CN104935572B - Multi-layer right management method and device - Google Patents
Multi-layer right management method and device Download PDFInfo
- Publication number
- CN104935572B CN104935572B CN201510200482.XA CN201510200482A CN104935572B CN 104935572 B CN104935572 B CN 104935572B CN 201510200482 A CN201510200482 A CN 201510200482A CN 104935572 B CN104935572 B CN 104935572B
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- connection
- access
- priority assignation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention is suitable for the communications field, provides a kind of multi-layer right management method and device, the method includes:The connection request that receiving device is sent out, the connection request carry connection password;When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;The information of the equipment is updated to the connected device information list for having added administrator;Priority assignation information of the administrator according to the delivering of the equipment is received and stored, the priority assignation information includes the access authority information of equipment;According to the operation requests that equipment is sent out described in the priority assignation information processing.The embodiment of the present invention can form the key message of the other equipment in wireless network and be effectively protected.
Description
Technical field
The embodiment of the present invention belongs to the communications field more particularly to a kind of multi-layer right management method and device.
Background technology
Universal with network technology, the equipment that can be connected to network is continuously increased, and network security concerning to each
The vital interests of people, in particular with the gradual rise of Internet of Things and smart home, be more related to personal information and privacy and
The equipment of household safe is connected to internet, is also buried to the information security of itself and building safety while providing amenities for the people
Hidden danger.
Current home wireless local area network carries out networking centered on router, and the safety of networking relies primarily on routing
Administrator's account, administrator's password and the safety for being wirelessly connected password of device:Administrator's account of router and password master
It is used to verify whether user is that legal administrator can be to router when it is legal administrator to judge user
Working condition be configured, check the current operating condition of router, and media access control (Media Access can be set
Control, MAC) address filtering and binding strategy to be to prevent other users loiter network, it is possible to use and parent's administrative mechanism can to limit
Access website and online duration;It is wirelessly connected the legitimacy that password is then the equipment for being connected to network for checking request, is being sentenced
When breaking that equipment that request is connected to network be illegal equipment, refuses it and be connected to network, but be legitimate device in equipment
And when being connected to after network, it is difficult to which control is connected to the behavior of the equipment of network, this brings potentially to the smart machine of family
Destroy risk.
To sum up, existing by router in household wireless LAN centered on, since router only accesses equipment
Network request does the judgement that can be connected and can not connect two states, therefore, for the intelligence derived from a wealth of sources, quality ginseng time is uneven
When energy equipment, it is difficult to intercept malicious act that may be present, (such as be related to especially for the equipment accessed in family lan
The intelligent door lock of household safe, intelligent sash lock, voice activated control etc.) key message, it is difficult to formation is effectively protected.
Invention content
An embodiment of the present invention provides a kind of multi-layer right management method and devices, it is intended to solve existing method and be difficult to
The problem of key message of equipment in effect protection LAN.
The embodiment of the present invention is achieved in that a kind of multi-layer right management method, the method includes:
The connection request that receiving device is sent out, the connection request carry connection password;
When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;
The information of the equipment is updated to the connected device information list for having added administrator;
Receive and store priority assignation information of the administrator according to the delivering of the equipment, the priority assignation information
Access authority information including equipment;
According to the operation requests that equipment is sent out described in the priority assignation information processing.
The another object of the embodiment of the present invention is to provide a kind of multi-layer rights management device, and described device includes:
Connection request receiving unit, for the connection request that receiving device is sent out, it is close that the connection request carries connection
Code;
Connection establishment unit is used for when the connection password that connection request carries is matched with pre-stored connection password, with
The equipment establishes connection;
Device information update unit, for updating the information of the equipment to the connected device information for having added administrator
List;
Priority assignation information receiving unit, the permission for receiving and storing administrator according to the delivering of the equipment
Setting information, the priority assignation information include the access authority information of equipment;
Operation requests processing unit, for according to the operation requests that equipment is sent out described in the priority assignation information processing.
In embodiments of the present invention, since priority assignation information includes the access authority information of equipment, therefore, it is possible to control
The access behavior of the equipment of network is accessed, and then the formation of the key message of the other equipment in wireless network is effectively protected.
Description of the drawings
Fig. 1 is a kind of flow chart for multi-layer right management method that first embodiment of the invention provides;
Fig. 2 is a kind of structure chart for multi-layer rights management device that second embodiment of the invention provides.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
In the embodiment of the present invention, the connection request that receiving device is sent out, connection request carry connection password with prestore
When the connection password matching of storage, establish and connect with the equipment, and update connection equipment information to having added administrator's
Connected device information list receives and stores priority assignation information of the administrator according to the delivering of the equipment, then root
According to the operation requests that equipment is sent out described in the priority assignation information processing.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one:
Fig. 1 shows a kind of flow chart for multi-layer right management method that first embodiment of the invention provides, and is described in detail such as
Under:
Step S11, the connection request that receiving device is sent out, the connection request carry connection password.
Here equipment includes the mobile devices such as mobile phone, tablet computer, also includes desktop computer, smart television, intelligent ice
The non-mobile devices such as case.In this step, equipment sends out connection request to router, which carries couple in router
Connection password, the connection password be wirelessly connected password, or be wired connection password.Certainly, which also carries
There is the unique mark of the equipment.
Optionally, before the connection request that the receiving device is sent out, including:
The prompt message of an administrator is at least added in A1, display.
A2, the addition instruction for receiving administrator, and corresponding administrator information, the pipe are added according to addition instruction
Reason person's information includes the unique mark for belonging to the wireless SSID of the administrator and corresponding wireless connection password.
In above-mentioned A1 and A2, for the first time automatically into state to be placed after startup router, the road under state to be placed
By device cisco unity malfunction, wireless module is not yet initialized, and wide area network (Wide Area Network, WAN) mouth can not
It uses, interface of available LAN (Local Area Network, the LAN) mouth as addition administrator's list is only provided, it should
Administrator's list is the prompt message at least adding an administrator shown.User completes according to administrator's list of display
After the addition task of at least one administrator, it is that oneself distributes at least one wireless service that router, which forces the administrator of addition,
Set identifier (Service Set Identifier, SSID) and corresponding wireless connection password, the wireless SSID of distribution belong to this
The administration authority scope of administrator, administrator are again directly arranged the equipment being connected in the wireless SSID subnets of oneself,
All devices are visible to its in the wireless SSID of other administrators but can not be arranged.Wherein, the wireless SSID of administrator's distribution can
Have multiple, there is each wireless SSID unique mark, a wireless SSID to correspond to a subnet of wireless network, pacify to improve
Quan Xing, each wireless SSID correspond to a wireless connection password.After the completion of Administrator, the router initialization is all
Function module, into normal operating conditions.
Optionally, after router normal work, distribution can be initiated newly by having added any one administrator in administrator
Administrator applies, when router receives distribution new management person's application, inquires other administrators, is sent out when receiving other administrators
After the agreement distribution instruction gone out, distribution new management person is come into force.New management person needs to carry out its account and password after logging in router
It resets, and is independently arranged the wireless SSID for belonging to the new management person and corresponding wireless connection password.
Step S12 is built when the connection password that connection request carries is matched with pre-stored connection password with the equipment
Vertical connection.
In the step, router stores the unique mark wireless connection corresponding with the unique mark of the SSID of wireless SSID
Password and the wired connection password of storage.When router receives the connection request that equipment is sent out by wireless network, by this
The unique mark and corresponding wirelesss connection password and the wireless SSID of storage of the SSID that connection request carries and it is corresponding wirelessly
Connection password compares, if identical, judges that the connection password that connection request carries is matched with pre-stored connection password.
Step S13 updates the information of the equipment to the connected device information list for having added administrator.
In the step, the information of equipment includes the essential information of equipment, also includes the non-of equipment such as the unique mark of equipment
Essential information, as the connection attribute and visibility of equipment are arranged authority information.Wherein, the connection attribute of equipment is arranged
Such as, whether equipment is able to access that external network to authority information, if is able to access that internal network, if is able to access that internal network
Equipment etc.;Authority information is arranged such as in the visibility of equipment, and whether equipment is to some equipment visibility etc. of internal network.
Optionally, the information of the update equipment is to the connected device information list for having added administrator, specifically
Including:
B1, judge to establish whether the access way of connection is wireless mode with the equipment.
B2, when it is wireless mode to establish the access way of connection with the equipment, update the information of the equipment to institute
The connected device information list of the corresponding administrators of service set SSID of equipment connection is stated, and, update the equipment
Information in essential information to non-equipment connection the corresponding administrators of SSID connected device information list;It is described
Essential information in the information of equipment includes the unique mark of the equipment.When equipment passes through some wireless SSID couple in router
When, the information (including the essential information of equipment and non-essential information) of more new equipment corresponding administrators of some wireless SSID to this
Connected device information list in.Each the connected device information list of administrator includes:The administrator is to by wireless
The configuration information of the configuration information for the wireless device that mode accesses and the wireline equipment accessed by wired mode.Further,
For the ease of management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, by wired
The configuration information for the wireline equipment that mode accesses is stored in wireline equipment allocation list.
B3, when it is wired mode to establish the access way of connection with the equipment, update the information of the equipment to institute
There is the connected device information list for having added administrator.After equipment is connected to the router by wired mode, equipment
Information will automatically update to all administrators for having been added to router, the information of the equipment include equipment essential information and
The non-essential information of equipment.
Wireless device configuration table and wireline equipment allocation list for a clear description, are illustrated with specific example below:
Wherein, table 1, table 2, table 3 correspond to the wireless device configuration table of administrator 1, administrator 2, administrator 3 respectively;Table 4,
Table 5, table 6 correspond to the wireline equipment allocation list of administrator 1, administrator 2, administrator 3 respectively.In 1~table of table 6, it is stuffed entirely with
There is the setting option expression of black that can not be arranged;Setting options indicate that the administrator independently can be configured and come into force;Zero setting option
Indicate that the project needs the correspondence Administrator of involved equipment is all identical can just come into force, i.e. every Administrator parameter
It is just final setting result after carrying out and operating.△ setting options indicate that the project only needs involved equipment to correspond in administrator and has
One Administrator can come into force, i.e. output is final setting result after every Administrator parameter is carried out or operated.
Table 1:
Table 2:
Table 3:
With in 1~table of upper table 3, the final result of the wireless device configuration table of 3 administrators is, equipment 1 can with equipment 2,
Equipment 4 establishes data connection, and equipment 3 can establish data connection with equipment 4, and equipment 3, equipment 4, equipment 6, equipment 8, equipment 9 can
It is connected to external the Internet;Equipment 5 can be established with equipment 6, equipment 7 and be connected, and equipment 8 can be established with equipment 9 and be connected;Equipment 1 can
It is established across Subnetwork connection with equipment 6, equipment 3 can be established with equipment 7, equipment 8 across Subnetwork connection.
Table 4:
Table 5:
Table 6:
In 4~table of table 6, administrator 1, administrator 2,3 these three administrators of administrator wireline equipment allocation list set
Set result mark:Equipment 10, equipment 11, equipment 12 can be connected to internet, and equipment 10 can establish data with equipment 11, equipment 12
Connection, equipment 11 can establish data connection with equipment 13.
Optionally, the information of the update equipment to added administrator connected device information list it
Afterwards, including:
It is inaccessible state that the equipment, which is arranged,.After the information of more new equipment, if being not received by administrator couple
The priority assignation information that the equipment is sent out, the then state being arranged are inaccessible state, to reduce the crucial letter for revealing the equipment
The risk of breath.Preferably, within the predetermined time after the information of more new equipment, judge whether to receive administrator to the equipment
The priority assignation information sent out, if being not received by, it is inaccessible state that the equipment, which is arranged,.
Step S14 receives and stores priority assignation information of the administrator according to the delivering of the equipment, the permission
Setting information includes the access authority information of equipment.
