CN103731425A - Network wireless terminal access control method and system - Google Patents

Network wireless terminal access control method and system Download PDF

Info

Publication number
CN103731425A
CN103731425A CN201310751640.1A CN201310751640A CN103731425A CN 103731425 A CN103731425 A CN 103731425A CN 201310751640 A CN201310751640 A CN 201310751640A CN 103731425 A CN103731425 A CN 103731425A
Authority
CN
China
Prior art keywords
wireless terminal
ssid
access
network
reception device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310751640.1A
Other languages
Chinese (zh)
Other versions
CN103731425B (en
Inventor
吴飞
郑杨千
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201310751640.1A priority Critical patent/CN103731425B/en
Publication of CN103731425A publication Critical patent/CN103731425A/en
Application granted granted Critical
Publication of CN103731425B publication Critical patent/CN103731425B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a network wireless terminal access control method and system. The network wireless terminal access control method includes the steps that a wireless terminal selects an SSID to have access to a WLAN network, a wireless access device initiates AAA authentication, an AAA server can detect whether a wireless terminal MAC has already been bound with the SSID or not, if the wireless terminal MAC has been bound with the SSID, a user is allowed to have access to network resources, and if the wireless terminal MAC has been bound with another SSID, the user is not allowed to have access to the network resources. If the user conducts connection on the SSID for the first time, a user MAC and the SSID are bound and stored, and the user is allowed to have access to the network resources. The wireless terminal and the SSID which needs to have access to the network are bound or isolated through the AAA server, and therefore the wireless terminal can only have access to the network to which the wireless terminal has access for the first time, isolation is achieved, and security of the network is improved.

Description

Network wireless terminal access controlling method and system
Technical field
The invention belongs to communication technical field, specifically a kind of design of method and system of network wireless terminal binding isolation access control.
Background technology
Along with the develop rapidly of computer technology, information network has become the important guarantee of social development, have is much sensitive information, or even state secret, so can attract unavoidably the various artificial attack from all over the world, such as leakage of information, information are stolen, data tampering, data delete add, computer virus etc., meanwhile, network entity also will stand test aspects such as floods, fire, earthquake, electromagnetic radiation.
Traditional network insertion can arbitrarily be linked into by Network Access Point the network of zones of different, but can cause huge threat to the fail safe of network like this, make through the wireless terminal of authentication, not arbitrarily to be linked in network, cause the network information to reveal, and easily cause networking maintenance, management cost greatly to increase.
Summary of the invention
Technical problem to be solved by this invention is the not high defect of fail safe and propose a kind of network wireless terminal access controlling method and system when overcoming in prior art the access of network wireless terminal.
The technical scheme that the present invention solves its technical problem employing is: network wireless terminal access controlling method, comprises the steps:
A, wireless terminal are selected, after service set SSID, to be linked into the radio reception device in wlan network;
B, described radio reception device receive after the essential information of described wireless terminal, by aaa protocol, are linked into aaa authentication server;
C, aaa server check that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
Further, in described step B, receive the essential information of described wireless terminal at described radio reception device before, also comprise that described wireless terminal sends access request information to described radio reception device, described radio reception device is replied information that accepts request of described wireless terminal after receiving access request information.
Further, in described step B, the essential information that described radio reception device receives described wireless terminal comprises user profile, the essential information of SSID and the MAC Address of described wireless terminal of wireless terminal.
Further, in described step C, the SSID that is checked through described wireless terminal and described selection when aaa server does not bind, and there is no the binding record with other SSID yet, need the SSID of described wireless terminal and described selection to bind, and the binding relationship of the SSID of described wireless terminal and described selection is stored in database.
The present invention also provides a kind of network wireless terminal binding isolation access control system, comprising: the radio reception device of wlan network, wireless terminal to be accessed and aaa authentication server,
Described wireless terminal to be accessed is used for, according to after the service set SSID that selects to need, and the wlan network that request access is corresponding;
The radio reception device of described wlan network, for receiving after the essential information of described wireless terminal, is linked into the binding module of aaa authentication server by aaa protocol;
Described aaa authentication server comprises binding module, and the binding module of described aaa authentication server is for checking that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
Further, described radio reception device also for, before receiving the essential information of described wireless terminal, receive wireless terminal send access request information after, reply information that accepts request of described wireless terminal.
Further, the essential information that described radio reception device receives described wireless terminal comprises user profile, the essential information of SSID and the MAC Address of described wireless terminal of wireless terminal.
Further, the binding module of described aaa authentication server also for, when the SSID that is checked through described wireless terminal and described selection does not bind, and there is no the binding record with other SSID yet, need the SSID of described wireless terminal and described selection to bind, and the binding relationship of the SSID of described wireless terminal and described selection is stored in database.
Beneficial effect of the present invention: the method and system of network wireless terminal of the present invention access control, by aaa authentication server, wireless terminal is bound with the SSID that needs access, and binding information is stored in database, then the proof procedure of binding, the network that wireless terminal is accessed is for the first time remembered, when upper once wireless terminal access, only need the relation information of storing in calling data storehouse, thereby make wireless terminal can only be linked into the network of access for the first time, realized binding isolation, improved the fail safe of network, reduced network administration cost.
Accompanying drawing explanation
Figure 1 shows that the FB(flow block) of the method for the network wireless terminal binding isolation access control of the embodiment of the present invention;
Figure 2 shows that the structural representation of the system of the network wireless terminal binding isolation access control of the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment, the invention will be further elaborated.
The FB(flow block) that is illustrated in figure 1 the method for the network wireless terminal binding isolation access control of the embodiment of the present invention, it specifically comprises the steps:
A, WLAN (wireless local area network) WLAN is set, the wireless terminal of network to be accessed is placed in to WLAN, wireless terminal is selected service set SSID(Service Set Identifier, service set) after, be linked into the radio reception device in wlan network;
B, described radio reception device receive after the essential information of described wireless terminal, by aaa protocol, are linked into aaa authentication server;
C, aaa server check that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
The present invention is by binding with the SSID that needs access wireless terminal, realized wireless terminal when upper once wireless terminal access, only need the relation information of storing in calling data storehouse, thereby make wireless terminal can only be linked into the network of access for the first time, realized binding isolation, the fail safe that has improved network, has reduced network administration cost.In the present invention, the wireless terminal of described network to be accessed can be: smart mobile phone, panel computer, PC, IPTV wireless terminal etc., described access device can adopt in actual applications: Ethernet switch, WAP (wireless access point), Radio Access Controller etc.
Wherein, the aaa protocol in described step B can be radius agreement, and corresponding aaa authentication server also adopts radius server, certainly also can change according to actual conditions, adopts Diameter or other agreements.
Radio reception device in described step B comprises wireless access point AP and wireless controller AC, first by described wireless terminal, to described AP, send request access information, described AP replys information that accepts request of described wireless terminal after receiving request access information, then by described AP, received the essential information of described wireless terminal, and essential information is transmitted to AC, by AC, received after essential information, by aaa protocol, be linked into the binding module of aaa authentication server, described essential information can comprise the user profile of wireless terminal, the essential information of SSID and the essential information of described wireless terminal etc.,
Whether the binding module of described aaa server judges described wireless terminal and needs the SSID of access for accessing for the first time, if access for the first time, need user profile to verify, described wireless terminal and the binding relationship of the SSID that needs access are stored in database, then the relation information of binding are sent to the binding authentication module of aaa authentication server; If not access for the first time, check whether user binds other SSID, if bind other SSID, refuse user's access; From database, find out described wireless terminal and the relation information bound of SSID that needs access, and described relation information is forwarded to aaa authentication server carries out aaa authentication.
Wherein, aaa authentication server is carrying out when user authenticates that some additional informations are bound to checking, for example, to reach stronger control object: after authentication, check the network whether user accesses from the AP specifying, if not refusing access.Binding module is that additional information configuration association is arrived to user, can be manual setting, also can be by system Lookup protocol.
Described AP and described AC set up tunnel by capwap agreement, and by the capwap tunnel of setting up, essential information are transmitted to AC.
For those skilled in the art can understand and implement technical solution of the present invention, below by specific embodiment, the method for network wireless terminal binding isolation access control of the present invention is elaborated, concrete steps are as follows:
1, user opens wlan network on wireless terminal, finds the SSID that needs access;
2, enter the SSID that needs access, input account and password, interconnection network;
3, wireless terminal IP understands the access point AP of finding nearby, and to AP, sends request the information of access, and AP receives after solicited message, returns to the information accepting request to wireless terminal;
4, wireless terminal sends to AP essential informations such as user profile, SSID, wireless terminals;
5, access point AP and wireless controller AC set up tunnel by capwap agreement, and AP is transmitted to AC by essential information by tunnel, and AC receives after information, by radius agreement, is all transmitted to aaa authentication server;
6, aaa authentication server is received after information, first information can be issued to inner binding module and verify, if access for the first time, after can verifying user identity, the binding relationship of wireless terminal and SSID is stored in database, and then result is issued to binding authentication module; If not access for the first time, check whether user binds other SSID, if bind other SSID, refuse user's access; ;
7, binding authentication module is received after information, can judge whether the wireless terminal MAC of access has been linked into the network of specifying, and as Intranet or outer net, if access correct situation, can authorize and allow access, otherwise not allow access; Accessing the network that successful wireless terminal can only be linked into appointment by this SSID conducts interviews.
Meanwhile, the present invention also provides a kind of network wireless terminal access control system, is illustrated in figure 2 the structural representation of system of the present invention, comprising: the radio reception device of wlan network, wireless terminal to be accessed and aaa authentication server,
Described wireless terminal to be accessed is used for, according to after the service set SSID that selects to need, and the wlan network that request access is corresponding; The radio reception device of described wlan network, for receiving after the essential information of described wireless terminal, is linked into the binding module of aaa authentication server by aaa protocol; Described aaa authentication server comprises binding module, and the binding module of described aaa authentication server is for checking that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
Those of ordinary skill in the art will appreciate that, embodiment described here is in order to help reader understanding's principle of the present invention, should be understood to that protection scope of the present invention is not limited to such special statement and embodiment.Those of ordinary skill in the art can make various other various concrete distortion and combinations that do not depart from essence of the present invention according to these technology enlightenments disclosed by the invention, and these distortion and combination are still in protection scope of the present invention.

Claims (8)

1. network wireless terminal access controlling method, is characterized in that, comprises the steps:
A, wireless terminal are selected, after service set SSID, to be linked into the radio reception device in wlan network;
B, described radio reception device receive after the essential information of described wireless terminal, by aaa protocol, are linked into aaa authentication server;
C, aaa server check that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
2. the method for claim 1, it is characterized in that, in described step B, receive the essential information of described wireless terminal at described radio reception device before, also comprise that described wireless terminal sends access request information to described radio reception device, described radio reception device is replied information that accepts request of described wireless terminal after receiving access request information.
3. the method for claim 1, is characterized in that, in described step B, the essential information that described radio reception device receives described wireless terminal comprises user profile, the essential information of SSID and the MAC Address of described wireless terminal of wireless terminal.
4. the method as described in claim 1-3 any one, it is characterized in that, in described step C, the SSID that is checked through described wireless terminal and described selection when aaa server does not bind, and there is no the binding record with other SSID yet, need the SSID of described wireless terminal and described selection to bind, and the binding relationship of the SSID of described wireless terminal and described selection is stored in database.
5. network wireless terminal access control system, is characterized in that, comprising: the radio reception device of wlan network, wireless terminal to be accessed and aaa authentication server,
Described wireless terminal to be accessed, for according to after the service set SSID that selects to need, is asked wlan network corresponding to access;
The radio reception device of described wlan network, for receiving after the essential information of described wireless terminal, is linked into the binding module of aaa authentication server by aaa protocol;
Described aaa authentication server comprises binding module, and the binding module of described aaa authentication server is for checking that whether described wireless terminal MAC has been tied to the SSID of described selection, in this way, enters aaa authentication flow process; Otherwise check whether user binds other SSID, if bind other SSID, refuse user's access; If do not bind other SSID, the SSID of user MAC and described selection is bound and preserved, enter aaa authentication flow process.
6. system as claimed in claim 5, is characterized in that, described radio reception device also for, before receiving the essential information of described wireless terminal, receive wireless terminal send access request information after, reply information that accepts request of described wireless terminal.。
7. system as claimed in claim 5, is characterized in that, the essential information that described radio reception device receives described wireless terminal comprises user profile, the essential information of SSID and the MAC Address of described wireless terminal of wireless terminal.
8. the system as described in claim 5-7 any one, it is characterized in that, the binding module of described aaa authentication server also for, when the SSID that is checked through described wireless terminal and described selection does not bind, and there is no the binding record with other SSID yet, need the SSID of described wireless terminal and described selection to bind, and the binding relationship of the SSID of described wireless terminal and described selection is stored in database.
CN201310751640.1A 2013-12-31 2013-12-31 Network wireless terminal connection control method and system Active CN103731425B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310751640.1A CN103731425B (en) 2013-12-31 2013-12-31 Network wireless terminal connection control method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310751640.1A CN103731425B (en) 2013-12-31 2013-12-31 Network wireless terminal connection control method and system

Publications (2)

Publication Number Publication Date
CN103731425A true CN103731425A (en) 2014-04-16
CN103731425B CN103731425B (en) 2016-08-24

Family

ID=50455352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310751640.1A Active CN103731425B (en) 2013-12-31 2013-12-31 Network wireless terminal connection control method and system

Country Status (1)

Country Link
CN (1) CN103731425B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681352A (en) * 2016-03-21 2016-06-15 深圳融腾科技有限公司 Wi-Fi access security control method and system
CN107395785A (en) * 2017-08-07 2017-11-24 福州市协成智慧科技有限公司 A kind of acquisition methods and device of network equipment true address
CN112202799A (en) * 2020-10-10 2021-01-08 杭州盈高科技有限公司 Authentication system and method for binding user and/or terminal with SSID

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060104224A1 (en) * 2004-10-13 2006-05-18 Gurminder Singh Wireless access point with fingerprint authentication
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN101895875A (en) * 2010-07-29 2010-11-24 杭州华三通信技术有限公司 Method and system of using gateway device to provide differentiated services in wireless network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060104224A1 (en) * 2004-10-13 2006-05-18 Gurminder Singh Wireless access point with fingerprint authentication
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN101895875A (en) * 2010-07-29 2010-11-24 杭州华三通信技术有限公司 Method and system of using gateway device to provide differentiated services in wireless network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681352A (en) * 2016-03-21 2016-06-15 深圳融腾科技有限公司 Wi-Fi access security control method and system
CN105681352B (en) * 2016-03-21 2019-03-19 深圳融腾科技有限公司 A kind of wireless network access safety management-control method and system
CN107395785A (en) * 2017-08-07 2017-11-24 福州市协成智慧科技有限公司 A kind of acquisition methods and device of network equipment true address
CN112202799A (en) * 2020-10-10 2021-01-08 杭州盈高科技有限公司 Authentication system and method for binding user and/or terminal with SSID

Also Published As

Publication number Publication date
CN103731425B (en) 2016-08-24

Similar Documents

Publication Publication Date Title
US11829774B2 (en) Machine-to-machine bootstrapping
CN102843682B (en) Access point authorizing method, device and system
CN105052184B (en) Method, equipment and controller for controlling user equipment to access service
US9197639B2 (en) Method for sharing data of device in M2M communication and system therefor
CN102215474B (en) Method and device for carrying out authentication on communication equipment
US9992673B2 (en) Device authentication by tagging
US10826945B1 (en) Apparatuses, methods and systems of network connectivity management for secure access
CN106465096B (en) It accesses network and obtains method, terminal and the core net of client identification module information
CN104780536B (en) A kind of authentication method and terminal of internet of things equipment
CN105981345B (en) The Lawful intercept of WI-FI/ packet-based core networks access
EP2924944B1 (en) Network authentication
US20200228981A1 (en) Authentication method and device
CN102685730B (en) Method for transmitting context information of user equipment (UE) and mobility management entity (MME)
CN101711022A (en) Wireless local area network (WLAN) access terminal, WLAN authentication server and WLAN authentication method
CN103874065A (en) Method and device for judging user position abnormity
EP3206422A1 (en) Method and device for creating subscription resource
CN103544752B (en) A kind of wireless video access control system and its control method based on IGRS protocol
CN204376941U (en) Outer net middleware, Intranet middleware and middleware system
CN108293055A (en) Method, apparatus and system for authenticating to mobile network and for by the server of device authentication to mobile network
Zhang et al. Group-based authentication and key agreement for machine-type communication
CN103731425A (en) Network wireless terminal access control method and system
CN104812019A (en) Wireless network access method, wireless access equipment and wireless control equipment
CN103581895B (en) Triggering method and system based on MTC device group
CN101800983B (en) Access control method of configurable mobile terminal
CN103582078A (en) Method and device for access control of machine communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant