CN103685134A - WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device - Google Patents
WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device Download PDFInfo
- Publication number
- CN103685134A CN103685134A CN201210313845.7A CN201210313845A CN103685134A CN 103685134 A CN103685134 A CN 103685134A CN 201210313845 A CN201210313845 A CN 201210313845A CN 103685134 A CN103685134 A CN 103685134A
- Authority
- CN
- China
- Prior art keywords
- ssid
- sta
- access
- wlan
- wlan network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a WLAN (Wireless Local Area Network) resource access control method and a WLAN resource access control device. The method includes the following steps: Step 1, confirming if a WLAN is activated, and carrying out WLAN parameter configurations on one or more SSIDs (Service Set Identifiers) in the WLAN if the WLAN is activated; Step 2, reading preset network resource access control information corresponding to the one or more SSIDs in the WLAN; Step 3, in case of the access of a wireless station (STA) to a certain SSID in the WLAN, judging whether the SSID which the STA accesses has the authority to access the network resource to be accessed according to the corresponding network resource access control information, permitting the access of the STA to the network resource in case the SSID has the authority, and prohibiting the access of the STA to the network resource in case the SSID has no authority. The method and the device, adopting the technical scheme, achieves simple and rapid control to network resource access authority, thereby effectively protecting network security.
Description
Technical field
The present invention relates to field of mobile communication, particularly relate to a kind of WLAN (wireless local area network) (Wireless Local Area Networks, referred to as WLAN) network resource access control method and device.
Background technology
In the prior art, the development of information technology, day by day highlights the double-edged sword effect of Internet resources.The day by day serious security threat that carrys out automatic network, for example, network data burglar, hacker's invasion and attack, virus distribution, even internal system is divulged a secret, and has made information security become the matter of utmost importance in every profession and trade informatization.
In recent years, internet worm and attack quantity and be doubled and redoubled, virus also by single type to comprehensive development, mutation quantity is huge, it is dark to hide, harm is serious; The network application becoming increasingly abundant increases viral route of transmission greatly.
If the network information security can not get effective guarantee, enterprise will face many-sided threats such as normally use of network, File lose or damage, the paralysis of production administrating system, server and client hardware device damage, confidential information and intellectual property be stolen, and these, Dou Huigei enterprise brings direct economic loss.
Relevant investigation shows, domestic have nearly 21.8% industry not take any control measures to the network information security.And in having implemented the industry of management, correct Adoption Network safety and guard of computer technology be also very few, the phenomenon of not effecting a permanent cure of taking stopgap measures is serious.For multiple enterprises more, the imperfection of computer system itself and the fragility of communications facility have formed the potential threat of network security jointly, bring immeasurable loss to storage and the transportation of trade information.And some enterprises have taked the means such as logic isolation, but because scheme is imperfect, various safe practices are not integrated, safety problem is understood insufficient, cause expensive, but the bad situation of safe effect.
In order to address the above problem, a kind of network resource visit control system is provided in prior art, specifically comprise: the login authentication request of initiating when switch receives client-requested accesses network resource also forwards, according to the access control information for login authentication request receiving, to initiating the client of login authentication request, carry out network resource accession control; The login authentication request that security server desampler forwards, the authentication information that login authentication request is comprised authenticates, the corresponding addressable security domain of different identity authentication information that authentication sets in advance by rear basis and the Internet resources list under security domain, issue the access control information for this login authentication request to switch.
But there is following problem in technique scheme: in order realizing, network resource accession to be controlled, need to be used the plurality of devices such as switch, security server, the said equipment configuration is comparatively complicated, needs darker professional knowledge.If mis-arrange, may cause whole network normally to work.
Summary of the invention
The invention provides a kind of wlan network resource access control method and device, to solve network resource accession in prior art, control the problem that need to use plurality of devices and equipment configuration more complicated.
The invention provides a kind of wlan network resource access control method, comprise: step 1, determine whether wlan network is opened, in the situation that being defined as being, one or more service set under wlan network (Service Set Identifier, referred to as SSID) are carried out to wlan network parameter configuration; Step 2, reads the wlan network next one or the corresponding network resource accession control information of a plurality of SSID that set in advance; Step 3, in the situation that judgement has under wireless stations STA access wlan network certain SSID, according to corresponding network resource accession control information, judge whether the SSID at STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow STA to access this Internet resources, otherwise, forbid that STA accesses this Internet resources.
Preferably, said method also comprises: by interface is set, obtain the wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges, wherein, network resource accession control information is network resource accession white list/blacklist.
Preferably, said method also comprises: by being set, interface obtains the wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges, wherein, MAC Address white list/blacklist that mac address filter information is STA; Step 2 further comprises: read the wlan network next one or the corresponding mac address filter information of a plurality of SSID that set in advance; Before execution step 3, said method also comprises: according to corresponding mac address filter information, judge whether STA can access SSID, in the situation that being judged as YES, STA is accessed to this SSID, and proceeds to step 3, otherwise, forbid that STA accesses this SSID.
Preferably, according to corresponding network resource accession control information, judge whether STA has authority to access its Internet resources of thinking access and specifically comprise: obtain the network resource accession request that STA sends; According to network resource accession, the Internet resources that STA will access are determined in request; According to the corresponding network resource accession control information of SSID of STA access, judge whether the SSID at STA place has authority to access this Internet resources.
Preferably, after execution step 2, also comprise: judge whether that STA need to access a certain SSID under wlan network, in the situation that being judged as YES, proceed to step 3, in the situation that being judged as NO, wait for the scheduled time, if still do not have in the given time STA need to access a certain SSID under wlan network, wlan network is set to resting state.
The present invention also provides a kind of wlan network resource access control device, comprise: determination module, for determining that whether wlan network is opened, and in the situation that being defined as being, carries out wlan network parameter configuration to the one or more service set SSID under wlan network; Read module, for reading the wlan network next one or the corresponding network resource accession control information of a plurality of SSID setting in advance; The first processing module, for have under wireless stations STA access wlan network certain SSID in judgement in the situation that, according to corresponding network resource accession control information, judge whether the SSID at STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow STA to access this Internet resources, otherwise, forbid that STA accesses this Internet resources.
Preferably, said apparatus also comprises: first arranges module, for obtaining by interface is set the wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges, wherein, network resource accession control information is network resource accession white list/blacklist.
Preferably, said apparatus also comprises: second arranges module, for obtaining by interface is set the wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges, wherein, MAC Address white list/blacklist that mac address filter information is STA; Read module is further used for: read the wlan network next one or the corresponding mac address filter information of a plurality of SSID that set in advance; Device also comprises: the second processing module, for judging according to corresponding mac address filter information whether STA can access SSID, in the situation that being judged as YES, STA is accessed to this SSID, and call the first processing module, otherwise, forbid that STA accesses this SSID.
Preferably, the first processing module specifically for: obtain the network resource accession request that STA sends; According to network resource accession, the Internet resources that STA will access are determined in request; According to the corresponding network resource accession control information of SSID of STA access, judge whether the SSID at STA place has authority to access this Internet resources.
Preferably, said apparatus also comprises: judge module, for judging whether that STA need to access a certain SSID under wlan network, in the situation that being judged as YES, call the first processing module, in the situation that being judged as NO, wait for the scheduled time, if still do not have in the given time STA need to access a certain SSID under wlan network, wlan network is set to resting state.
Beneficial effect of the present invention is as follows:
The network resource accession control information setting in advance by basis judges whether STA has authority to access the Internet resources that it will be accessed, solve network resource accession in prior art and controlled the problem that need to use plurality of devices and equipment configuration more complicated, can simple and fast network resource accession authority be controlled, effectively protecting network safety; Compared with prior art, the technical scheme cost of the embodiment of the present invention is cheaper, operates simplyr, and more convenient user uses, and user experiences splendid.
Accompanying drawing explanation
Fig. 1 is the flow chart of the wlan network resource access control method of the embodiment of the present invention;
Fig. 2 is the operation principle schematic diagram that the wlan network resource access of the embodiment of the present invention is controlled;
Fig. 3 is the flow chart of detailed processing of the wlan network resource access control method of the embodiment of the present invention;
Fig. 4 is the structural representation of the wlan network resource access control device of the embodiment of the present invention;
Fig. 5 is the detailed structure schematic diagram of the wlan network resource access control device of the embodiment of the present invention.
Embodiment
In order to solve network resource accession in prior art, control the problem that need to use plurality of devices and equipment configuration more complicated, the invention provides a kind of wlan network resource access control method and device, below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, does not limit the present invention.
Embodiment of the method
According to embodiments of the invention, a kind of wlan network resource access control method is provided, Fig. 1 is the flow chart of the wlan network resource access control method of the embodiment of the present invention.As shown in Figure 1, according to the wlan network resource access control method of the embodiment of the present invention, comprise following processing:
Step 101, determines whether wlan network is opened, and in the situation that being defined as being, the one or more SSID under wlan network is carried out to wlan network parameter configuration;
Particularly, step 101 comprises following processing:
Initialization (this data terminal can be data card, wireless router or even the mobile phone with unlimited routing function) is carried out in data terminal start, master control process reads wlan network configuration item, and judges according to wlan network configuration item whether wlan network is opened; If wlan network is not opened, represent that wlan network is disabled, client cannot access this data terminal, end operation by Wi-Fi; If wlan network is opened, judge that current wlan network is to be operated under single SSID pattern, or under many SSID pattern; If wlan network is operated under single SSID pattern, read the place an order wlan network relevant parameter of SSID of wlan network; If wlan network is operated under many SSID pattern, read wlan network relevant parameter corresponding to each SSID difference under wlan network.
By above-mentioned processing, all configurations to wlan network have just been completed.
Step 102, reads the network resource accession control information corresponding with the wlan network next one or a plurality of SSID setting in advance;
In embodiments of the present invention, can obtain the wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges by interface is set, wherein, network resource accession control information is network resource accession white list/blacklist.
Preferably, in embodiments of the present invention, can also obtain the wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges by interface is set, wherein, MAC Address white list/blacklist that described mac address filter information is STA;
Below can further carrying out in step 102, process: read the mac address filter information corresponding with the described wlan network next one or a plurality of SSID setting in advance;
Subsequently, according to corresponding mac address filter information, judge whether STA can access the SSID that it will access, and in the situation that being judged as YES, STA is accessed to this SSID, and proceeds to step 103, otherwise, forbid that STA accesses this SSID.
Preferably, in embodiments of the present invention, after execution step 102, can also comprise following processing: judge whether that STA need to access a certain SSID under wlan network, in the situation that being judged as YES, proceed to step 103, or, carried out above-mentioned according to mac address filter information, judge whether STA can access SSID after, then proceed to step 103; In the situation that being judged as NO, wait for the scheduled time, if still do not have STA need to access a certain SSID under wlan network within the described scheduled time, wlan network is set to resting state.
Step 103, in the situation that judgement has under STA access wlan network certain SSID, according to corresponding network resource accession control information, judge whether the SSID at STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow STA to access this Internet resources, otherwise, forbid that STA accesses this Internet resources.
Particularly, in step 103, according to corresponding network resource accession control information, judge whether STA has authority to access its Internet resources of thinking access and specifically comprise: 1, obtain the network resource accession request that STA sends; 2, according to network resource accession, the Internet resources that STA will access are determined in request; 3, according to the corresponding network resource accession control information of SSID of STA access, judge whether the SSID at STA place has authority to access this Internet resources.
Below illustrate the concrete processing procedure of above-mentioned steps 102 and step 103:
First, data terminal need to read mac address filter information and the network resource accession control information that each SSID is corresponding; And judged whether that STA accesses certain SSID; Wait for 10 minutes, if still there is no STA access, wlan network enters resting state; If have STA access in 10 minutes, judge according to mac address filter information whether the MAC Address of this STA is validated user; If the MAC Address of this STA is not in the white list of the mac address filter information of this SSID, or the MAC Address of this STA is arranged in the blacklist of the mac address filter information of this SSID, point out user " disabled user, access failure "; If the MAC Address of this STA is positioned at the white list of the mac address filter information of this SSID, or the MAC Address of this STA is not in the blacklist of the mac address filter information of this SSID, and this STA successfully accesses this SSID.
Subsequently, receive this STA and initiate accesses network resource request, and control information judges whether the SSID at this STA place has authority to access this Internet resources according to network resource accession; If the SSID at this STA place does not have authority to access this Internet resources, prompting user's " insufficient permission is accessed unsuccessfully "; If the SSID at this STA place has the authority of these Internet resources of access, Internet resources corresponding to this STA successful access.
Below in conjunction with accompanying drawing, the technical scheme of the embodiment of the present invention is described in detail.
Fig. 2 is the operation principle schematic diagram that the wlan network resource access of the embodiment of the present invention is controlled, as shown in Figure 2, under an access point (AP), having 5 SSID, is respectively SSID1(Legal Affairs Dept), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department).AP is connected with Internet by 3G/4G network.
The network architecture based on shown in Fig. 2, in embodiments of the present invention, the above-mentioned data terminal of AP() first to start shooting and carry out initialization, master control process reads wlan network configuration item, and judges according to wlan network configuration item whether wlan network is opened; If wlan network is not opened, represent that wlan network is disabled, client cannot access this data terminal, end operation by Wi-Fi; If wlan network is opened, judge that current wlan network is to be operated under many SSID pattern, reads SSID1(Legal Affairs Dept under wlan network), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department) corresponding wlan network relevant parameter being configured respectively.
Subsequently, AP need to read respectively SSID1(Legal Affairs Dept), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department) corresponding mac address filter information and network resource accession control information; And judged whether that STA accesses certain SSID; Suppose to have STA need to access two of SSID3(software tests), according to and two of SSID3(software tests) corresponding mac address filter information judges whether the MAC Address of this STA is two of SSID3(software tests) validated user; If the MAC Address of this STA is not two of SSID3(software tests) the white list of mac address filter information in, or the MAC Address of this STA is arranged in two of SSID3(software tests) the blacklist of mac address filter information, point out user " disabled user, access failure "; If the MAC Address of this STA is positioned at two of SSID3(software tests) the white list of mac address filter information, or, the MAC Address of this STA is not two of SSID3(software tests) the blacklist of mac address filter information in, this STA successfully accesses two of SSID3(software tests).
Subsequently, receives this STA and initiate the accesses network resource request to human resources system, and control information judges two of SSID3(software tests according to network resource accession) whether there is authority to access human resources system; If two of SSID3(software tests) there is no authority access human resources system, prompting user's " insufficient permission is accessed unsuccessfully "; If two of SSID3(software tests) have the authority of access human resources system, this STA successful access human resources system.
Fig. 3 is the flow chart of detailed processing of the wlan network resource access control method of the embodiment of the present invention, as shown in Figure 3, according to the wlan network resource access control method of the embodiment of the present invention, comprises:
The first step, initialization is carried out in data terminal start, and master control process reads wlan network configuration item wlan_status, judges whether wlan network is opened, if wlan_status is OFF, represents that wlan network is disabled, carries out second step; If wlan_status is ON, expression wlan network is enabled, and carries out the 3rd step;
Second step, client cannot access this data terminal, end operation by Wi-Fi;
The 3rd step, data terminal call function wlan_detect_unissid_multissid (), this function is for judging that the value of current wlan_mode is unissid, or multissid; If the value of wlan_mode is unissid, wlan network is operated under single SSID pattern, carries out the 4th step, if the value of wlan_mode is multissid, wlan network is operated under many SSID pattern, carries out the 5th step;
The 4th step, data terminal call function wlan_unissid_para_conf (), this function is mainly realized the setting of wlan network relevant parameter under single SSID pattern, and for example, national code, channel, speed, cipher mode etc., carry out the 6th step;
The 5th step, data terminal call function wlan_multissid_para_conf (), this function is mainly used under many SSID pattern, the wlan network relative parameters setting of each SSID, for example, national code, channel, speed, cipher mode etc., carry out the 6th step;
The 6th step, data terminal call function wlan_mac_filter_conf (), this function mainly reads black and white lists corresponding to SSID separately, for realizing mac address filter function;
The 7th step, data terminal call function wlan_nrac_conf_func (), this function mainly reads the network resource accession authority that SSID is corresponding separately, for controlling network resource accession;
The 8th step, data terminal call function wlan_sta_access_ap (), this function is mainly used in having judged whether that STA accesses certain SSID; If in the scheduled time, there is no STA access, carry out the 9th step, if there is STA access in the scheduled time, carry out the tenth step;
The 9th step, data terminal is called wlan_ap_sleep_mode (), and this function is mainly used in controlling wlan network and whether enters resting state;
The tenth step, data terminal call function wlan_mac_filter_judge (), this function mainly judges according to MAC Address whether current STA is validated user; If the MAC Address of this STA is at the white list of this SSID, or the MAC Address of this STA is positioned at the blacklist of this SSID, carries out the 11 step; If the MAC Address of this STA is positioned at the white list of this SSID, or the MAC Address of this STA is not at the blacklist of this SSID, carries out the 12 step;
The 11 step, prompting user's " disabled user, access failure ";
The 12 step, this STA successfully accesses this SSID;
The 13 step, when STA initiates network resource accession request, data terminal call function wlan_sta_nr_func (), for initiating network resource accession request;
The 14 step, data terminal call function wlan_nrac_judge_func (), this function is mainly used in judging whether the SSID at this STA place has authority to access this Internet resources; If the SSID at this STA place does not have authority to access this Internet resources, carry out the 15 step; If the SSID at this STA place has the authority of these Internet resources of access, carry out the 16 step;
The 15 step, prompting user's " insufficient permission is accessed unsuccessfully ";
The 16 step, the Internet resources that this STA successful access is corresponding.
In sum, technical scheme by means of the embodiment of the present invention, the network resource accession control information setting in advance by basis judges whether STA has authority to access the Internet resources that it will be accessed, solve network resource accession in prior art and controlled the problem that need to use plurality of devices and equipment configuration more complicated, can simple and fast network resource accession authority be controlled, effectively protecting network safety; Compared with prior art, the technical scheme cost of the embodiment of the present invention is cheaper, operates simplyr, and more convenient user uses, and user experiences splendid.
Device embodiment
According to embodiments of the invention, a kind of wlan network resource access control device is provided, Fig. 4 is the structural representation of the wlan network resource access control device of the embodiment of the present invention, as shown in Figure 4, according to the wlan network resource access control device of the embodiment of the present invention, comprise: determination module 40, read module 42 and the first processing module 44, below be described in detail the modules of the embodiment of the present invention.
Particularly, initialization (this data terminal can be data card, wireless router or even the mobile phone with unlimited routing function) is carried out in data terminal start, master control process reads wlan network configuration item, and determination module 40 judges according to wlan network configuration item whether wlan network is opened; If wlan network is not opened, represent that wlan network is disabled, client cannot access this data terminal, end operation by Wi-Fi; If wlan network is opened, 40 current wlan networks of judgement of determination module are to be operated under single SSID pattern, or under many SSID pattern; If wlan network is operated under single SSID pattern, read the place an order wlan network relevant parameter of SSID of wlan network; If wlan network is operated under many SSID pattern, read wlan network relevant parameter corresponding to each SSID difference under wlan network.
By above-mentioned processing, all configurations to wlan network have just been completed.
Read module 42, for reading the described wlan network next one or the corresponding network resource accession control information of a plurality of SSID setting in advance;
According to the device of the embodiment of the present invention, also comprise: first arranges module, for obtaining by interface is set the wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges, wherein, network resource accession control information is network resource accession white list/blacklist.
Second arranges module, for obtaining by interface is set the wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges, wherein, MAC Address white list/blacklist that described mac address filter information is STA;
Preferably, read module 42 is further used for: read the mac address filter information corresponding with the described wlan network next one or a plurality of SSID setting in advance;
According to the device of the embodiment of the present invention, also comprise: the second processing module, for judging according to corresponding mac address filter information whether STA can access described SSID, in the situation that being judged as YES, described STA is accessed to this SSID, and call described the first processing module 44, otherwise, forbid that described STA accesses this SSID.
Preferably, according to the device of the embodiment of the present invention, also comprise: judge module, for judging whether that STA need to access a certain SSID under described wlan network, in the situation that being judged as YES, call described the first processing module 44, or, after calling the second processing module, then call described the first processing module 44; In the situation that being judged as NO, wait for the scheduled time, if still do not have STA need to access a certain SSID under described wlan network within the described scheduled time, described wlan network is set to resting state.
The first processing module 44, for have wireless stations STA to access under described wlan network certain SSID in judgement in the situation that, according to corresponding network resource accession control information, judge whether the SSID at described STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow described STA to access this Internet resources, otherwise, forbid that described STA accesses this Internet resources.
Particularly, the first processing module 44 judges according to corresponding network resource accession control information whether STA has authority to access its Internet resources of thinking access and specifically comprise: 1, the first processing module 44 is obtained the network resource accession request that STA sends; 2, the first processing module 44 according to network resource accession request determine the Internet resources that STA will access; 3, the first processing module 44 judges according to the corresponding network resource accession control information of SSID of STA access whether the SSID at STA place has authority to access this Internet resources.
Below illustrate the concrete processing procedure of above-mentioned read module 42, judge module, the first processing module 44 and the second processing module:
First, read module 42 need to read mac address filter information and the network resource accession control information that each SSID is corresponding; Judge module has judged whether that STA accesses certain SSID; Wait for 10 minutes, if still there is no STA access, wlan network enters resting state; If there is STA access in 10 minutes, the second processing module judges according to mac address filter information whether the MAC Address of this STA is validated user; If the MAC Address of this STA is not in the white list of the mac address filter information of this SSID, or the MAC Address of this STA is arranged in the blacklist of the mac address filter information of this SSID, point out user " disabled user, access failure "; If the MAC Address of this STA is positioned at the white list of the mac address filter information of this SSID, or the MAC Address of this STA is not in the blacklist of the mac address filter information of this SSID, and this STA successfully accesses this SSID.
Subsequently, the first processing module 44 receives this STA and initiates accesses network resource request, and control information judges whether the SSID at this STA place has authority to access this Internet resources according to network resource accession; If the SSID at this STA place does not have authority to access this Internet resources, prompting user's " insufficient permission is accessed unsuccessfully "; If the SSID at this STA place has the authority of these Internet resources of access, Internet resources corresponding to this STA successful access.
Below in conjunction with accompanying drawing, the technical scheme of the embodiment of the present invention is described in detail.
Fig. 2 is the operation principle schematic diagram that the wlan network resource access of the embodiment of the present invention is controlled, as shown in Figure 2, under an access point (AP), having 5 SSID, is respectively SSID1(Legal Affairs Dept), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department).AP is connected with Internet by 3G/4G network.
The network architecture based on shown in Fig. 2, in embodiments of the present invention, the above-mentioned data terminal of AP() first to start shooting and carry out initialization, master control process reads wlan network configuration item, and judges according to wlan network configuration item whether wlan network is opened; If wlan network is not opened, represent that wlan network is disabled, client cannot access this data terminal, end operation by Wi-Fi; If wlan network is opened, judge that current wlan network is to be operated under many SSID pattern, reads SSID1(Legal Affairs Dept under wlan network), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department) corresponding wlan network relevant parameter being configured respectively.
Subsequently, AP need to read respectively SSID1(Legal Affairs Dept), SSID2(beforehand research standard portion), two of SSID3(software tests), six of SSID4(software developments), SSID5(Zhong Yi project management department) corresponding mac address filter information and network resource accession control information; And judged whether that STA accesses certain SSID; Suppose to have STA need to access two of SSID3(software tests), according to and two of SSID3(software tests) corresponding mac address filter information judges whether the MAC Address of this STA is two of SSID3(software tests) validated user; If the MAC Address of this STA is not two of SSID3(software tests) the white list of mac address filter information in, or the MAC Address of this STA is arranged in two of SSID3(software tests) the blacklist of mac address filter information, point out user " disabled user, access failure "; If the MAC Address of this STA is positioned at two of SSID3(software tests) the white list of mac address filter information, or, the MAC Address of this STA is not two of SSID3(software tests) the blacklist of mac address filter information in, this STA successfully accesses two of SSID3(software tests).
Subsequently, receives this STA and initiate the accesses network resource request to human resources system, and control information judges two of SSID3(software tests according to network resource accession) whether there is authority to access human resources system; If two of SSID3(software tests) there is no authority access human resources system, prompting user's " insufficient permission is accessed unsuccessfully "; If two of SSID3(software tests) have the authority of access human resources system, this STA successful access human resources system.