Wherein, the access authority information of equipment includes:Whether equipment is able to access that external network, if is able to access that inside
Network, if be able to access that the information such as some equipment of internal network.In this step, priority assignation information is in addition to including equipment
Access authority information except, visibility priority assignation information, the permission of the uplink and downlink data of equipment of equipment can also be included
Setting information.
For there are the equipment of security risk, the visibility priority assignation information of equipment can be configured, such as in device A
When for security risk is not present, the equipment of new couple in router is set to device A as it can be seen that there may be security risks in equipment B
When, it is invisible to equipment B that the equipment newly accessed is set.Since the equipment newly accessed is invisible to equipment B, reduce equipment B
The risk of the equipment of the new access is obtained from the equipment newly accessed.
Equipment for need to only receive data (or transmission data), can be to the priority assignation information of the uplink and downlink data of equipment
It is configured, to distinguish the uplink and downlink data of equipment, e.g., for the equipment that smart television, refrigerator etc. only need to receive data, pipe
Reason person can distinguish uplink and downlink data, only open the connection of its downlink data.When the permission of the uplink and downlink data to equipment is set
Confidence breath is configured, when distinguishing the uplink and downlink data of equipment, setting equipment 1 to equipment 2 data connection and setting equipment 2 to
The data connection of equipment 1 is considered as two different settings;When not having to distinguish the uplink and downlink data of equipment, if there are one directions
After (such as uplink) data connection is opened, gives tacit consent to another direction (downlink) data connection and also open.
Since careful access rights and can be carried out to the wireline equipment and wireless device being connected in WLAN
Opinion property is arranged, thus can any equipment in the inaccessible internal lan of limiting device, or only may have access to equipment component, can
The inaccessible internal network of limiting device only may have access to external network, cable LAN can be isolated with WLAN, also may be used
WLAN is split as multiple sub- wireless networks and opens different access rights for each sub-network, and can be individually to each
Visibility of the equipment in other sub-networks is configured, so as to as possible be contracted to the visibility of equipment and exposure range
The minimum zone that its function needs, limits the visible range of each equipment, protects the key between each equipment to greatest extent
Information.
Step S15, according to the operation requests that equipment is sent out described in the priority assignation information processing.
Wherein, the operation requests that equipment is sent out include:Access external network requests, access internal network is asked, in access
Some device request of portion's network etc..
Optionally, described according to the operation requests that equipment is sent out described in the priority assignation information processing, it specifically includes:
C1, the operation requests that the equipment is sent out are received, the operation requests include the network letter where accessed equipment
The unique mark of breath and accessed equipment.
C2, where judging whether the priority assignation information of the equipment allows the equipment to access the accessed equipment
Network when network where not allowing the equipment to access the accessed equipment in the priority assignation information of the equipment, is refused
The operation requests of the exhausted equipment allow the equipment to access the accessed equipment institute in the priority assignation information of the equipment
Network when, then judge whether the priority assignation information of the equipment allows the equipment to access the accessed equipment,
When the priority assignation information of the equipment does not allow the equipment to access the accessed equipment, the operation for refusing the equipment is asked
It asks.
In above-mentioned C1~C2, due to only when equipment has access rights, just equipment being allowed to access corresponding external network
Or the equipment for accessing internal network, this improves the safeties of the key message of each equipment in internal network.
In first embodiment of the invention, the connection request that receiving device is sent out, connection request carry connection password with
When pre-stored connection password matching, establish and connect with the equipment, and update connection equipment information to having added management
The connected device information list of member, receives and stores priority assignation information of the administrator according to the delivering of the equipment,
Further according to the operation requests that equipment is sent out described in the priority assignation information processing.Since priority assignation information includes the visit of equipment
Authority information is asked, therefore, it is possible to control the access behavior for the equipment for accessing network, and then to the other equipment in wireless network
Key message formation is effectively protected.
It should be understood that in embodiments of the present invention, size of the sequence numbers of the above procedures is not meant to the elder generation of execution sequence
Afterwards, the execution sequence of each process should be determined by its function and internal logic, the implementation process structure without coping with the embodiment of the present invention
At any restriction.
Embodiment two:
Fig. 2 shows a kind of structure chart for multi-layer rights management device that second embodiment of the invention provides, the multilayers
Grade rights management device may include the user equipment communicated with one or more core nets through wireless access network RAN, should
User equipment can be router, mobile phone (or be " honeycomb " phone), the computer etc. with mobile device, for example,
User equipment can also be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, they and nothing
Line access exchanges voice and/or data.In another example the mobile device may include smart mobile phone, tablet computer, individual digital
Assistant PDA, point-of-sale terminal POS or vehicle-mounted computer etc..For convenience of description, it illustrates only and the relevant portion of the embodiment of the present invention
Point.
The multi-layer rights management device includes:Connection request receiving unit 21, connection establishment unit 22, facility information are more
New unit 23, priority assignation information receiving unit 24, operation requests processing unit 25.Wherein:
Connection request receiving unit 21, for the connection request that receiving device is sent out, the connection request carries connection
Password.
Here equipment includes the mobile devices such as mobile phone, tablet computer, also includes desktop computer, smart television, intelligent ice
The non-mobile devices such as case.
Optionally, the multi-layer rights management device includes:
Information alert unit, for showing the prompt message at least adding an administrator.
Administrator information receiving unit, the addition for receiving administrator instructs, and instructs addition phase according to the addition
The administrator information answered, the administrator information include the unique mark for belonging to the wireless SSID of the administrator and corresponding nothing
Line connection password.
After user completes the addition task of at least one administrator according to administrator's list of display, then it is oneself distribution
At least one SSID and corresponding wireless connection password, the wireless SSID of distribution belong to the administration authority scope of the administrator, pipe
Reason person is again directly arranged the equipment being connected in the wireless SSID subnets of oneself, institute in the wireless SSID of other administrators
There is equipment visible to its but can not be arranged.Wherein, the wireless SSID of administrator's distribution can have multiple, and each wireless SSID has only
One mark, a wireless SSID corresponds to a subnet of wireless network, and in order to improve safety, each wireless SSID corresponds to one
It is wirelessly connected password.
Optionally, after router normal work, distribution can be initiated newly by having added any one administrator in administrator
Administrator applies, when router receives distribution new management person's application, inquires other administrators, is sent out when receiving other administrators
After the agreement distribution instruction gone out, distribution new management person is come into force.
Connection establishment unit 22 is used for when the connection password that connection request carries is matched with pre-stored connection password,
It establishes and connects with the equipment.
It the unique mark for prestoring wireless SSID wireless connection password corresponding with the unique mark of the SSID and deposits
Line connection password is contained, so as in the unique mark for receiving the SSID of connection request carrying and corresponding wireless connection password
When, compared with pre-stored wireless SSID and corresponding wireless connection password.
Device information update unit 23, information to the connected device for having added administrator for updating the equipment are believed
Cease list.
The information of the equipment includes the essential information of equipment, such as the unique mark of equipment, also includes the non-basic letter of equipment
Breath, as the connection attribute and visibility of equipment are arranged authority information.
Optionally, the device information update unit 23 includes:
Access way judgment module establishes whether the access way of connection is wireless mode for judging with the equipment.
First information update module, for when it is wireless mode to establish the access way of connection with the equipment, updating
The connected device information list for the corresponding administrators of service set SSID that the information of the equipment to the equipment connects,
And update having connected for the corresponding administrators of SSID that essential information to the non-equipment in the information of the equipment connects
Facility information list.Essential information in the information of the equipment includes the unique mark of the equipment.Further, in order to just
In management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, is connect by wired mode
The configuration information of the wireline equipment entered is stored in wireline equipment allocation list.
Second information updating module, for when it is wired mode to establish the access way of connection with the equipment, updating
The information of the equipment is to all connected device information lists for having added administrator.The information of the equipment includes the base of equipment
The non-essential information of this information and equipment.
