Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Please refer to Fig. 1, it is the schematic flow sheet of the first embodiment of network access management method of the present invention, the executive agent of described method can be: ONT (Optical Network Terminal), be understandable that, those skilled in the art can expect reasonably that the executive agent of Fig. 1 method flow can also be the equipment of network insertion service that similarly provides with ONT, for example: router.Particularly, the method flow of Fig. 1 comprises:
Step S11, when user terminal success interconnection network access device, the trust level information of searching the described user terminal that prestores.
Wherein, the user can arrange password for network access equipments such as ONT in practice, also password can be set.In step S11, when ONT was provided with password, user terminal success interconnection network access device successfully connected ONT after can referring to that user terminal has passed through the password authentification of ONT; When ONT did not arrange password, user terminal success interconnection network access device directly successfully was connected to ONT after can referring to that user terminal searches ONT.
The trust level information of user terminal can be pre-stored in the memory (for example: programmable read only memory, Erasable Programmable Read Only Memory EPROM or flash memory) of ONT, and the trust level information of user terminal can comprise: high trust level information, monitoring class information or distrust class information; Be understandable that, the trust level information that different user terminals has can be its configuration by the manager; It will also be appreciated that, the trust level information of user terminal has represented the different trusted situations of manager to user terminal, the manager also can be as required be divided into high trust level information, middle trust level information and low trust level information with user's trust level information, middle trust level information herein is equivalent to monitor class information, and low trust level information is equivalent to distrust class information.In the present embodiment, classification configurations method or the division collocation method of trust level information are not limited.
Step S12 when step S11 finds the trust level information of user terminal, judges whether to trigger the successful interconnection network access device of management server prompts this user terminal of manager according to described trust level information.
Wherein, when the trust level information of the user terminal that finds as step S11 was high trust level information, the determination result is NO for step S12, namely do not need to trigger the successful interconnection network access device of management server prompts this user terminal of manager; For example: the manager can be configured to management server high trust level information, thereby when avoiding the manager to use management server access network access device, carries out unnecessary prompting at every turn.
The trust level information of the user terminal that finds as step S11 is during for the monitoring class information, and judgment result is that of step S12 is namely to need to trigger the successful interconnection network access device of management server prompts this user terminal of manager; For example: in one family, the computer that father and mother can use children or the trust level information of smart mobile phone are configured to monitor class information, thereby when children surf the Net by ONT later at every turn, father and mother all can be known this situation by the prompting of management server, are beneficial to father and mother and strengthen the surf the Net supervision of situation to children.
The trust level information of the user terminal that finds as step S11 is when distrusting class information, and judgment result is that of step S12 is namely to need to trigger this user terminal of management server prompts manager and permitted authentication by network insertion; For example: with illegal user terminal (such as: the user terminal of other family) be configured to distrust class information after, management server can be when illegal user terminal success interconnection network access device, receive the triggering message of network access equipment, thereby the illegal successful interconnection network access device of user terminal of prompting manager, make the manager find in time the user terminal of illegal invasion, thereby take effective treatment measures; , need to prove if the trust level information of the user terminal that finds is when distrusting class information, can directly shield this user terminal herein, interrupt its network insertion service, to avoid disabled user's terminal occupying bandwidth resources.
Step S13 when judgment result is that of step S12 is, comprises the identity information of described user terminal and the triggering message of trust level information to described management server transmission.
Wherein, the identity information of user terminal comprises: any one in the IP address of user terminal, MAC (Medium Access Control, media access control layer) address and user name or multinomial, preferably, the identity information of user terminal comprises user name.
particularly, the identity information of user terminal can obtain from user terminal sends to the message of ONT, these messages comprise: DHCP (Dynamic Host Configuration Protocol, DynamicHost arranges agreement) message, PPPOE (point-to-point protocol over ethernet, point-to-point protocol on Ethernet) message or ARP (address resolution Protocol, address resolution protocol) message, this sentences the DHCP message is example, the MAC Address of obtaining user terminal and the process of user name are described, user terminal is by sending a DHCP DISCOVER message to ONT, take request ONT as its distributing IP address, carry MAC Address and the user name of user terminal in this DHCP DISCOVER message, therefore ONT can resolve this DHCP DISCOVER message, thereby obtain MAC Address and the user name of user terminal, need to prove, ONT also can adopt other mode to get the identity information of user terminal, the mode of for example finding by neighbours.
Further, the triggering message that step S13 generates can be to meet UPnP (Universal Plug and Play, UPnP) message of agreement, that is to say between ONT and management server and can adopt the UPnP framework, adopt the benefit of this framework to be, ONT plays control action as main equipment, and management server will be controlled and serve separately as service function from equipment.
Further, after management server receives and triggers message, can adopt the mode that plays window to point out the described user terminal of manager successful interconnection network access device.Particularly, resolve the triggering message that receives when management server, obtain identity information and the trust level information of user terminal; Then identity information and the trust level information with user terminal writes in predefined window, and ejects described window in the lower right corner of desktop, with the successful interconnection network access device of the prompting described user terminal of manager.
The embodiment of the present invention is after user terminal success interconnection network access device, search the trust level information of the described user terminal that prestores, and when finding the trust level information of described user terminal, judge whether to trigger the successful interconnection network access device of the management described user terminal of server prompts manager according to the trust level information of described user terminal, and judgment result is that when being, send to management server and trigger message, to trigger the successful interconnection network access device of the management described user terminal of server prompts manager.Due to after user terminal success interconnection network access device, trust level information according to user terminal, trigger on one's own initiative the successful interconnection network access device of management server prompts this user terminal of manager, and do not need manager's logging in network access device to check, therefore can facilitate manager's situation of supervisory user terminal interconnection network access device in real time.
Please refer to Fig. 2, is the schematic flow sheet of the second embodiment of network access management method of the present invention, when step S11 finds the trust level information of user terminal, also carries out:
Step S14 when step S11 finds user's trust level information, according to the trust level information of the user terminal that finds, forbids or allows described accessing user terminal to network.
Particularly, when the level of trust of the user terminal that finds is high trust level information or monitoring trust level information, normally provide the network insertion service for user terminal; When the level of trust of the user terminal that finds is the distrust class information, interrupt the network insertion service of user terminal; Be generally the user terminal of illegal invasion owing to having the user terminal of distrusting class information, so interrupt the network insertion service of disabled user's terminal, can avoid disabled user's terminal occupying Internet resources.
Please refer to Fig. 3, is the schematic flow sheet of the 3rd embodiment of network access management method of the present invention, and described method comprises:
Step S31, when user terminal success interconnection network access device, the trust level information of searching the described user terminal that prestores.This step is identical with step S11 in Fig. 1, is not repeated herein.
Step S32, when step S31 did not find the trust level information of described user terminal, request management server prompts manager configured the trust level information of described user terminal.
Particularly, the trust level information of request management server configure user terminal can comprise: the configuring request that generates the identity information that comprises user terminal; The configuring request that generates is sent to management server, trigger the trust level information of management server prompts manager configure user terminal.
After management server receives configuring request, can adopt the mode that plays window to point out the manager to configure the trust level information of described user terminal herein.
Need to prove after the manager has configured the trust level information of user terminal by management server herein, the trust level information of network access equipment recording user terminal, for example: the manager that network access equipment receiving management server sends configures the trust level information to user terminal, and the trust level information of storing described user terminal.
Also need to prove herein, after the trust level information of step S32 request management server prompts manager configure user terminal, if the manager is configured to distrust class information with the trust level information of user terminal, interrupt immediately the network insertion of this user terminal.
Also need to prove herein, when step S31 does not find the trust level information of user terminal, show that user terminal is unknown user terminal, so when step S32 request management server prompts manager configures the trust level information of described user terminal, can directly shield this unknown user terminal, namely end the network insertion service of this unknown user terminal.
Above-mentioned network access management method to the embodiment of the present invention is illustrated, and is introduced below in conjunction with network access equipment and the network insertion management system of accompanying drawing to the embodiment of the present invention.
Please refer to Fig. 4, it is the structural representation of the first embodiment of network access equipment of the present invention, network access equipment 4 in Fig. 4 can be ONT (Optical Network Terminal), be understandable that, those skilled in the art can expect reasonably that the network access equipment 4 in Fig. 4 can also be the equipment of realization and ONT similar functions, for example: router.Particularly, network access equipment 4 comprises: search module 41, judge module 42 and sending module 43.
Search module 41, when being used for user terminal success interconnection network access device 4, the trust level information of searching the described user terminal that prestores.
Wherein, network access equipment 4 may be provided with password by the user in practice, may password be also empty.When therefore network access equipment 4 was provided with password, network access equipment 4 successfully is connected with user terminal can refer to that user terminal has passed through the password authentification of network access equipment 4, thereby successfully is connected to network access equipment 4; Also can refer to when network access equipment 4 does not arrange password, when user terminal searches network access equipment, directly successfully be connected to network access equipment 4.
The memory of network access equipment 4 stores the trust level information of different user terminals in (comprising: programmable read only memory, Erasable Programmable Read Only Memory EPROM or flash memory).Particularly, the trust level information of user terminal can comprise: high trust level information, monitoring class information or distrust class information are understandable that the trust level information configured in advance of user terminal is in network access equipment 4; It will also be appreciated that, the trust level information of user terminal has represented the different trusted situations of manager to user terminal, the manager also can be as required be divided into high trust level information, middle trust level information and low trust level information with user's trust level information, middle trust level information herein is equivalent to monitor class information, and low trust level information is equivalent to distrust class information.
Judge module 42 is used for when searching module 41 when finding the trust level information of user terminal, judges whether to trigger according to described trust level information and manages the successful interconnection network access device 4 of server prompts this user terminal of manager.
Wherein, when the trust level information of searching the user terminal that module 41 finds was high trust level information, the determination result is NO for judge module 42, namely needn't trigger the successful interconnection network access device 4 of management server prompts this user terminal of manager; For example: the manager can be configured to management server high trust level information, thereby when avoiding the manager to use management server access network access device, carries out unnecessary prompting at every turn.
During for the monitoring class information, judgment result is that of judge module 42 is namely to need to trigger the successful interconnection network access device 4 of management server prompts this user terminal of manager when the trust level information of searching the user terminal that module 41 finds; For example: in one family, the computer that father and mother can use children or the trust level information of smart mobile phone are configured to monitor class information, thereby when children surf the Net by ONT later at every turn, father and mother all can be known this situation by the prompting of management server, are beneficial to father and mother and strengthen the surf the Net supervision of situation to children.
When distrusting class information, the determination result is NO for judge module 42, namely needs to trigger this user terminal of management server prompts manager and permitted authentication by network insertion when the trust level information of searching the user terminal that module 41 finds; For example: with illegal user terminal (such as: the user terminal of other family) be configured to distrust class information after, management server can be when illegal user terminal success interconnection network access device, receive the triggering message of network access equipment, thereby the illegal successful interconnection network access device of user terminal of prompting manager, make the manager find in time the user terminal of illegal invasion, thereby take effective treatment measures; , need to prove if the trust level information of the user terminal that finds is when distrusting class information, can directly shield this user terminal herein, interrupt its network insertion service, to avoid disabled user's terminal occupying bandwidth resources.
Sending module 43 is used for when judgment result is that of judge module 42 is, sends to described management server to comprise the identity information of user terminal and the triggering message of trust level information.
Wherein, the identity information of user terminal comprises: any one in the IP address of user terminal, MAC (Medium Access Control, media access control layer) address and user name or multinomial, preferably, the identity information of user terminal comprises user name.
particularly, the identity information of user terminal can obtain from user terminal sends to the message of ONT, these messages comprise: the DHCP message, PPPOE message or ARP message, this sentences the DHCP message is example, the MAC Address of obtaining user terminal and the process of user name are described, user terminal is by sending a DHCP DISCOVER message to ONT, take request ONT as its distributing IP address, carry MAC Address and the user name of user terminal in this DHCP DISCOVER message, therefore ONT can resolve this DHCP DISCOVER message, thereby obtain MAC Address and the user name of user terminal, need to prove, ONT also can adopt other mode to get the identity information of user terminal, the mode of for example finding by neighbours.
Further, the triggering message that sending module 43 generates can be the message that meets the UPnP agreement, that is to say between ONT and management server and can adopt the UPnP framework, adopt the benefit of this framework to be, ONT plays control action as main equipment, management server will be controlled and serve separately as service function from equipment.
Further, after management server receives and triggers message, can adopt the mode that plays window to point out the described user terminal of manager successful interconnection network access device.Particularly, resolve the triggering message that receives when management server, obtain identity information and the trust level information of user terminal; Then identity information and the trust level information with user terminal writes in predefined window, and ejects described window in the lower right corner of desktop, with the successful interconnection network access device of the prompting described user terminal of manager.
The embodiment of the present invention is after user terminal success interconnection network access device, search the trust level information of the described user terminal that prestores, and when finding the trust level information of described user terminal, judge whether to trigger the successful interconnection network access device of the management described user terminal of server prompts manager according to the trust level information of described user terminal, and judgment result is that when being, send to management server and trigger message, to trigger the successful interconnection network access device of the management described user terminal of server prompts manager.Due to after user terminal success interconnection network access device, trust level information according to user terminal, trigger on one's own initiative the successful interconnection network access device of management server prompts this user terminal of manager, and do not need manager's logging in network access device to check, therefore can facilitate manager's situation of supervisory user terminal interconnection network access device in real time.
Please refer to Fig. 5, is the structural representation of the second embodiment of network access equipment of the present invention, and Fig. 5 compares with Fig. 4, and network access equipment 4 also comprises:
Network insertion administration module 44 is used for when searching the users to trust class information that module 41 finds, and forbids or allows described accessing user terminal to network according to the trust level information of described user terminal.
Particularly, when the level of trust of searching the user terminal that module 41 finds is high trust level information or monitoring trust level information, normally provide the network insertion service for user terminal; When distrusting class information, interrupt the network insertion service of user terminal when the level of trust of searching the user terminal that module 41 finds; Be generally the user terminal of illegal invasion owing to having the user terminal of distrusting class information, so interrupt the network insertion service of disabled user's terminal, can avoid disabled user's terminal occupying Internet resources.
Please refer to Fig. 6, is the structural representation of the 3rd embodiment of network access equipment of the present invention, and Fig. 6 compares with Fig. 4, also comprises: request configuration module 44.
Wherein, request configuration module 44 is used for when searching module 41 when not finding the trust level information of described user terminal, and the request management server configures the trust level information of described user terminal.Particularly, request configuration module 44 comprises: configuring request generation unit 441 is used for the configuring request that generation comprises the identity information of described user terminal; Configuring request transmitting element 442 is used for described configuring request is sent to management server, triggers the trust level information that management server prompts manager configures described user terminal.
After management server receives configuring request, can adopt the mode that plays window to point out the manager to configure the trust level information of described user terminal herein.
Need to prove after the manager has configured the trust level information of user terminal by management server herein, the trust level information of network access equipment 4 recording user terminals, for example: the manager that network access equipment 4 receiving management servers send configures the trust level information to user terminal, and the trust level information of storing described user terminal.
Also need to prove herein, after the trust level information of request configuration module 44 request management server prompts manager configure user terminals, if the manager is configured to distrust class information with the trust level information of user terminal, interrupt immediately the network insertion of this user terminal.
Also need to prove herein, when searching module 41 when not finding the trust level information of user terminal, show that user terminal is unknown user terminal this moment, so when request configuration module 44 request management server prompts managers configure the trust level information of described user terminal, can directly shield this unknown user terminal, namely end the network insertion service of this unknown user terminal.
Please refer to Fig. 7, is the structural representation of the embodiment of network insertion management system of the present invention, and this network insertion management system comprises: network access equipment 4, management server 5 and at least one user terminal 6.
Wherein, network access equipment 4 can be the network access equipment shown in arbitrary figure 4 in Fig. 4-6.Management server 5 can be realized by PC (Personal Computer, personal computer), and be understandable that, management server 5 also can be used as user terminal.User terminal 6 can be smart mobile phone, PDA (Personal Digital Assistant, personal digital assistant), panel computer, notebook computer, desktop computer, facsimile machine or printer.
in the present embodiment, after the successful interconnection network access device 4 of arbitrary user terminal 6, when if the trust level information of this user terminal is monitoring trust level information or distrust class information, network access equipment 4 all sends to management server 5 and triggers message, 5 receive trigger message after, in the mode that plays window, identity information and the trust level information of this user terminal 6 is shown to the manager, facilitate manager's current access situation of monitor network access device 4 in real time, and when the trust level information of user terminal 6 is when distrusting class information, network access equipment 4 is initiatively forbidden the network insertion of user terminal 6, thereby effectively prevent disabled user's terminal occupying Internet resources.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in above-described embodiment method, to come the relevant hardware of instruction to complete by computer program, described program can be stored in a computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosed is only preferred embodiment of the present invention, certainly can not limit with this interest field of the present invention, one of ordinary skill in the art will appreciate that all or part of flow process that realizes above-described embodiment, and according to the equivalent variations that claim of the present invention is done, still belong to the scope that invention is contained.