Fig. 5 is the detailed structure schematic diagram of the wlan network resource access control device of the embodiment of the present invention, as shown in Figure 5, according to the wlan network resource access control device of the embodiment of the present invention, specifically comprises:
Mutual (WEB UI) module of web page user, web service (Web Server) module, master control (Main Control) module, network connects (Network Connect) module, 4G network (4G Network) module, wireless network control (WLAN Control) module, single SSID parameter configuration (UniSSID Parameter Conf) module, many SSID parameter configuration (MultiSSID Parameter Conf) module, MAC filters configuration (MAC Filter Conf) module, and network resource accession is controlled configuration (Network Resource Access Control Conf) module.
Wherein, WEB UI module is user and data terminal interaction page, by this page user, internetwork connection mode can be set, other functional module relevant parameter etc. is set, and for example, network resource accession control information and mac address filter information is set.
Web Server module is the background process program of WEB UI, is mainly used to process the various requests that user submits to.
Main Control module is data terminal main control module, a state machine of maintenance data terminal, the running of the modules in Comprehensive Control data terminal.
Network Connect module is network connecting module, and major control data terminal is operated in 4G network, or wired broadband network.
4G Network module is 4G network connecting module, mainly realizes the function such as data terminal networking, suspension under 4G network.
WLAN Control module is WLAN control module, the setting of major control wlan network relevant parameter.
UniSSID Parameter Conf module is single SSID parameter configuration module, WLAN relevant parameter while being operated in single SSID pattern for data terminal is set.
MultiSSID Parameter Conf module is many SSID parameter configuration module, the setting of WLAN relevant parameter while being operated in many SSID pattern for data terminal.
MAC Filter Conf module is wlan network mac address filter module, realizes wlan network black and white lists function, is mainly used in forbidding or allows the MAC Address of appointment to access certain SSID.
NRAC Conf module is wlan network resource access control module, mainly realizes certain SSID and network resource accession authority corresponding relation.
Fig. 3 is the flow chart of detailed processing of the wlan network resource access control method of the embodiment of the present invention, as shown in Figure 3, according to the wlan network resource access control method of the embodiment of the present invention, comprises:
The first step, initialization is carried out in data terminal start, and Main Control module reads wlan network configuration item wlan_status, judges whether wlan network is opened, if wlan_status is OFF, represents that wlan network is disabled, carries out second step; If wlan_status is ON, expression wlan network is enabled, and carries out the 3rd step;
Second step, client cannot access this data terminal, end operation by Wi-Fi;
The 3rd step, call function wlan_detect_unissid_multissid (), this function is for judging that the value of current wlan_mode is unissid, or multissid; If the value of wlan_mode is unissid, wlan network is operated under single SSID pattern, carries out the 4th step, if the value of wlan_mode is multissid, wlan network is operated under many SSID pattern, carries out the 5th step;
The 4th step, UniSSID Parameter Conf module call function wlan_unissid _ para_conf (), this function is mainly realized the setting of wlan network relevant parameter under single SSID pattern, for example, national code, channel, speed, cipher mode etc., carry out the 6th step;
The 5th step, MultiSSID Parameter Conf module call function wlan_multissid_para_conf (), this function is mainly used under many SSID pattern, the wlan network relative parameters setting of each SSID, for example, national code, channel, speed, cipher mode etc., carry out the 6th step;
The 6th step, MAC Filter Conf module call function wlan_mac_filter_conf (), this function mainly reads black and white lists corresponding to SSID separately, for realizing mac address filter function;
The 7th step, NRAC Conf module call function wlan_nrac_conf_func (), this function mainly reads the network resource accession authority that SSID is corresponding separately, for controlling network resource accession;
The 8th step, call function wlan_sta_access_ap (), this function is mainly used in having judged whether that STA accesses certain SSID; If in the scheduled time, there is no STA access, carry out the 9th step, if there is STA access in the scheduled time, carry out the tenth step;
The 9th step, calls wlan_ap_sleep_mode (), and this function is mainly used in controlling wlan network and whether enters resting state;
The tenth step, MAC Filter Conf module call function wlan_mac_filter_judge (), this function mainly judges according to MAC Address whether current STA is validated user; If the MAC Address of this STA is at the white list of this SSID, or the MAC Address of this STA is positioned at the blacklist of this SSID, carries out the 11 step; If the MAC Address of this STA is positioned at the white list of this SSID, or the MAC Address of this STA is not at the blacklist of this SSID, carries out the 12 step;
The 11 step, prompting user's " disabled user, access failure ";
The 12 step, this STA successfully accesses this SSID;
The 13 step, when STA initiates network resource accession request, Main Control module call function wlan_sta_nr_func (), for initiating network resource accession request;
The 14 step, NRAC Conf module call function wlan_nrac_judge_func (), this function is mainly used in judging whether the SSID at this STA place has authority to access this Internet resources; If the SSID at this STA place does not have authority to access this Internet resources, carry out the 15 step; If the SSID at this STA place has the authority of these Internet resources of access, carry out the 16 step;
The 15 step, prompting user's " insufficient permission is accessed unsuccessfully ";
The 16 step, the Internet resources that this STA successful access is corresponding.
In sum, technical scheme by means of the embodiment of the present invention, the network resource accession control information setting in advance by basis judges whether STA has authority to access the Internet resources that it will be accessed, solve network resource accession in prior art and controlled the problem that need to use plurality of devices and equipment configuration more complicated, can simple and fast network resource accession authority be controlled, effectively protecting network safety; Compared with prior art, the technical scheme cost of the embodiment of the present invention is cheaper, operates simplyr, and more convenient user uses, and user experiences splendid.
Although be example object, the preferred embodiments of the present invention are disclosed, it is also possible those skilled in the art will recognize various improvement, increase and replacement, therefore, scope of the present invention should be not limited to above-described embodiment.
Should be noted that, in all parts of controller of the present invention, the function that will realize according to it and parts have wherein been carried out to logical partitioning, but, the present invention is not limited to this, can as required all parts be repartitioned or be combined, for example, can be single parts by some component combinations, or some parts further can be decomposed into more subassembly.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module moved on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize the some or all functions according to the some or all parts in the controller of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
Claims (10)
1. a WLAN (wireless local area network) wlan network resource access control method, is characterized in that, comprising:
Step 1, determine whether wlan network is opened, in the situation that being defined as being, the one or more service set SSID under described wlan network are carried out to wlan network parameter configuration;
Step 2, reads the described wlan network next one or the corresponding network resource accession control information of a plurality of SSID that set in advance;
Step 3, in the situation that judgement has wireless stations STA to access under described wlan network certain SSID, according to corresponding network resource accession control information, judge whether the SSID at described STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow described STA to access this Internet resources, otherwise, forbid that described STA accesses this Internet resources.
2. the method for claim 1, it is characterized in that, described method also comprises: by interface is set, obtain the described wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges, wherein, described network resource accession control information is network resource accession white list/blacklist.
3. the method for claim 1, is characterized in that,
Described method also comprises: by being set, interface obtains the described wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges, wherein, MAC Address white list/blacklist that described mac address filter information is STA;
Described step 2 further comprises:
Read the described wlan network next one or the corresponding mac address filter information of a plurality of SSID that set in advance;
Before execution step 3, described method also comprises:
According to corresponding mac address filter information, judge whether STA can access described SSID, in the situation that being judged as YES, described STA is accessed to this SSID, and proceeds to step 3, otherwise, forbid that described STA accesses this SSID.
4. the method for claim 1, is characterized in that, according to corresponding network resource accession control information, judges whether the SSID at described STA place has authority to access its Internet resources of thinking access and specifically comprise:
Obtain the network resource accession request that described STA sends;
According to described network resource accession request, determine the Internet resources that described STA will access;
According to the corresponding network resource accession control information of SSID of described STA access, judge whether the SSID at described STA place has authority to access this Internet resources.
5. the method for claim 1, is characterized in that, after carrying out described step 2, described method also comprises:
Judge whether that STA need to access a certain SSID under described wlan network, in the situation that being judged as YES, proceed to step 3, in the situation that being judged as NO, wait for the scheduled time, if still do not have STA need to access a certain SSID under described wlan network within the described scheduled time, described wlan network is set to resting state.
6. a WLAN (wireless local area network) wlan network resource access control device, is characterized in that, comprising:
Determination module, for determining that whether wlan network is opened, and in the situation that being defined as being, carries out wlan network parameter configuration to the one or more service set SSID under described wlan network;
Read module, for reading the described wlan network next one or the corresponding network resource accession control information of a plurality of SSID setting in advance;
The first processing module, for have wireless stations STA to access under described wlan network certain SSID in judgement in the situation that, according to corresponding network resource accession control information, judge whether the SSID at described STA place has authority to access the Internet resources that it will be accessed, in the situation that defining authority, allow described STA to access this Internet resources, otherwise, forbid that described STA accesses this Internet resources.
7. device as claimed in claim 6, is characterized in that, described device also comprises:
First arranges module, and for obtaining by interface is set the described wlan network next one or the corresponding network resource accession control information of a plurality of SSID that user arranges, wherein, described network resource accession control information is network resource accession white list/blacklist.
8. device as claimed in claim 6, is characterized in that,
Described device also comprises: second arranges module, for obtaining by interface is set the described wlan network next one or the corresponding mac address filter information of a plurality of SSID that user arranges, wherein, MAC Address white list/blacklist that described mac address filter information is STA;
Described read module is further used for: read the described wlan network next one or the corresponding mac address filter information of a plurality of SSID that set in advance;
Described device also comprises: the second processing module, for judging according to corresponding mac address filter information whether STA can access described SSID, in the situation that being judged as YES, described STA is accessed to this SSID, and call described the first processing module, otherwise, forbid that described STA accesses this SSID.
9. device as claimed in claim 6, is characterized in that, described the first processing module specifically for:
Obtain the network resource accession request that described STA sends;
According to described network resource accession request, determine the Internet resources that described STA will access;
According to the corresponding network resource accession control information of SSID of described STA access, judge whether the SSID at described STA place has authority to access this Internet resources.
10. device as claimed in claim 6, is characterized in that, described device also comprises:
Judge module, for judging whether that STA need to access a certain SSID under described wlan network, in the situation that being judged as YES, call described the first processing module, in the situation that being judged as NO, wait for the scheduled time, if still do not have STA need to access a certain SSID under described wlan network within the described scheduled time, described wlan network is set to resting state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210313845.7A CN103685134A (en) | 2012-08-30 | 2012-08-30 | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210313845.7A CN103685134A (en) | 2012-08-30 | 2012-08-30 | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103685134A true CN103685134A (en) | 2014-03-26 |
Family
ID=50321476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210313845.7A Pending CN103685134A (en) | 2012-08-30 | 2012-08-30 | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103685134A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104093164A (en) * | 2014-07-17 | 2014-10-08 | 杭州古北电子科技有限公司 | Wireless network access control method and system thereof |
| WO2016058376A1 (en) * | 2014-10-17 | 2016-04-21 | 中兴通讯股份有限公司 | Safety reminding method and network access device |
| CN105700974A (en) * | 2016-01-13 | 2016-06-22 | 惠州Tcl移动通信有限公司 | Mobile terminal file backup system, method and mobile terminal |
| CN107592614A (en) * | 2017-09-15 | 2018-01-16 | 泾县麦蓝网络技术服务有限公司 | A kind of user terminal network access control method and system applied in entity store |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005130069A (en) * | 2003-10-22 | 2005-05-19 | Japan Telecom Co Ltd | Method for controlling access in wireless lan, wireless lan system, and program |
| CN101119368A (en) * | 2007-08-14 | 2008-02-06 | 北京佳讯飞鸿电气股份有限公司 | Method for implementing wireless network safety communication |
| CN101286948A (en) * | 2008-05-30 | 2008-10-15 | 杭州华三通信技术有限公司 | Access authority control method and wireless access equipment |
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| CN102215456A (en) * | 2010-04-07 | 2011-10-12 | 华为技术有限公司 | Multicast control method and device |
-
2012
- 2012-08-30 CN CN201210313845.7A patent/CN103685134A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005130069A (en) * | 2003-10-22 | 2005-05-19 | Japan Telecom Co Ltd | Method for controlling access in wireless lan, wireless lan system, and program |
| CN101119368A (en) * | 2007-08-14 | 2008-02-06 | 北京佳讯飞鸿电气股份有限公司 | Method for implementing wireless network safety communication |
| CN101286948A (en) * | 2008-05-30 | 2008-10-15 | 杭州华三通信技术有限公司 | Access authority control method and wireless access equipment |
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| CN102215456A (en) * | 2010-04-07 | 2011-10-12 | 华为技术有限公司 | Multicast control method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104093164A (en) * | 2014-07-17 | 2014-10-08 | 杭州古北电子科技有限公司 | Wireless network access control method and system thereof |
| WO2016058376A1 (en) * | 2014-10-17 | 2016-04-21 | 中兴通讯股份有限公司 | Safety reminding method and network access device |
| CN105700974A (en) * | 2016-01-13 | 2016-06-22 | 惠州Tcl移动通信有限公司 | Mobile terminal file backup system, method and mobile terminal |
| CN107592614A (en) * | 2017-09-15 | 2018-01-16 | 泾县麦蓝网络技术服务有限公司 | A kind of user terminal network access control method and system applied in entity store |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11375363B2 (en) | Secure updating of telecommunication terminal configuration | |
| EP2574098B1 (en) | Managing mobile device applications in a wireless network | |
| CN103597799B (en) | service access authentication method and system | |
| CN107094127B (en) | Processing method and device, and obtaining method and device of security information | |
| CN108605264B (en) | Method and apparatus for network management | |
| KR20170094174A (en) | Mobile authentication in mobile virtual network | |
| CN105635084A (en) | Apparatus and method for authenticating terminal | |
| CN113206814B (en) | Network event processing method and device and readable storage medium | |
| JP2015053674A (en) | Method for safely accessing network from personal device, personal device, network server, and access point | |
| CN113411286B (en) | Access processing method and device based on 5G technology, electronic equipment and storage medium | |
| CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
| US11683312B2 (en) | Client device authentication to a secure network | |
| CN103685134A (en) | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device | |
| US9553849B1 (en) | Securing data based on network connectivity | |
| CN108154026B (en) | Root-free and non-invasive secure communication method and system based on Android system | |
| CN114697963A (en) | Terminal identity authentication method and device, computer equipment and storage medium | |
| CN112565251B (en) | Access authentication method, device and system for vehicle-mounted application | |
| CN105025548B (en) | A kind of the connection control method and device of SIM card | |
| CN106937282B (en) | VPN access method and system based on mobile terminal | |
| CN108664805B (en) | Application program safety verification method and system | |
| CN115277237A (en) | Control method and device for accessing mobile terminal to enterprise intranet | |
| CN109088854B (en) | Access method and device of shared application and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140326 |
|
| RJ01 | Rejection of invention patent application after publication |