CN104935572B - Multi-layer right management method and device - Google Patents

Multi-layer right management method and device Download PDF

Info

Publication number
CN104935572B
CN104935572B CN201510200482.XA CN201510200482A CN104935572B CN 104935572 B CN104935572 B CN 104935572B CN 201510200482 A CN201510200482 A CN 201510200482A CN 104935572 B CN104935572 B CN 104935572B
Authority
CN
China
Prior art keywords
equipment
information
connection
access
priority assignation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510200482.XA
Other languages
Chinese (zh)
Other versions
CN104935572A (en
Inventor
凡金龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TP Link Technologies Co Ltd
Original Assignee
TP Link Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TP Link Technologies Co Ltd filed Critical TP Link Technologies Co Ltd
Priority to CN201510200482.XA priority Critical patent/CN104935572B/en
Publication of CN104935572A publication Critical patent/CN104935572A/en
Application granted granted Critical
Publication of CN104935572B publication Critical patent/CN104935572B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention is suitable for the communications field, provides a kind of multi-layer right management method and device, the method includes:The connection request that receiving device is sent out, the connection request carry connection password;When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;The information of the equipment is updated to the connected device information list for having added administrator;Priority assignation information of the administrator according to the delivering of the equipment is received and stored, the priority assignation information includes the access authority information of equipment;According to the operation requests that equipment is sent out described in the priority assignation information processing.The embodiment of the present invention can form the key message of the other equipment in wireless network and be effectively protected.

Description

Multi-layer right management method and device
Technical field
The embodiment of the present invention belongs to the communications field more particularly to a kind of multi-layer right management method and device.
Background technology
Universal with network technology, the equipment that can be connected to network is continuously increased, and network security concerning to each The vital interests of people, in particular with the gradual rise of Internet of Things and smart home, be more related to personal information and privacy and The equipment of household safe is connected to internet, is also buried to the information security of itself and building safety while providing amenities for the people Hidden danger.
Current home wireless local area network carries out networking centered on router, and the safety of networking relies primarily on routing Administrator's account, administrator's password and the safety for being wirelessly connected password of device:Administrator's account of router and password master It is used to verify whether user is that legal administrator can be to router when it is legal administrator to judge user Working condition be configured, check the current operating condition of router, and media access control (Media Access can be set Control, MAC) address filtering and binding strategy to be to prevent other users loiter network, it is possible to use and parent's administrative mechanism can to limit Access website and online duration;It is wirelessly connected the legitimacy that password is then the equipment for being connected to network for checking request, is being sentenced When breaking that equipment that request is connected to network be illegal equipment, refuses it and be connected to network, but be legitimate device in equipment And when being connected to after network, it is difficult to which control is connected to the behavior of the equipment of network, this brings potentially to the smart machine of family Destroy risk.
To sum up, existing by router in household wireless LAN centered on, since router only accesses equipment Network request does the judgement that can be connected and can not connect two states, therefore, for the intelligence derived from a wealth of sources, quality ginseng time is uneven When energy equipment, it is difficult to intercept malicious act that may be present, (such as be related to especially for the equipment accessed in family lan The intelligent door lock of household safe, intelligent sash lock, voice activated control etc.) key message, it is difficult to formation is effectively protected.
Invention content
An embodiment of the present invention provides a kind of multi-layer right management method and devices, it is intended to solve existing method and be difficult to The problem of key message of equipment in effect protection LAN.
The embodiment of the present invention is achieved in that a kind of multi-layer right management method, the method includes:
The connection request that receiving device is sent out, the connection request carry connection password;
When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;
The information of the equipment is updated to the connected device information list for having added administrator;
Receive and store priority assignation information of the administrator according to the delivering of the equipment, the priority assignation information Access authority information including equipment;
According to the operation requests that equipment is sent out described in the priority assignation information processing.
The another object of the embodiment of the present invention is to provide a kind of multi-layer rights management device, and described device includes:
Connection request receiving unit, for the connection request that receiving device is sent out, it is close that the connection request carries connection Code;
Connection establishment unit is used for when the connection password that connection request carries is matched with pre-stored connection password, with The equipment establishes connection;
Device information update unit, for updating the information of the equipment to the connected device information for having added administrator List;
Priority assignation information receiving unit, the permission for receiving and storing administrator according to the delivering of the equipment Setting information, the priority assignation information include the access authority information of equipment;
Operation requests processing unit, for according to the operation requests that equipment is sent out described in the priority assignation information processing.
In embodiments of the present invention, since priority assignation information includes the access authority information of equipment, therefore, it is possible to control The access behavior of the equipment of network is accessed, and then the formation of the key message of the other equipment in wireless network is effectively protected.
Description of the drawings
Fig. 1 is a kind of flow chart for multi-layer right management method that first embodiment of the invention provides;
Fig. 2 is a kind of structure chart for multi-layer rights management device that second embodiment of the invention provides.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
In the embodiment of the present invention, the connection request that receiving device is sent out, connection request carry connection password with prestore When the connection password matching of storage, establish and connect with the equipment, and update connection equipment information to having added administrator's Connected device information list receives and stores priority assignation information of the administrator according to the delivering of the equipment, then root According to the operation requests that equipment is sent out described in the priority assignation information processing.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one:
Fig. 1 shows a kind of flow chart for multi-layer right management method that first embodiment of the invention provides, and is described in detail such as Under:
Step S11, the connection request that receiving device is sent out, the connection request carry connection password.
Here equipment includes the mobile devices such as mobile phone, tablet computer, also includes desktop computer, smart television, intelligent ice The non-mobile devices such as case.In this step, equipment sends out connection request to router, which carries couple in router Connection password, the connection password be wirelessly connected password, or be wired connection password.Certainly, which also carries There is the unique mark of the equipment.
Optionally, before the connection request that the receiving device is sent out, including:
The prompt message of an administrator is at least added in A1, display.
A2, the addition instruction for receiving administrator, and corresponding administrator information, the pipe are added according to addition instruction Reason person's information includes the unique mark for belonging to the wireless SSID of the administrator and corresponding wireless connection password.
In above-mentioned A1 and A2, for the first time automatically into state to be placed after startup router, the road under state to be placed By device cisco unity malfunction, wireless module is not yet initialized, and wide area network (Wide Area Network, WAN) mouth can not It uses, interface of available LAN (Local Area Network, the LAN) mouth as addition administrator's list is only provided, it should Administrator's list is the prompt message at least adding an administrator shown.User completes according to administrator's list of display After the addition task of at least one administrator, it is that oneself distributes at least one wireless service that router, which forces the administrator of addition, Set identifier (Service Set Identifier, SSID) and corresponding wireless connection password, the wireless SSID of distribution belong to this The administration authority scope of administrator, administrator are again directly arranged the equipment being connected in the wireless SSID subnets of oneself, All devices are visible to its in the wireless SSID of other administrators but can not be arranged.Wherein, the wireless SSID of administrator's distribution can Have multiple, there is each wireless SSID unique mark, a wireless SSID to correspond to a subnet of wireless network, pacify to improve Quan Xing, each wireless SSID correspond to a wireless connection password.After the completion of Administrator, the router initialization is all Function module, into normal operating conditions.
Optionally, after router normal work, distribution can be initiated newly by having added any one administrator in administrator Administrator applies, when router receives distribution new management person's application, inquires other administrators, is sent out when receiving other administrators After the agreement distribution instruction gone out, distribution new management person is come into force.New management person needs to carry out its account and password after logging in router It resets, and is independently arranged the wireless SSID for belonging to the new management person and corresponding wireless connection password.
Step S12 is built when the connection password that connection request carries is matched with pre-stored connection password with the equipment Vertical connection.
In the step, router stores the unique mark wireless connection corresponding with the unique mark of the SSID of wireless SSID Password and the wired connection password of storage.When router receives the connection request that equipment is sent out by wireless network, by this The unique mark and corresponding wirelesss connection password and the wireless SSID of storage of the SSID that connection request carries and it is corresponding wirelessly Connection password compares, if identical, judges that the connection password that connection request carries is matched with pre-stored connection password.
Step S13 updates the information of the equipment to the connected device information list for having added administrator.
In the step, the information of equipment includes the essential information of equipment, also includes the non-of equipment such as the unique mark of equipment Essential information, as the connection attribute and visibility of equipment are arranged authority information.Wherein, the connection attribute of equipment is arranged Such as, whether equipment is able to access that external network to authority information, if is able to access that internal network, if is able to access that internal network Equipment etc.;Authority information is arranged such as in the visibility of equipment, and whether equipment is to some equipment visibility etc. of internal network.
Optionally, the information of the update equipment is to the connected device information list for having added administrator, specifically Including:
B1, judge to establish whether the access way of connection is wireless mode with the equipment.
B2, when it is wireless mode to establish the access way of connection with the equipment, update the information of the equipment to institute The connected device information list of the corresponding administrators of service set SSID of equipment connection is stated, and, update the equipment Information in essential information to non-equipment connection the corresponding administrators of SSID connected device information list;It is described Essential information in the information of equipment includes the unique mark of the equipment.When equipment passes through some wireless SSID couple in router When, the information (including the essential information of equipment and non-essential information) of more new equipment corresponding administrators of some wireless SSID to this Connected device information list in.Each the connected device information list of administrator includes:The administrator is to by wireless The configuration information of the configuration information for the wireless device that mode accesses and the wireline equipment accessed by wired mode.Further, For the ease of management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, by wired The configuration information for the wireline equipment that mode accesses is stored in wireline equipment allocation list.