Optionally, the multi-layer rights management device includes:
Equipment state setting unit is inaccessible state for the equipment to be arranged.After the information of more new equipment,
If being not received by the priority assignation information that administrator sends out the equipment, the state being arranged is inaccessible state, with drop
The risk of the low key message for revealing the equipment.Preferably, within the predetermined time after the information of more new equipment, judge whether
The priority assignation information that administrator sends out the equipment is received, if being not received by, it is inaccessible that the equipment, which is arranged,
State.
Priority assignation information receiving unit 24, the power for receiving and storing administrator according to the delivering of the equipment
Setting information is limited, the priority assignation information includes the access authority information of equipment.
Wherein, the access authority information of equipment includes:Whether equipment is able to access that external network, if is able to access that inside
Network, if be able to access that the information such as some equipment of internal network.
Priority assignation information can also include the visibility permission of equipment other than the access authority information including equipment
The priority assignation information of setting information, the uplink and downlink data of equipment.
Operation requests processing unit 25, for being asked according to the operation that equipment is sent out described in the priority assignation information processing
It asks.
Wherein, the operation requests that equipment is sent out include:Access external network requests, access internal network is asked, in access
Some device request of portion's network etc..
Optionally, the operation requests processing unit 25 includes:
Operation requests receiving module, the operation requests sent out for receiving the equipment, the operation requests include interviewed
Ask the unique mark of the network information and accessed equipment where equipment.
Operating right judgment module, for judging whether the priority assignation information of the equipment allows the equipment to access institute
The network where accessed equipment is stated, does not allow the equipment to access described be accessed in the priority assignation information of the equipment and sets
When the network at standby place, refuse the operation requests of the equipment, allows the equipment to visit in the priority assignation information of the equipment
When asking the network where the accessed equipment, then judge whether the priority assignation information of the equipment allows the equipment to access
The accessed equipment is refused when the priority assignation information of the equipment does not allow the equipment to access the accessed equipment
The operation requests of the exhausted equipment.
Due to only when equipment has access rights, just allowing equipment to access corresponding external network or accessing internal network
Equipment, this improves the safeties of the key message of each equipment in internal network.
In second embodiment of the invention, since priority assignation information includes the access authority information of equipment, therefore, it is possible to control
The access behavior of the equipment of system access network, and then effective guarantor is formed to the key message of the other equipment in wireless network
Shield.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit
It closes or communicates to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. a kind of multi-layer right management method, which is characterized in that the method includes:
The connection request that receiving device is sent out, the connection request carry connection password;
When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;
Judge to establish whether the access way of connection is wireless mode with the equipment, in the access for establishing connection with the equipment
When mode is wireless mode, the corresponding administrators of service set SSID that information to the equipment of the equipment connects are updated
Connected device information list, and, update essential information in the information of the equipment to the non-equipment connection
The connected device information list of the corresponding administrators of SSID, the essential information in the information of the equipment includes the equipment
Unique mark updates the information of the equipment to all when it is wired mode to establish the access way of connection with the equipment
The connected device information list of administrator is added;
Priority assignation information of the administrator according to the delivering of the equipment is received and stored, the priority assignation information includes
The access authority information of equipment;
According to the operation requests that equipment is sent out described in the priority assignation information processing;
Wherein, it when the connection password carried in connection request is matched with the connection password of storage, establishes and connects with the equipment
Connect including:When router receives the connection request that equipment is sent out by wireless network, by the SSID's of connection request carrying
Unique mark and corresponding wireless connection password are compared with the wireless SSID of storage and corresponding wireless connection password, if identical,
Then judge that the connection password that connection request carries is matched with the connection password of storage, establishes and connect with the equipment.
2. according to the method described in claim 1, it is characterized in that, the update equipment information to having added management
After the connected device information list of member, including:
It is inaccessible state that the equipment, which is arranged,.
3. according to the method described in claim 1, it is characterized in that, described according to equipment described in the priority assignation information processing
The operation requests sent out, specifically include:
Receive the operation requests that the equipment is sent out, the operation requests include the network information where accessed equipment and by
The unique mark of access equipment;
Judge whether the priority assignation information of the equipment allows the equipment to access the network where the accessed equipment,
The priority assignation information of the equipment do not allow the equipment to access the accessed equipment where network when, set described in refusal
Standby operation requests, the network where allowing the equipment to access the accessed equipment in the priority assignation information of the equipment
When, then judge whether the priority assignation information of the equipment allows the equipment to access the accessed equipment, in the equipment
Priority assignation information when the equipment not being allowed to access the accessed equipment, refuse the operation requests of the equipment.
4. according to the method described in claim 1, it is characterized in that, before the connection request that the receiving device is sent out, wrap
It includes:
The prompt message of an administrator is at least added in display;
The addition instruction of administrator is received, and corresponding administrator information, administrator's letter are added according to addition instruction
Breath includes the unique mark for belonging to the wireless SSID of the administrator and corresponding wireless connection password.
5. a kind of multi-layer rights management device, which is characterized in that described device includes:
Connection request receiving unit, for the connection request that receiving device is sent out, the connection request carries connection password;
Connection establishment unit, it is and described for when the connection password that connection request carries is matched with the connection password being pre-stored
Equipment establishes connection;
Device information update unit, for judge with the equipment establish connection access way whether be wireless mode, with
When the access way that the equipment establishes connection is wireless mode, the service that the information of the equipment is connected to the equipment is updated
The connected device information list of the corresponding administrators of set identifier SSID, and, update the basic letter in the information of the equipment
Cease the connected device information list of the corresponding administrators of SSID to the non-equipment connection, the base in the information of the equipment
This information includes the unique mark of the equipment, and the access way of connection is being established with the equipment to update institute when wired mode
The information of equipment is stated to all connected device information lists for having added administrator;
Priority assignation information receiving unit, the priority assignation for receiving and storing administrator according to the delivering of the equipment
Information, the priority assignation information include the access authority information of equipment;
Operation requests processing unit, for according to the operation requests that equipment is sent out described in the priority assignation information processing;
The connection establishment unit, specifically for when router receives the connection request that equipment is sent out by wireless network,
The unique mark for the SSID that connection request is carried and corresponding wireless connection password and the wireless SSID of storage and corresponding nothing
Line connection password compares, if identical, judges that the connection password that connection request carries is matched with the connection password of storage, and described
Equipment establishes connection.
6. device according to claim 5, which is characterized in that described device includes:
Equipment state setting unit is inaccessible state for the equipment to be arranged.
7. device according to claim 5, which is characterized in that the operation requests processing unit includes:
Operation requests receiving module, the operation requests sent out for receiving the equipment, the operation requests include accessed set
The standby network information at place and the unique mark of accessed equipment;
Operating right judgment module, for judging whether the priority assignation information of the equipment allows the equipment to access the quilt
Network where access equipment does not allow the equipment to access the accessed equipment institute in the priority assignation information of the equipment
Network when, refuse the operation requests of the equipment, allow the equipment to access institute in the priority assignation information of the equipment
When stating the network where accessed equipment, then judge whether the priority assignation information of the equipment allows described in the equipment accesses
Accessed equipment refuses institute when the priority assignation information of the equipment does not allow the equipment to access the accessed equipment
State the operation requests of equipment.
8. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist
In when the computer program is executed by processor the step of any one of such as Claims 1-4 of realization the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510200482.XA CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510200482.XA CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104935572A CN104935572A (en) | 2015-09-23 |
CN104935572B true CN104935572B (en) | 2018-07-31 |
Family
ID=54122544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510200482.XA Active CN104935572B (en) | 2015-04-24 | 2015-04-24 | Multi-layer right management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104935572B (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105228141A (en) * | 2015-09-28 | 2016-01-06 | 小米科技有限责任公司 | A kind of methods, devices and systems set up network and connect |
CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
CN107306267B (en) * | 2016-04-25 | 2021-07-09 | 西门子公司 | Method and apparatus for controlling wireless network access |
CN106412896A (en) * | 2016-09-30 | 2017-02-15 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
CN110050438B (en) * | 2016-12-12 | 2020-09-29 | 华为技术有限公司 | Authority management method, related equipment and system |
CN106713340A (en) * | 2017-01-04 | 2017-05-24 | 深圳开维教育信息技术股份有限公司 | Multi-hierarchy user permission management method |
CN108038367B (en) * | 2017-12-07 | 2021-02-26 | 上海摩软通讯技术有限公司 | Method and system for controlling authority management of user equipment |
CN110048864B (en) * | 2019-03-22 | 2022-03-15 | 北京众纳鑫海网络技术有限公司 | Method and apparatus for authenticating an administrator of a device-specific message group |
CN112105022A (en) * | 2019-09-26 | 2020-12-18 | 上海技腾通讯设备有限公司 | Wireless local area network access device and working method thereof |
CN111818022B (en) * | 2020-06-20 | 2021-01-15 | 深圳市众创达企业咨询策划有限公司 | User management system and method based on new generation information technology |
CN112612397B (en) * | 2020-12-30 | 2022-08-23 | 广州酷狗计算机科技有限公司 | Multimedia list management method, device, equipment and storage medium |
CN116095683B (en) * | 2023-04-11 | 2023-06-13 | 微网优联科技(成都)有限公司 | Network security protection method and device for wireless router |
CN116367159A (en) * | 2023-05-31 | 2023-06-30 | 深圳市华曦达科技股份有限公司 | Method and device for synchronizing information of WiFi anti-scratch network of master-slave equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
CN104244373A (en) * | 2014-08-29 | 2014-12-24 | 苏州汉明科技有限公司 | Method for wireless terminal to join wireless network |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103905979A (en) * | 2012-12-27 | 2014-07-02 | 环达电脑(上海)有限公司 | Wireless network connection system and network authority obtaining method thereof |
CN104469762A (en) * | 2013-09-12 | 2015-03-25 | 西安龙飞网络科技有限公司 | User grading control system of 3G/WIFI wireless router |
CN104320384B (en) * | 2014-10-09 | 2019-04-26 | 深圳创维数字技术有限公司 | A kind of wireless routing device control method and device |
-
2015
- 2015-04-24 CN CN201510200482.XA patent/CN104935572B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
CN104244373A (en) * | 2014-08-29 | 2014-12-24 | 苏州汉明科技有限公司 | Method for wireless terminal to join wireless network |
Also Published As
Publication number | Publication date |
---|---|
CN104935572A (en) | 2015-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104935572B (en) | Multi-layer right management method and device | |
EP3080963B1 (en) | Methods, devices and systems for dynamic network access administration | |
US9769655B2 (en) | Sharing security keys with headless devices | |
EP2013758B1 (en) | Dynamic authentication in secured wireless networks | |
CN102271132B (en) | Control method and system for network access authority and client | |
JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
JP2007528057A (en) | Guest dongle and method of connecting guest device to wireless home network | |
CN107409307A (en) | Wireless house access network automatically configures | |
CN101986598B (en) | Authentication method, server and system | |
CN103441991A (en) | Mobile terminal security access platform | |
JP2006040274A (en) | Firewall for protecting group of appliance, appliance participating in system and method of updating firewall rule within system | |
KR20160122992A (en) | Integrative Network Management Method and Apparatus for Supplying Connection between Networks Based on Policy | |
US20070258415A1 (en) | Handshake method for wireless client | |
CN106304264B (en) | Wireless network access method and device | |
US10356651B2 (en) | Controlled connection of a wireless device to a network | |
CN101651697A (en) | Method and equipment for managing network access authority | |
CN104378456A (en) | Allocation optimization method for IP addresses in local area network | |
CN102823219B (en) | Protect the method to the access via the addressable data of the equipment realizing this method or service and relevant device | |
CN202652534U (en) | Mobile terminal safety access platform | |
CN101697550A (en) | Method and system for controlling access authority of double-protocol-stack network | |
CN102972005B (en) | Pay authentication method | |
CN106411852A (en) | Distributed terminal access control method, and apparatus | |
CN106102066A (en) | A kind of wireless network secure certification devices and methods therefor, a kind of router | |
CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
CN105812338A (en) | Data access management and control method and network management equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |