CN102281281A - Intelligent device access and authority control method in wireless network environment - Google Patents
Intelligent device access and authority control method in wireless network environment Download PDFInfo
- Publication number
- CN102281281A CN102281281A CN2011101399072A CN201110139907A CN102281281A CN 102281281 A CN102281281 A CN 102281281A CN 2011101399072 A CN2011101399072 A CN 2011101399072A CN 201110139907 A CN201110139907 A CN 201110139907A CN 102281281 A CN102281281 A CN 102281281A
- Authority
- CN
- China
- Prior art keywords
- smart machine
- equipment
- card
- equipment identities
- identities card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
Discloses is an intelligent device access and authority control method in wireless network environment, comprising the steps as follows: an intelligent device applies a network access; a device authentication center verifies the device identification card of the intelligent device, wherein the device identification card is preset with an authority level; an intelligent device without a device identification card obtains a device identification card by utilizing an application code sent by the device authentication center, and accesses into a verified network area by means of the device identification card; the intelligent device accessing into the verified network area proposes a request for accessing other devices; a device management centre compares the device identification card of the intelligent device with those of other devices to be accessed, determines whether the authority level of the intelligent device is higher than those of other devices, if yes, the access is permitted , or else the access is denied. The method can ensure the internal security of a network in wifi environment and the use security of the intelligent device, and enable a manager to understand the use of internal devices, thus convenient for the resource allocation and management.
Description
Technical field
The invention belongs to the computer security technique field, relate to smart machine access and authority control method under a kind of wireless network environment.
Background technology
The data that Wi-Fi Alliance is announced show that global Wi-Fi user surpasses 700,000,000, and the Wi-Fi Hotspot number is above 750,000.Particularly Zhong Guo Wi-Fi employing rate is just constantly soaring, and three big operators all drop into huge fund and build Wi-Fi Hotspot, and In-Stat estimates that to the end of the year 2010, the focus quantity of China is expected to reach 28.5 ten thousand places.2009, Chinese market nearly 7,000,000 Wi-Fi mobile phones that go on the market altogether, this numeral is expected to reach 9,700 ten thousand ones in 2013.
Whether have Wi-Fi network or focus no matter, the user can directly connect rapidly at equipment rooms such as notebook, mobile phone, panel computer, printers, thereby opens the abundant application world, comprise content share, synchronously, printing, recreation etc.The technology of this innovation is exactly that Wi-Fi is direct-connected, and its testing of equipment starts by the end of October this year, and the first batch of equipment that constitutes the direct-connected interoperability manipulation protos test suite PROTOS of Wi-Fi surpasses 10 sections, and they are from companies such as Atheros, Botong, Intel, Realtek.
The illegal access, bandwidth is usurped, personation AP, the WEP crack tool ... these safety problems are accompanied by wireless network always, about the safety problem of wireless network, also be one topic for a long time has been discussed, but seeming most sight has all concentrated on one's body hardware vendor and the industry organization, everybody discusses more is to have leak such as WEP, and the 802.11i standard waits unified grade for topic.Since be in open wireless environment, to communicate, the same data message that also might obtain on the transponder of concealed attack on every side with reader, and this has just constituted the threat to safety and privacy.
Given this, be necessary to design under a kind of wireless network environment that smart machine inserts and authority control method to address the above problem.
Summary of the invention
Technical problem to be solved by this invention provides smart machine access and authority control method under a kind of wireless network environment, is used for protecting the data message that is in wireless environment, prevents information-leakage.Guarantee the smart machine safety under the wireless network environment simultaneously, make things convenient for resource allocation and management.
In order to solve the problems of the technologies described above, the present invention adopts following technical scheme: smart machine inserts and authority control method under a kind of wireless network environment, may further comprise the steps:
1) the smart machine log on inserts;
2) the equipment identities card of this smart machine is verified at the device authentication center; If no equipment identities card, then this smart machine is isolated to not verified network area, and obtains the application code that the device authentication center sends; If any the equipment identities card, then insert the network area of having verified; Described equipment identities card has pre-seted Permission Levels;
3) smart machine of no equipment identities card utilizes the application code acquisition equipment identities card that the device authentication center sends; Utilize this equipment identities card to insert the network area of having verified;
4) smart machine that inserts the network area verified proposes the request of other equipment of visit;
5) equipment management center compares the equipment identities card of the equipment identities of this smart machine card with other equipment to be visited, judge whether the Permission Levels of the equipment identities card of this smart machine are higher than the Permission Levels of the equipment identities card of other equipment to be visited, if allow visit; If not, denied access.
Preferably, described equipment identities card is bound with the hardware address of smart machine, while and one or more users binding.
Preferably, described equipment identities card is a kind of multidimensional code picture.
Preferably, described equipment identities card is a kind of multidimensional code picture that adds shell.
Preferably, described equipment identities card grade adopts pyramid model, and the bottom Permission Levels are visited or high-rise smart machine visit low layer smart machine with the smart machine of layer mutually less than high-rise Permission Levels.
Preferably, the application code acquisition equipment identities card concrete steps that the smart machine of no equipment identities card utilizes the device authentication center to send in the described step 3) are as follows:
A. application code is filled in by equipment user logging device administrative center;
B. whether the keeper of equipment management center selection is by applying for and authorize corresponding Permission Levels;
C. equipment management center is according to the classification of this smart machine, the Permission Levels of smart machine and smart machine user's identity information production equipment identity card, and sends to this smart machine.
Preferably, the relevant daily record user of the described visit time started and concluding time of using smart machine.
Concrete, among the present invention for the first time access of radio network environment equipment down will be isolated to the not zone of Authentication devices, and obtain the application code of device authentication center transmission.The end user of equipment is with applicant's identity beaching accommodation authentication center, submit applications sign indicating number.The keeper is after equipment management center is by application, and this equipment will be bound with the end user, and be connected to Authentication devices district again.In Authentication devices district, the equipment by checking can be with other equipment of equipment identities card visit, have only access side's equipment identities card to be superior to or equal accessed side, and visit just can be allowed to.Equipment management center will be used time started of equipment and concluding time etc. by equipment identities card record user.
The present invention can guarantee the safe in utilization of the internal security of network of wifi environment and smart machine, can allow the keeper of enterprises and institutions effectively understand the operating position of internal unit simultaneously again, makes things convenient for resource allocation and management.
Description of drawings
Fig. 1 is the browsing process figure between smart machine of the present invention.
Fig. 2 is browsing process figure between smart machine among the present invention.
Fig. 3 is an equipment identities card grade illustraton of model among the present invention.
Embodiment
Technical problem to be solved by this invention provides the management method of smart machine in a kind of wireless network environment, may further comprise the steps:
1) the smart machine log on inserts;
2) the equipment identities card of this smart machine is verified at the device authentication center; If no equipment identities card, then this smart machine is isolated to not verified network area, and obtains the application code that the device authentication center sends; If any the equipment identities card, then insert the network area of having verified; Described equipment identities card has pre-seted Permission Levels;
3) smart machine of no equipment identities card utilizes the application code acquisition equipment identities card that the device authentication center sends; Utilize this equipment identities card to insert the network area of having verified;
4) smart machine that inserts the network area verified proposes the request of other equipment of visit;
5) equipment management center compares the equipment identities card of the equipment identities of this smart machine card with other equipment to be visited, judge whether the Permission Levels of the equipment identities card of this smart machine are higher than the Permission Levels of the equipment identities card of other equipment to be visited, if allow visit; If not, denied access.
Concrete: please refer to shown in Figure 1,
The equipment identities card of the smart machine of application access network will be developed in I, device authentication center, if the device network zone isolation that does not have the smart machine of equipment identities card will be access in not verified network area and verify.And send to application code of this equipment.
II, equipment user can logging device administrative centers, fill in application code, the application device authentication.
III, device authentication center will send to equipment management center to application, and the keeper can select whether to pass through application.And authorize corresponding Permission Levels.
IV, equipment management center are received by after the notice of applying for, are understood according to the classification of this equipment, the Permission Levels of equipment and the information production equipment identity cards such as identity of equipment user, and send to smart machine.
After V, smart machine were received the equipment identities card, the device authentication center will join this equipment and verify network.
The workflow of equipment room access registrar sees that accompanying drawing 2. is specific as follows:
I, access side's equipment are visited to the equipment management center application
II, equipment management center contrast both sides' equipment identities card is demonstrate,proved grade as access side's equipment identities and is greater than or equal to accessed side, then allows visit, on the contrary denied access.
III, equipment management center write down the relevant daily record of this visit.
Equipment identities card grade model adopts pyramid model as shown in Figure 3, and the bottom authority can be visited with the equipment of layer grade mutually less than high-rise authority, and high-level device can be visited low layer equipment.
Equipment identities card as herein described is a kind of multidimensional code picture with shell (adding shell), and each dimension writes down a kind of information: as user, device type, equipment authority etc.Equipment identities card and the device hardware address binding issued are bound with user (one or more) simultaneously.Its shell has only equipment management center and device authentication center to open, and other any type of visits and operation are all invalid.
Adding shell is to utilize special algorithm in fact, and the resource in EXE, the dll file is compressed, encrypted.The effect of similar WINZIP, the file after this compression only can independent operating, and decompression procedure is hidden fully, all finishes in internal memory.After they are attached on the original program and are written into internal memory by the Windows loader, carry out prior to original program, controlled power is decrypted, reduces original program in the implementation, again control is given back original program after reduction is finished, carry out original code section.After adding shell, the original program code generally is to exist with the form after encrypting in disk file, only when carrying out, in internal memory, reduce, so just can prevent the illegal modifications of cracker more effectively, can prevent that also program is by static decompiling simultaneously program file.
Advantage of the present invention is: by adding the multidimensional code identity card of shell, protected the safety of the smart machine in the wireless network, prevented that the illegality equipment of wireless network inside from inserting information-leakage and the potential safety hazard that causes.Simultaneously, ensured the access security of equipment and equipment room, the convenient Resource Allocation in Networks of optimizing.
Be understandable that though the present invention with the preferred embodiment disclosure as above, yet the foregoing description is not in order to limit the present invention.For any those of ordinary skill in the art, do not breaking away under the technical solution of the present invention scope situation, all can utilize the technology contents of above-mentioned announcement that technical solution of the present invention is made many possible changes and modification, or be revised as the equivalent embodiment of equivalent variations.Therefore, every content that does not break away from technical solution of the present invention, all still belongs in the scope of technical solution of the present invention protection any simple modification, equivalent variations and modification that above embodiment did according to technical spirit of the present invention.
Claims (8)
1. smart machine inserts and authority control method under the wireless network environment, it is characterized in that: may further comprise the steps:
1) the smart machine log on inserts;
2) the equipment identities card of this smart machine is verified at the device authentication center; If no equipment identities card, then this smart machine is isolated to not verified network area, and obtains the application code that the device authentication center sends; If any the equipment identities card, then insert the network area of having verified; Described equipment identities card has pre-seted Permission Levels;
3) smart machine of no equipment identities card utilizes the application code acquisition equipment identities card that the device authentication center sends; Utilize this equipment identities card to insert the network area of having verified;
4) smart machine that inserts the network area verified proposes the request of other equipment of visit;
5) equipment management center compares the equipment identities card of the equipment identities of this smart machine card with other equipment to be visited, judge whether the Permission Levels of the equipment identities card of this smart machine are higher than the Permission Levels of the equipment identities card of other equipment to be visited, if allow visit; If not, denied access.
2. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 1, it is characterized in that: described equipment identities card is bound with the hardware address of smart machine, while and one or more user binding.
3. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 2, it is characterized in that: described equipment identities card is a kind of multidimensional code picture.
4. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 3, it is characterized in that: described equipment identities card is a kind of multidimensional code picture that adds shell.
5. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 1, it is characterized in that: described equipment identities card grade adopts pyramid model, the bottom Permission Levels are visited or high-rise smart machine visit low layer smart machine with the smart machine of layer mutually less than high-rise Permission Levels.
6. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 1, it is characterized in that: it is as follows that the application code that the smart machine of no equipment identities card utilizes the device authentication center to send in the described step 3) obtains equipment identities card concrete steps:
A. application code is filled in by equipment user logging device administrative center;
B. whether the keeper of equipment management center selection is by applying for and authorize corresponding Permission Levels;
C. equipment management center is according to the classification of this smart machine, the Permission Levels of smart machine and smart machine user's identity information production equipment identity card, and sends to this smart machine.
7. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 6, and it is characterized in that: described equipment management center writes down the relevant daily record of this visit.
8. smart machine inserts and authority control method under a kind of wireless network environment as claimed in claim 7, and it is characterized in that: the relevant daily record user of described visit uses the time started and the concluding time of smart machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101399072A CN102281281A (en) | 2011-05-27 | 2011-05-27 | Intelligent device access and authority control method in wireless network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101399072A CN102281281A (en) | 2011-05-27 | 2011-05-27 | Intelligent device access and authority control method in wireless network environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102281281A true CN102281281A (en) | 2011-12-14 |
Family
ID=45106459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101399072A Pending CN102281281A (en) | 2011-05-27 | 2011-05-27 | Intelligent device access and authority control method in wireless network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102281281A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200196A (en) * | 2013-04-01 | 2013-07-10 | 天脉聚源(北京)传媒科技有限公司 | Accessing method, system and device between user equipment and accessing target |
| CN104820792A (en) * | 2015-03-09 | 2015-08-05 | 中国科学院信息工程研究所 | Method and apparatus for managing Android device and data channel system authority |
| CN105306447A (en) * | 2015-09-21 | 2016-02-03 | 北京元心科技有限公司 | Security access method and system in intelligent device using D-Bus |
| CN107395687A (en) * | 2017-06-28 | 2017-11-24 | 珠海格力电器股份有限公司 | Monitoring method, device, system and the air-conditioning of equipment |
| CN107612742A (en) * | 2017-10-09 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of method of routing device configurating terminal fingerprint |
| CN112581103A (en) * | 2020-12-31 | 2021-03-30 | 苏州盛德隆智能科技有限公司 | Safety online conference management method |
| CN114157475A (en) * | 2021-11-30 | 2022-03-08 | 迈普通信技术股份有限公司 | Equipment access method, device, authentication equipment and access equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784063A (en) * | 2004-12-01 | 2006-06-07 | 华为技术有限公司 | Movable terminal verifying method |
| CN101242404A (en) * | 2007-02-08 | 2008-08-13 | 联想(北京)有限公司 | A validation method and system based on heterogeneous network |
| WO2010122315A2 (en) * | 2009-04-24 | 2010-10-28 | Research In Motion Limited | Methods and apparatus to discover authentication information in a wireless networking environment |
| CN101894242A (en) * | 2010-06-22 | 2010-11-24 | 上海华御信息技术有限公司 | System and method for protecting information safety of mobile electronic equipment |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
-
2011
- 2011-05-27 CN CN2011101399072A patent/CN102281281A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784063A (en) * | 2004-12-01 | 2006-06-07 | 华为技术有限公司 | Movable terminal verifying method |
| CN101242404A (en) * | 2007-02-08 | 2008-08-13 | 联想(北京)有限公司 | A validation method and system based on heterogeneous network |
| WO2010122315A2 (en) * | 2009-04-24 | 2010-10-28 | Research In Motion Limited | Methods and apparatus to discover authentication information in a wireless networking environment |
| CN101894242A (en) * | 2010-06-22 | 2010-11-24 | 上海华御信息技术有限公司 | System and method for protecting information safety of mobile electronic equipment |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200196A (en) * | 2013-04-01 | 2013-07-10 | 天脉聚源(北京)传媒科技有限公司 | Accessing method, system and device between user equipment and accessing target |
| CN103200196B (en) * | 2013-04-01 | 2016-08-03 | 天脉聚源(北京)传媒科技有限公司 | A kind of access method, system and device between subscriber equipment and access target |
| CN104820792A (en) * | 2015-03-09 | 2015-08-05 | 中国科学院信息工程研究所 | Method and apparatus for managing Android device and data channel system authority |
| CN104820792B (en) * | 2015-03-09 | 2019-04-26 | 中国科学院信息工程研究所 | Android device and data channel System right management method and apparatus |
| CN105306447A (en) * | 2015-09-21 | 2016-02-03 | 北京元心科技有限公司 | Security access method and system in intelligent device using D-Bus |
| CN105306447B (en) * | 2015-09-21 | 2019-05-31 | 北京元心科技有限公司 | A kind of method and system being had secure access in smart machine using D-Bus |
| CN107395687A (en) * | 2017-06-28 | 2017-11-24 | 珠海格力电器股份有限公司 | Monitoring method, device, system and the air-conditioning of equipment |
| CN107395687B (en) * | 2017-06-28 | 2021-07-06 | 珠海格力电器股份有限公司 | Equipment monitoring method, device and system and air conditioner |
| CN107612742A (en) * | 2017-10-09 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of method of routing device configurating terminal fingerprint |
| CN112581103A (en) * | 2020-12-31 | 2021-03-30 | 苏州盛德隆智能科技有限公司 | Safety online conference management method |
| CN114157475A (en) * | 2021-11-30 | 2022-03-08 | 迈普通信技术股份有限公司 | Equipment access method, device, authentication equipment and access equipment |
| CN114157475B (en) * | 2021-11-30 | 2023-09-19 | 迈普通信技术股份有限公司 | Equipment access method and device, authentication equipment and access equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102281281A (en) | Intelligent device access and authority control method in wireless network environment | |
| CN103310169B (en) | A kind of method protecting SD card data and protection system | |
| US20080313527A1 (en) | Region-based controlling method and system for electronic documents | |
| CN110401655A (en) | Access control right management system based on user and role | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN105379223A (en) | Validating the identity of a mobile application for mobile application management | |
| CN102333072B (en) | Network banking trusted transaction system and method based on intelligent terminal | |
| CN102936980A (en) | Method and device for controlling electronic lock | |
| CN105912272A (en) | Device and method controlling operation of multiple safety applications | |
| CN105354479A (en) | USB flash disk authentication based solid state disk and data hiding method | |
| CN102930216B (en) | Based on the encrypt file management method of wireless U-disc | |
| CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
| CN106559213A (en) | Device management method, equipment and system | |
| KR100842276B1 (en) | Wireless RFID Medical Device Access Control Method Using WLAN Security Standard Technology | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| JP2013515301A (en) | Method, system and smart card for realizing general-purpose card system | |
| CN108804935A (en) | A kind of safety encryption storage system and method based on TrustZone | |
| CN108491724A (en) | A kind of hardware based computer interface encryption device and method | |
| CN106686585A (en) | Binding method and system | |
| CN102200948A (en) | Multi-partition memory device and access method thereof | |
| CN103051963B (en) | A kind of method of controlling security of digital-television terminal equipment | |
| CN107609412A (en) | A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies | |
| CN101521662A (en) | Confidential U-disk remote monitoring system and method thereof | |
| CN101551838B (en) | Identity authentication method and system of memory card | |
| CN104955043B (en) | A kind of intelligent terminal security protection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111214 |