B3, when it is wired mode to establish the access way of connection with the equipment, update the information of the equipment to institute There is the connected device information list for having added administrator.After equipment is connected to the router by wired mode, equipment Information will automatically update to all administrators for having been added to router, the information of the equipment include equipment essential information and The non-essential information of equipment.
Wireless device configuration table and wireline equipment allocation list for a clear description, are illustrated with specific example below:
Wherein, table 1, table 2, table 3 correspond to the wireless device configuration table of administrator 1, administrator 2, administrator 3 respectively;Table 4, Table 5, table 6 correspond to the wireline equipment allocation list of administrator 1, administrator 2, administrator 3 respectively.In 1~table of table 6, it is stuffed entirely with There is the setting option expression of black that can not be arranged;Setting options indicate that the administrator independently can be configured and come into force;Zero setting option Indicate that the project needs the correspondence Administrator of involved equipment is all identical can just come into force, i.e. every Administrator parameter It is just final setting result after carrying out and operating.△ setting options indicate that the project only needs involved equipment to correspond in administrator and has One Administrator can come into force, i.e. output is final setting result after every Administrator parameter is carried out or operated.
Table 1:
Table 2:
Table 3:
With in 1~table of upper table 3, the final result of the wireless device configuration table of 3 administrators is, equipment 1 can with equipment 2, Equipment 4 establishes data connection, and equipment 3 can establish data connection with equipment 4, and equipment 3, equipment 4, equipment 6, equipment 8, equipment 9 can It is connected to external the Internet;Equipment 5 can be established with equipment 6, equipment 7 and be connected, and equipment 8 can be established with equipment 9 and be connected;Equipment 1 can It is established across Subnetwork connection with equipment 6, equipment 3 can be established with equipment 7, equipment 8 across Subnetwork connection.
Table 4:
Table 5:
Table 6:
In 4~table of table 6, administrator 1, administrator 2,3 these three administrators of administrator wireline equipment allocation list set Set result mark:Equipment 10, equipment 11, equipment 12 can be connected to internet, and equipment 10 can establish data with equipment 11, equipment 12 Connection, equipment 11 can establish data connection with equipment 13.
Optionally, the information of the update equipment to added administrator connected device information list it Afterwards, including:
It is inaccessible state that the equipment, which is arranged,.After the information of more new equipment, if being not received by administrator couple The priority assignation information that the equipment is sent out, the then state being arranged are inaccessible state, to reduce the crucial letter for revealing the equipment The risk of breath.Preferably, within the predetermined time after the information of more new equipment, judge whether to receive administrator to the equipment The priority assignation information sent out, if being not received by, it is inaccessible state that the equipment, which is arranged,.
Step S14 receives and stores priority assignation information of the administrator according to the delivering of the equipment, the permission Setting information includes the access authority information of equipment.
Wherein, the access authority information of equipment includes:Whether equipment is able to access that external network, if is able to access that inside Network, if be able to access that the information such as some equipment of internal network.In this step, priority assignation information is in addition to including equipment Access authority information except, visibility priority assignation information, the permission of the uplink and downlink data of equipment of equipment can also be included Setting information.
For there are the equipment of security risk, the visibility priority assignation information of equipment can be configured, such as in device A When for security risk is not present, the equipment of new couple in router is set to device A as it can be seen that there may be security risks in equipment B When, it is invisible to equipment B that the equipment newly accessed is set.Since the equipment newly accessed is invisible to equipment B, reduce equipment B The risk of the equipment of the new access is obtained from the equipment newly accessed.
Equipment for need to only receive data (or transmission data), can be to the priority assignation information of the uplink and downlink data of equipment It is configured, to distinguish the uplink and downlink data of equipment, e.g., for the equipment that smart television, refrigerator etc. only need to receive data, pipe Reason person can distinguish uplink and downlink data, only open the connection of its downlink data.When the permission of the uplink and downlink data to equipment is set Confidence breath is configured, when distinguishing the uplink and downlink data of equipment, setting equipment 1 to equipment 2 data connection and setting equipment 2 to The data connection of equipment 1 is considered as two different settings;When not having to distinguish the uplink and downlink data of equipment, if there are one directions After (such as uplink) data connection is opened, gives tacit consent to another direction (downlink) data connection and also open.
Since careful access rights and can be carried out to the wireline equipment and wireless device being connected in WLAN Opinion property is arranged, thus can any equipment in the inaccessible internal lan of limiting device, or only may have access to equipment component, can The inaccessible internal network of limiting device only may have access to external network, cable LAN can be isolated with WLAN, also may be used WLAN is split as multiple sub- wireless networks and opens different access rights for each sub-network, and can be individually to each Visibility of the equipment in other sub-networks is configured, so as to as possible be contracted to the visibility of equipment and exposure range The minimum zone that its function needs, limits the visible range of each equipment, protects the key between each equipment to greatest extent Information.
Step S15, according to the operation requests that equipment is sent out described in the priority assignation information processing.
Wherein, the operation requests that equipment is sent out include:Access external network requests, access internal network is asked, in access Some device request of portion's network etc..
Optionally, described according to the operation requests that equipment is sent out described in the priority assignation information processing, it specifically includes:
C1, the operation requests that the equipment is sent out are received, the operation requests include the network letter where accessed equipment The unique mark of breath and accessed equipment.
C2, where judging whether the priority assignation information of the equipment allows the equipment to access the accessed equipment Network when network where not allowing the equipment to access the accessed equipment in the priority assignation information of the equipment, is refused The operation requests of the exhausted equipment allow the equipment to access the accessed equipment institute in the priority assignation information of the equipment Network when, then judge whether the priority assignation information of the equipment allows the equipment to access the accessed equipment, When the priority assignation information of the equipment does not allow the equipment to access the accessed equipment, the operation for refusing the equipment is asked It asks.
In above-mentioned C1~C2, due to only when equipment has access rights, just equipment being allowed to access corresponding external network Or the equipment for accessing internal network, this improves the safeties of the key message of each equipment in internal network.
In first embodiment of the invention, the connection request that receiving device is sent out, connection request carry connection password with When pre-stored connection password matching, establish and connect with the equipment, and update connection equipment information to having added management The connected device information list of member, receives and stores priority assignation information of the administrator according to the delivering of the equipment, Further according to the operation requests that equipment is sent out described in the priority assignation information processing.Since priority assignation information includes the visit of equipment Authority information is asked, therefore, it is possible to control the access behavior for the equipment for accessing network, and then to the other equipment in wireless network Key message formation is effectively protected.
It should be understood that in embodiments of the present invention, size of the sequence numbers of the above procedures is not meant to the elder generation of execution sequence Afterwards, the execution sequence of each process should be determined by its function and internal logic, the implementation process structure without coping with the embodiment of the present invention At any restriction.
Embodiment two:
Fig. 2 shows a kind of structure chart for multi-layer rights management device that second embodiment of the invention provides, the multilayers Grade rights management device may include the user equipment communicated with one or more core nets through wireless access network RAN, should User equipment can be router, mobile phone (or be " honeycomb " phone), the computer etc. with mobile device, for example, User equipment can also be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, they and nothing Line access exchanges voice and/or data.In another example the mobile device may include smart mobile phone, tablet computer, individual digital Assistant PDA, point-of-sale terminal POS or vehicle-mounted computer etc..For convenience of description, it illustrates only and the relevant portion of the embodiment of the present invention Point.
The multi-layer rights management device includes:Connection request receiving unit 21, connection establishment unit 22, facility information are more New unit 23, priority assignation information receiving unit 24, operation requests processing unit 25.Wherein:
Connection request receiving unit 21, for the connection request that receiving device is sent out, the connection request carries connection Password.
Here equipment includes the mobile devices such as mobile phone, tablet computer, also includes desktop computer, smart television, intelligent ice The non-mobile devices such as case.
Optionally, the multi-layer rights management device includes:
Information alert unit, for showing the prompt message at least adding an administrator.
Administrator information receiving unit, the addition for receiving administrator instructs, and instructs addition phase according to the addition The administrator information answered, the administrator information include the unique mark for belonging to the wireless SSID of the administrator and corresponding nothing Line connection password.
After user completes the addition task of at least one administrator according to administrator's list of display, then it is oneself distribution At least one SSID and corresponding wireless connection password, the wireless SSID of distribution belong to the administration authority scope of the administrator, pipe Reason person is again directly arranged the equipment being connected in the wireless SSID subnets of oneself, institute in the wireless SSID of other administrators There is equipment visible to its but can not be arranged.Wherein, the wireless SSID of administrator's distribution can have multiple, and each wireless SSID has only One mark, a wireless SSID corresponds to a subnet of wireless network, and in order to improve safety, each wireless SSID corresponds to one It is wirelessly connected password.
Optionally, after router normal work, distribution can be initiated newly by having added any one administrator in administrator Administrator applies, when router receives distribution new management person's application, inquires other administrators, is sent out when receiving other administrators After the agreement distribution instruction gone out, distribution new management person is come into force.
Connection establishment unit 22 is used for when the connection password that connection request carries is matched with pre-stored connection password, It establishes and connects with the equipment.
It the unique mark for prestoring wireless SSID wireless connection password corresponding with the unique mark of the SSID and deposits Line connection password is contained, so as in the unique mark for receiving the SSID of connection request carrying and corresponding wireless connection password When, compared with pre-stored wireless SSID and corresponding wireless connection password.
Device information update unit 23, information to the connected device for having added administrator for updating the equipment are believed Cease list.
The information of the equipment includes the essential information of equipment, such as the unique mark of equipment, also includes the non-basic letter of equipment Breath, as the connection attribute and visibility of equipment are arranged authority information.
Optionally, the device information update unit 23 includes:
Access way judgment module establishes whether the access way of connection is wireless mode for judging with the equipment.
First information update module, for when it is wireless mode to establish the access way of connection with the equipment, updating The connected device information list for the corresponding administrators of service set SSID that the information of the equipment to the equipment connects, And update having connected for the corresponding administrators of SSID that essential information to the non-equipment in the information of the equipment connects Facility information list.Essential information in the information of the equipment includes the unique mark of the equipment.Further, in order to just In management, the configuration information of the wireless device wirelessly accessed is stored in wireless device configuration table, is connect by wired mode The configuration information of the wireline equipment entered is stored in wireline equipment allocation list.
Second information updating module, for when it is wired mode to establish the access way of connection with the equipment, updating The information of the equipment is to all connected device information lists for having added administrator.The information of the equipment includes the base of equipment The non-essential information of this information and equipment.
Optionally, the multi-layer rights management device includes:
Equipment state setting unit is inaccessible state for the equipment to be arranged.After the information of more new equipment, If being not received by the priority assignation information that administrator sends out the equipment, the state being arranged is inaccessible state, with drop The risk of the low key message for revealing the equipment.Preferably, within the predetermined time after the information of more new equipment, judge whether The priority assignation information that administrator sends out the equipment is received, if being not received by, it is inaccessible that the equipment, which is arranged, State.
Priority assignation information receiving unit 24, the power for receiving and storing administrator according to the delivering of the equipment Setting information is limited, the priority assignation information includes the access authority information of equipment.
Wherein, the access authority information of equipment includes:Whether equipment is able to access that external network, if is able to access that inside Network, if be able to access that the information such as some equipment of internal network.
Priority assignation information can also include the visibility permission of equipment other than the access authority information including equipment The priority assignation information of setting information, the uplink and downlink data of equipment.
Operation requests processing unit 25, for being asked according to the operation that equipment is sent out described in the priority assignation information processing It asks.
Wherein, the operation requests that equipment is sent out include:Access external network requests, access internal network is asked, in access Some device request of portion's network etc..
Optionally, the operation requests processing unit 25 includes:
Operation requests receiving module, the operation requests sent out for receiving the equipment, the operation requests include interviewed Ask the unique mark of the network information and accessed equipment where equipment.
Operating right judgment module, for judging whether the priority assignation information of the equipment allows the equipment to access institute The network where accessed equipment is stated, does not allow the equipment to access described be accessed in the priority assignation information of the equipment and sets When the network at standby place, refuse the operation requests of the equipment, allows the equipment to visit in the priority assignation information of the equipment When asking the network where the accessed equipment, then judge whether the priority assignation information of the equipment allows the equipment to access The accessed equipment is refused when the priority assignation information of the equipment does not allow the equipment to access the accessed equipment The operation requests of the exhausted equipment.
Due to only when equipment has access rights, just allowing equipment to access corresponding external network or accessing internal network Equipment, this improves the safeties of the key message of each equipment in internal network.
In second embodiment of the invention, since priority assignation information includes the access authority information of equipment, therefore, it is possible to control The access behavior of the equipment of system access network, and then effective guarantor is formed to the key message of the other equipment in wireless network Shield.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit It closes or communicates to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (8)

1. a kind of multi-layer right management method, which is characterized in that the method includes:
The connection request that receiving device is sent out, the connection request carry connection password;
When the connection password that connection request carries is matched with pre-stored connection password, establishes and connect with the equipment;
Judge to establish whether the access way of connection is wireless mode with the equipment, in the access for establishing connection with the equipment When mode is wireless mode, the corresponding administrators of service set SSID that information to the equipment of the equipment connects are updated Connected device information list, and, update essential information in the information of the equipment to the non-equipment connection The connected device information list of the corresponding administrators of SSID, the essential information in the information of the equipment includes the equipment Unique mark updates the information of the equipment to all when it is wired mode to establish the access way of connection with the equipment The connected device information list of administrator is added;
Priority assignation information of the administrator according to the delivering of the equipment is received and stored, the priority assignation information includes The access authority information of equipment;
According to the operation requests that equipment is sent out described in the priority assignation information processing;
Wherein, it when the connection password carried in connection request is matched with the connection password of storage, establishes and connects with the equipment Connect including:When router receives the connection request that equipment is sent out by wireless network, by the SSID's of connection request carrying Unique mark and corresponding wireless connection password are compared with the wireless SSID of storage and corresponding wireless connection password, if identical, Then judge that the connection password that connection request carries is matched with the connection password of storage, establishes and connect with the equipment.
2. according to the method described in claim 1, it is characterized in that, the update equipment information to having added management After the connected device information list of member, including:
It is inaccessible state that the equipment, which is arranged,.
3. according to the method described in claim 1, it is characterized in that, described according to equipment described in the priority assignation information processing The operation requests sent out, specifically include:
Receive the operation requests that the equipment is sent out, the operation requests include the network information where accessed equipment and by The unique mark of access equipment;
Judge whether the priority assignation information of the equipment allows the equipment to access the network where the accessed equipment, The priority assignation information of the equipment do not allow the equipment to access the accessed equipment where network when, set described in refusal Standby operation requests, the network where allowing the equipment to access the accessed equipment in the priority assignation information of the equipment When, then judge whether the priority assignation information of the equipment allows the equipment to access the accessed equipment, in the equipment Priority assignation information when the equipment not being allowed to access the accessed equipment, refuse the operation requests of the equipment.
4. according to the method described in claim 1, it is characterized in that, before the connection request that the receiving device is sent out, wrap It includes:
The prompt message of an administrator is at least added in display;
The addition instruction of administrator is received, and corresponding administrator information, administrator's letter are added according to addition instruction Breath includes the unique mark for belonging to the wireless SSID of the administrator and corresponding wireless connection password.
5. a kind of multi-layer rights management device, which is characterized in that described device includes:
Connection request receiving unit, for the connection request that receiving device is sent out, the connection request carries connection password;
Connection establishment unit, it is and described for when the connection password that connection request carries is matched with the connection password being pre-stored Equipment establishes connection;
Device information update unit, for judge with the equipment establish connection access way whether be wireless mode, with When the access way that the equipment establishes connection is wireless mode, the service that the information of the equipment is connected to the equipment is updated The connected device information list of the corresponding administrators of set identifier SSID, and, update the basic letter in the information of the equipment Cease the connected device information list of the corresponding administrators of SSID to the non-equipment connection, the base in the information of the equipment This information includes the unique mark of the equipment, and the access way of connection is being established with the equipment to update institute when wired mode The information of equipment is stated to all connected device information lists for having added administrator;
Priority assignation information receiving unit, the priority assignation for receiving and storing administrator according to the delivering of the equipment Information, the priority assignation information include the access authority information of equipment;
Operation requests processing unit, for according to the operation requests that equipment is sent out described in the priority assignation information processing;
The connection establishment unit, specifically for when router receives the connection request that equipment is sent out by wireless network, The unique mark for the SSID that connection request is carried and corresponding wireless connection password and the wireless SSID of storage and corresponding nothing Line connection password compares, if identical, judges that the connection password that connection request carries is matched with the connection password of storage, and described Equipment establishes connection.
6. device according to claim 5, which is characterized in that described device includes:
Equipment state setting unit is inaccessible state for the equipment to be arranged.
7. device according to claim 5, which is characterized in that the operation requests processing unit includes:
Operation requests receiving module, the operation requests sent out for receiving the equipment, the operation requests include accessed set The standby network information at place and the unique mark of accessed equipment;
Operating right judgment module, for judging whether the priority assignation information of the equipment allows the equipment to access the quilt Network where access equipment does not allow the equipment to access the accessed equipment institute in the priority assignation information of the equipment Network when, refuse the operation requests of the equipment, allow the equipment to access institute in the priority assignation information of the equipment When stating the network where accessed equipment, then judge whether the priority assignation information of the equipment allows described in the equipment accesses Accessed equipment refuses institute when the priority assignation information of the equipment does not allow the equipment to access the accessed equipment State the operation requests of equipment.
8. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist In when the computer program is executed by processor the step of any one of such as Claims 1-4 of realization the method.
CN201510200482.XA 2015-04-24 2015-04-24 Multi-layer right management method and device Active CN104935572B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510200482.XA CN104935572B (en) 2015-04-24 2015-04-24 Multi-layer right management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510200482.XA CN104935572B (en) 2015-04-24 2015-04-24 Multi-layer right management method and device

Publications (2)

Publication Number Publication Date
CN104935572A CN104935572A (en) 2015-09-23
CN104935572B true CN104935572B (en) 2018-07-31

Family

ID=54122544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510200482.XA Active CN104935572B (en) 2015-04-24 2015-04-24 Multi-layer right management method and device

Country Status (1)

Country Link
CN (1) CN104935572B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105228141A (en) * 2015-09-28 2016-01-06 小米科技有限责任公司 A kind of methods, devices and systems set up network and connect
CN105187452A (en) * 2015-10-20 2015-12-23 上海斐讯数据通信技术有限公司 Wireless network authentication method and system based on APP control
CN107306267B (en) * 2016-04-25 2021-07-09 西门子公司 Method and apparatus for controlling wireless network access
CN106412896A (en) * 2016-09-30 2017-02-15 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router
CN110050438B (en) * 2016-12-12 2020-09-29 华为技术有限公司 Authority management method, related equipment and system
CN106713340A (en) * 2017-01-04 2017-05-24 深圳开维教育信息技术股份有限公司 Multi-hierarchy user permission management method
CN108038367B (en) * 2017-12-07 2021-02-26 上海摩软通讯技术有限公司 Method and system for controlling authority management of user equipment
CN110048864B (en) * 2019-03-22 2022-03-15 北京众纳鑫海网络技术有限公司 Method and apparatus for authenticating an administrator of a device-specific message group
CN112105022A (en) * 2019-09-26 2020-12-18 上海技腾通讯设备有限公司 Wireless local area network access device and working method thereof
CN111818022B (en) * 2020-06-20 2021-01-15 深圳市众创达企业咨询策划有限公司 User management system and method based on new generation information technology
CN112612397B (en) * 2020-12-30 2022-08-23 广州酷狗计算机科技有限公司 Multimedia list management method, device, equipment and storage medium
CN116095683B (en) * 2023-04-11 2023-06-13 微网优联科技(成都)有限公司 Network security protection method and device for wireless router
CN116367159A (en) * 2023-05-31 2023-06-30 深圳市华曦达科技股份有限公司 Method and device for synchronizing information of WiFi anti-scratch network of master-slave equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932374A (en) * 2012-11-22 2013-02-13 青岛海信宽带多媒体技术有限公司 Method for communication among network devices in local area network
CN104244373A (en) * 2014-08-29 2014-12-24 苏州汉明科技有限公司 Method for wireless terminal to join wireless network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905979A (en) * 2012-12-27 2014-07-02 环达电脑(上海)有限公司 Wireless network connection system and network authority obtaining method thereof
CN104469762A (en) * 2013-09-12 2015-03-25 西安龙飞网络科技有限公司 User grading control system of 3G/WIFI wireless router
CN104320384B (en) * 2014-10-09 2019-04-26 深圳创维数字技术有限公司 A kind of wireless routing device control method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932374A (en) * 2012-11-22 2013-02-13 青岛海信宽带多媒体技术有限公司 Method for communication among network devices in local area network
CN104244373A (en) * 2014-08-29 2014-12-24 苏州汉明科技有限公司 Method for wireless terminal to join wireless network

Also Published As

Publication number Publication date
CN104935572A (en) 2015-09-23

Similar Documents

Publication Publication Date Title
CN104935572B (en) Multi-layer right management method and device
EP3080963B1 (en) Methods, devices and systems for dynamic network access administration
US9769655B2 (en) Sharing security keys with headless devices
EP2013758B1 (en) Dynamic authentication in secured wireless networks
CN102271132B (en) Control method and system for network access authority and client
JP6337642B2 (en) Method for securely accessing a network from a personal device, personal device, network server, and access point
JP2007528057A (en) Guest dongle and method of connecting guest device to wireless home network
CN107409307A (en) Wireless house access network automatically configures
CN101986598B (en) Authentication method, server and system
CN103441991A (en) Mobile terminal security access platform
JP2006040274A (en) Firewall for protecting group of appliance, appliance participating in system and method of updating firewall rule within system
KR20160122992A (en) Integrative Network Management Method and Apparatus for Supplying Connection between Networks Based on Policy
US20070258415A1 (en) Handshake method for wireless client
CN106304264B (en) Wireless network access method and device
US10356651B2 (en) Controlled connection of a wireless device to a network
CN101651697A (en) Method and equipment for managing network access authority
CN104378456A (en) Allocation optimization method for IP addresses in local area network
CN102823219B (en) Protect the method to the access via the addressable data of the equipment realizing this method or service and relevant device
CN202652534U (en) Mobile terminal safety access platform
CN101697550A (en) Method and system for controlling access authority of double-protocol-stack network
CN102972005B (en) Pay authentication method
CN106411852A (en) Distributed terminal access control method, and apparatus
CN106102066A (en) A kind of wireless network secure certification devices and methods therefor, a kind of router
CN105681352B (en) A kind of wireless network access safety management-control method and system
CN105812338A (en) Data access management and control method and network management equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant