device and system for updating security algorithm of mobile terminal
CN113765842B (en) Network on-line management system for information device
KR101366622B1 (en) Apparatus for recognizing platform to identify a node for the control of unauthorized access
TWI742704B (en) Network connection management system for information device
JP4262532B2 (en) Monitoring system control method
KR101816463B1 (en) Authentication server testing method and system
CN106685914A (en) Information authentication method, server and client
KR100965626B1 (en) Method of testing for wireless LAN system and test protocol
KR101619419B1 (en) System for detecting abnomal behaviors using personalized continuative behavior pattern analsis
CN114039797B (en) Multi-factor authentication escape method and cloud platform
CN110519130B (en) Equipment network access method and system
RU2757108C1 (en) Method for protecting mobile communication devices of wireless data transmission networks from information and technical impact
CN110278112B (en) Control method for receiving management after computer accessing local area network
CN111865693B (en) Automatic correction method, device, equipment and storage medium for network terminal networking parameters

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant