CN104469762A - User grading control system of 3G/WIFI wireless router - Google Patents
User grading control system of 3G/WIFI wireless router Download PDFInfo
- Publication number
- CN104469762A CN104469762A CN201310411926.5A CN201310411926A CN104469762A CN 104469762 A CN104469762 A CN 104469762A CN 201310411926 A CN201310411926 A CN 201310411926A CN 104469762 A CN104469762 A CN 104469762A
- Authority
- CN
- China
- Prior art keywords
- user
- router
- network
- wifi router
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a user grading control system of a 3G/WIFI wireless router. The method comprises the following steps that: (1), different network access permissions are set in a 3G/WIFI router; (2), a user information list is established in the 3G/WIFI router; (3), a superuser is set in the 3G/WIFI router; (4), a control information list is established in the 3G/WIFI router; (5), the 3G/WIFI router is configured with a firewall rule and a network access permission is set; (6), the user is in a limited access state when a set router is connected by the WIFI network; (7), the router obtains the user permission from the user information list according to user information, binding is carried out based on the MAC address/IP address information of the user and the network permission, the information is written into the control information list, and the firewall rule is set; and (8), according to the obtained permission, the network access is carried out and the router also monitors the user state dynamically; when the user carries out connection with the router, a timer is set to carry out monitoring; and authentication needs to be carried out again when the user needs access again. The method has characteristics of enhanced system safety and usability.
Description
Technical field
The invention belongs to 3G/WIFI wireless routing user's control technology field, controlled the method for customer access network authority by authenticating user identification, particularly relate to a kind of 3G/ WIFI wireless router user hierarchical control method.
Background technology
Along with the development of 3G technology, 3G wireless access rate is more and more higher, the application of 3G wireless router in enterprise and family is also more and more extensive, make multiple user share express network resource and become possibility, current 3G WIFI router provides access authentication, but do not control user and log in access control to Internet resources after router, especially the setting of whether some resource of limited accass when non-associate uses router, therefore there is the deficiency of fail safe aspect, method in this paper can control according to user authentication data the authority that user uses network, enhance security of system and use cheap property.
Summary of the invention
For the problem of 3G/WIFI wireless router access control fail safe deficiency, the present invention proposes a kind of 3G/ WIFI wireless router user hierarchical control method, use the access rights of 3G/WIFI router accessing Internet or local area network (LAN) to set to different user.
Make in this way:
1) preset the authority of intra-company personnel accesses network, when interior employee's access device, obtain the authority of accesses network according to the username and password of input.
2) set different bundle of permissions to foreign subscriber, often group uses same username and password, and company external staff uses some username and password access networks, gets this group network authority, convenient for users and ensure that network security.
3) use and support finger print identifying, the built-in fingerprint base of router, supporting that access user carries out fingerprint login, correspond to the access rights of user according to finger print information.
4) user is by after WIFI certification access, needs to connect the web server in 3G/WIFI router, obtains corresponding Web vector graphic authority after logging in, router timing inquiring user logging status.
According to above content, realize the control to customer access network authority by software logic in the router.
To achieve these goals, the technical solution used in the present invention is:
A kind of 3G/WIFI router user hierarchical control method, performing step is as follows:
1) in 3G/WIFI router, set different network access authoritys respectively, the difference according to application scenario can be divided into: without network access authority, only can access 3G/WIFI router, only can access Intranet, only can access outer net, can access Inside and outside network and can use all-network resource;
2) in 3G/WIFI router, user message table is set up, recording user title and corresponding authority in table, in 3G/WIFI router, set up fingerprint base, fingerprint base has fingerprint and user profile, can user profile be obtained by fingerprint base, can network legal power be got in user message table;
3) in 3G/WIFI router, set power user, this user has the ability upgrading user right table/fingerprint base information, must be changed as changed network access authority by power user;
4) in 3G/WIFI router, control information table is set up, the user right of recording user IP address in table, MAC Address and correspondence;
5) using IPTABLES tool configuration firewall rule at 3G/WIFI router, setting the authority of accesses network, for supporting the access of user to Internet resources of different rights;
6) be without network access authority state when user accesses by WIFI network the router set, user needs user's login interface in access router, input user name cipher inquiry user profile or import finger print information into router by far-end finger print input device, by fingerprint base searching user's information in user message table;
7) 3G/WIFI router obtains user right according to user profile in user message table, and bind according to the information of the MAC Address/IP address of user and network legal power, then by these information write control information tables, simultaneously by IPTABLES tool settings firewall rule;
8) user is according to the authority accesses network got 3G/WIFI router also dynamic monitoring User Status simultaneously, during user connects 3G/WIFI router, set timer supervise, timer expiry then starts inquiring user state, when inquire user exit after renewal control information table and upgrade firewall rule, need certification again when user accesses again.
By the enforcement of above step, establish the grading control of network access authority.
Beneficial effect and the advantage of this method are:
1) in 3G/WIFI router, add user's grading control mechanism, change original 3G router log in after the mode of not restricting user access network legal power, Web vector graphic authority is divided into different ranks, employee of different nature is made to have different Web vector graphic authorities, can be set by power user as authority need be changed, control flexible.
2) improve the fail safe of access to netwoks, pass through grading control, make the resource that can access between the external employee of company and inner different employee different, user accesses the MAC/IP address of rear direct user bound, carry out dynamic supervision between active stage, ensure that the fail safe of important information in network.
3) enhance the ease for use by 3G/WIFI router access network, after network legal power classification, the username and password unified to a certain grade setting, facilitates access and the management of this class subscribers group.
4) have employed multiple user mode access, comprise the mode of manually input usemame/password and finger print identifying, be user-friendly to.
Accompanying drawing explanation
Fig. 1 is the setting process figure of 3G/WIFI router grading control of the present invention.
Fig. 2 is user's access process figure of the present invention.
Embodiment
Below in conjunction with specific embodiments and the drawings, the present invention is described in further detail.
embodiment 1
With reference to Fig. 1,2, the present embodiment is the process of external staff's accesses network resource, only typing user profile in user message table:
1) in 3G/WIFI router, set different network access authoritys respectively, the difference according to application scenario can be divided into: without network access authority, only can access 3G/WIFI router, only can access Intranet, only can access outer net, can access Inside and outside network and can use all-network resource;
2) in 3G/WIFI router, in user message table, username and password and network access authority is added for external staff: only can access outer net;
3) in 3G/WIFI router, set power user, this user has the ability upgrading user right table/fingerprint base information, must be changed as changed network access authority by power user;
4) external staff is linked into 3G/WIFI router by WIFI, and now user is in without network access authority state, and external staff connects user's login interface in 3G/WIFI router, input usemame/password;
5) 3G/WIFI router is searched user message table according to usemame/password and is obtained user right, and binds, then by these information write control information tables according to the information of the MAC Address/IP address of user and network legal power;
6) 3G/WIFI router obtains user right according to user profile in user message table, and bind according to the information of the MAC Address/IP address of user and network legal power, then by these information write control information tables, by IPTABLES tool settings firewall rule: can only outer net be accessed;
7) user is according to the authority accesses network got 3G/WIFI router also dynamic monitoring User Status simultaneously, during user connects 3G/WIFI router, set timer supervise, timer expiry then starts inquiring user state, when inquire user exit after renewal control information table and upgrade firewall rule, need certification again when user accesses again.
embodiment 2
The present embodiment is the process that intra-company personnel can access overall network resource, also can be logged in by fingerprint base mode by user message table:
1) in 3G/WIFI router, set different network access authoritys respectively, the difference according to application scenario can be divided into: without network access authority, only can access 3G/WIFI router, only can access Intranet, only can access outer net, can access Inside and outside network and can use all-network resource;
2) in 3G/WIFI router, set up user message table, in table, recording user title and corresponding authority, set up fingerprint base in 3G/WIFI router.For internal staff carries out fingerprint typing in 3G/WIFI router, setting user profile and network legal power;
3) in 3G/WIFI router, set power user, this user has the ability upgrading user right table/fingerprint base information, must be changed as changed network access authority by power user;
4) external staff is linked into 3G/WIFI router by WIFI, and now user is in without network access authority state, and external staff connects user's login interface in 3G/WIFI router, input usemame/password or directly typing fingerprint;
5) 3G/WIFI router is searched user message table according to finger print data acquisition user profile or usemame/password and is obtained user right, and bind, then by these information write control information tables according to the information of the MAC Address/IP address of user and network legal power;
6) 3G/WIFI router obtains user right according to user profile in user message table, and bind according to the information of the MAC Address/IP address of user and network legal power, then by these information write control information tables, by IPTABLES tool settings firewall rule: overall network resource can be accessed;
7) user is according to the authority accesses network got 3G/WIFI router also dynamic monitoring User Status simultaneously, during user connects 3G/WIFI router, set timer supervise, timer expiry then starts inquiring user state, when inquire user exit after renewal control information table and upgrade firewall rule, need certification again when user accesses again.
Claims (1)
1. a 3G/WIFI router user hierarchical control method, is characterized in that, comprises the following steps:
1) in 3G/WIFI router, set different network access authoritys respectively, the difference according to application scenario can be divided into: without network access authority, only can access 3G/WIFI router, only can access Intranet, only can access outer net, can access Inside and outside network and can use all-network resource;
2) in 3G/WIFI router, user message table is set up, recording user title and corresponding authority in table, in 3G/WIFI router, set up fingerprint base, fingerprint base has fingerprint and user profile, can user profile be obtained by fingerprint base, can network legal power be got in user message table;
3) in 3G/WIFI router, set power user, this user has the ability upgrading user right table/fingerprint base information, must be changed as changed network access authority by power user;
4) in 3G/WIFI router, control information table is set up, the user right of recording user IP address in table, MAC Address and correspondence;
5) using IPTABLES tool configuration firewall rule at 3G/WIFI router, setting the authority of accesses network, for supporting the access of user to Internet resources of different rights;
6) be without network access authority state when user accesses by WIFI network the 3G/WIFI router set, user needs user's login interface in access 3G/WIFI router, input user name cipher inquiry user profile or import finger print information into router by far-end finger print input device, by fingerprint base searching user's information in user message table;
7) 3G/WIFI router obtains user right according to user profile in user message table, and bind according to the information of the MAC Address/IP address of user and network legal power, then by these information write control information tables, simultaneously by IPTABLES tool settings firewall rule;
8) user is according to the authority accesses network got 3G/WIFI router also dynamic monitoring User Status simultaneously, during user connects 3G/WIFI router, set timer supervise, timer expiry then starts inquiring user state, when inquire user exit after renewal control information table and upgrade firewall rule, need certification again when user accesses again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310411926.5A CN104469762A (en) | 2013-09-12 | 2013-09-12 | User grading control system of 3G/WIFI wireless router |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310411926.5A CN104469762A (en) | 2013-09-12 | 2013-09-12 | User grading control system of 3G/WIFI wireless router |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104469762A true CN104469762A (en) | 2015-03-25 |
Family
ID=52914975
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310411926.5A Pending CN104469762A (en) | 2013-09-12 | 2013-09-12 | User grading control system of 3G/WIFI wireless router |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104469762A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104812019A (en) * | 2015-03-13 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Wireless network access method, wireless access equipment and wireless control equipment |
CN104822165A (en) * | 2015-03-27 | 2015-08-05 | 广东欧珀移动通信有限公司 | Method, device and system for controlling WIFI network speed of mobile terminal |
CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
CN105357122A (en) * | 2015-11-30 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router management method, device and router |
CN105827598A (en) * | 2016-03-11 | 2016-08-03 | 四川长虹电器股份有限公司 | Method and system for strengthening WiFi security of access router |
CN105871749A (en) * | 2015-11-16 | 2016-08-17 | 乐视致新电子科技(天津)有限公司 | Network access control method and system based on router, and related device |
CN106332080A (en) * | 2015-07-02 | 2017-01-11 | 平安科技(深圳)有限公司 | WIFI (Wireless Fidelity) hotspot connection control method based on communication system, server and WIFI hotspot |
CN106412896A (en) * | 2016-09-30 | 2017-02-15 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
CN106656982A (en) * | 2016-10-21 | 2017-05-10 | 国网黑龙江省电力有限公司信息通信公司 | Authentication module and method for double-computer switching device |
CN106657000A (en) * | 2016-11-10 | 2017-05-10 | 深圳惠众联合科技有限责任公司 | WLAN internal and external network access framework |
CN106911652A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device for preventing wireless router configuration information to be tampered |
WO2017120746A1 (en) * | 2016-01-11 | 2017-07-20 | 华为技术有限公司 | Method for managing network access rights and related device |
WO2020097928A1 (en) * | 2018-11-16 | 2020-05-22 | Oppo广东移动通信有限公司 | Network access method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
CN102625303A (en) * | 2011-01-27 | 2012-08-01 | 西安龙飞软件有限公司 | A method for WFII/3G router access authentication by using fingerprint |
-
2013
- 2013-09-12 CN CN201310411926.5A patent/CN104469762A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
CN102625303A (en) * | 2011-01-27 | 2012-08-01 | 西安龙飞软件有限公司 | A method for WFII/3G router access authentication by using fingerprint |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104812019A (en) * | 2015-03-13 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Wireless network access method, wireless access equipment and wireless control equipment |
CN104812019B (en) * | 2015-03-13 | 2019-02-22 | 深信服网络科技(深圳)有限公司 | Cut-in method, radio reception device and the wireless control apparatus of wireless network |
CN104822165A (en) * | 2015-03-27 | 2015-08-05 | 广东欧珀移动通信有限公司 | Method, device and system for controlling WIFI network speed of mobile terminal |
CN104822165B (en) * | 2015-03-27 | 2018-05-08 | 广东欧珀移动通信有限公司 | Control the method, apparatus and system of mobile terminal WIFI networking speeds |
CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
CN106332080A (en) * | 2015-07-02 | 2017-01-11 | 平安科技(深圳)有限公司 | WIFI (Wireless Fidelity) hotspot connection control method based on communication system, server and WIFI hotspot |
CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
CN105162763B (en) * | 2015-07-29 | 2020-12-04 | 网神信息技术(北京)股份有限公司 | Communication data processing method and device |
CN105871749A (en) * | 2015-11-16 | 2016-08-17 | 乐视致新电子科技(天津)有限公司 | Network access control method and system based on router, and related device |
WO2017084322A1 (en) * | 2015-11-16 | 2017-05-26 | 乐视控股(北京)有限公司 | Router-based network access control method and system, and related device |
CN105357122B (en) * | 2015-11-30 | 2018-09-28 | 上海斐讯数据通信技术有限公司 | A kind of router administration method, apparatus and a kind of router |
CN105357122A (en) * | 2015-11-30 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Router management method, device and router |
CN106911652A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device for preventing wireless router configuration information to be tampered |
WO2017120746A1 (en) * | 2016-01-11 | 2017-07-20 | 华为技术有限公司 | Method for managing network access rights and related device |
CN107223326A (en) * | 2016-01-11 | 2017-09-29 | 华为技术有限公司 | A kind of network access authority management method and relevant device |
CN107223326B (en) * | 2016-01-11 | 2021-05-14 | 华为技术有限公司 | Network access authority management method and related equipment |
CN105827598A (en) * | 2016-03-11 | 2016-08-03 | 四川长虹电器股份有限公司 | Method and system for strengthening WiFi security of access router |
CN105827598B (en) * | 2016-03-11 | 2018-08-14 | 四川长虹电器股份有限公司 | Reinforce the method and system of couple in router WiFi safety |
CN106412896A (en) * | 2016-09-30 | 2017-02-15 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
CN106656982A (en) * | 2016-10-21 | 2017-05-10 | 国网黑龙江省电力有限公司信息通信公司 | Authentication module and method for double-computer switching device |
CN106657000A (en) * | 2016-11-10 | 2017-05-10 | 深圳惠众联合科技有限责任公司 | WLAN internal and external network access framework |
WO2020097928A1 (en) * | 2018-11-16 | 2020-05-22 | Oppo广东移动通信有限公司 | Network access method and device |
US11736943B2 (en) | 2018-11-16 | 2023-08-22 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Network access method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104469762A (en) | User grading control system of 3G/WIFI wireless router | |
Hinrichs et al. | Practical declarative network management | |
US8978122B1 (en) | Secure cross-tenancy federation in software-as-a-service system | |
CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
US20140282916A1 (en) | Access authorization through certificate validation | |
CN106412896A (en) | Authorization management method and system of wireless router | |
CN104158767B (en) | A kind of network admittance device and method | |
JP2015537269A (en) | LDAP-based multi-tenant in-cloud identity management system | |
CN102724189A (en) | Method and device for controlling user URL (uniform resource locator) access | |
US9584501B2 (en) | Resource protection on un-trusted devices | |
JP2007094548A (en) | Access control system | |
CN106982430B (en) | Portal authentication method and system based on user use habits | |
WO2013046336A1 (en) | Group definition management system | |
US20140136703A1 (en) | Real-time automated virtual private network (vpn) access management | |
KR20160072391A (en) | the Integrated Access Security Management for Smart Work Environment and method thereof | |
CN100525310C (en) | Operationable safety P2P service system and realizing method | |
CN102035703A (en) | Family wireless network and implementation method thereof | |
CN106954212A (en) | A kind of portal authentication method and system | |
Stell et al. | Comparison of advanced authorisation infrastructures for grid computing | |
CN103491054A (en) | SAM access system | |
KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
KR101277507B1 (en) | System for security smart phone | |
CN105224855B (en) | A kind of information processing method and electronic equipment | |
KR101488349B1 (en) | Limitation system of use for information storage server by graded authority and the method | |
CN105072129B (en) | authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150325 |
|
WD01 | Invention patent application deemed withdrawn after publication |