CN105072613A - Wireless network system and wireless network access method - Google Patents
Wireless network system and wireless network access method Download PDFInfo
- Publication number
- CN105072613A CN105072613A CN201510471313.XA CN201510471313A CN105072613A CN 105072613 A CN105072613 A CN 105072613A CN 201510471313 A CN201510471313 A CN 201510471313A CN 105072613 A CN105072613 A CN 105072613A
- Authority
- CN
- China
- Prior art keywords
- accessed
- equipment
- router
- beacon frame
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention relates to a wireless network system and a wireless network access method. The wireless network system comprises a coordinator and at least one router; the router is selected by equipment to be accessed based on a beacon frame monitoring list, and the router is provided with a white list for authenticating the equipment to be accessed; the coordinator is used for transmitting an authentication result of the white list and identification information of the equipment to be accessed to each router so as to accept/reject a re-connecting request of the equipment to be accessed. Through beacon frame buffer screening for the router, the wireless network system and the wireless network access method of the invention not only could filter ineffective or malicious equipment to be accessed, but also could select to obtain the most effective equipment to be accessed according to historical linkage times, thereby improving the safety performance of the wireless network.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of Radio Network System and wireless network access method.
Background technology
Along with the development of network technology, the coverage of wireless network is increasing.Wireless network (wirelessnetwork) is the network adopting wireless communication technology to realize.Wireless network had both comprised the global voice and the data network that allow user to set up remote-wireless connection, also comprised near radio connects the infrared technology and radio-frequency technique be optimized.Wireless network protocol, defines the communication mechanism of complete set low-power consumption, highly reliable, property low rate.Very be applicable to equipment remote-control, small data transmission, Internet of Things, Industry Control and Smart Home field.According to different applied environments, the topological structure that WLAN (wireless local area network) adopts mainly contains four kinds, bridge connecting-type, access node connecting-type, HUB access type and non-stop layer type.The exclusive safety problem of wireless network is the emphasis that enterprise takes precautions against.The attack that wireless network receives mainly comprises: interpolation attacks, roaming attacks, rogue access point, two-sided demon attack, steal Internet resources and to the abduction of radio communication and supervision.
Wireless network takes two kinds of modes to carry out networking usually.The first is that the PANID of the device node of directly configuration network to be added is consistent with the PANID of telegon.The second is the association licensing function of open wireless network in limited time.All there is shortcoming in above two kinds of modes, first method needs each product configuration of reservations interface, or presets PANID when dispatching from the factory, if for Intelligent hardware product, can production be increased, the complexity of after-sales service and user operation, particularly increase the cost produced with after sale.Second method operationally, needs to start router to be networked when wireless network opens association license, if open the overlong time of association license, wireless network can be caused to be subject to malicious attack, and time started too short meeting causes equipment networking unsuccessful.
Patent document (CN103442351A) discloses a kind of method protecting wireless network, comprise: step 10, WIFI module is placed in STA mode of operation under, use WIFI module scanning wireless access points around, get the beacon frame packet of wireless access points around; Step 20, from the beacon frame packet of described surrounding wireless access points select a beacon frame packet, from this beacon frame packet, extract physical address and service set information; Step 30, WIFI module is switched to AP mode of operation under, use WIFI module broadcast beacon frame, the physical address of described beacon frame and service set information for described in the physical address that extracts and service set information.This patent accesses new router by selecting a maximum beacon frame packet of ambient signals intensity level.But there is a telegon not being this equipment and wishing to add near router, so router just cannot access the network desired by it, but also can produce data interaction with unexpected telegon, causes serious safety consequences.
Summary of the invention
For the deficiency of prior art, the invention provides a kind of Radio Network System and wireless network access method, comprise telegon and at least one router, it is characterized in that,
Described router is screened based on beacon frame watch-list by equipment to be accessed, and
Described router is provided with for carrying out the white list of certification with described equipment to be accessed,
The identification information of the authentication result of described white list and described equipment to be accessed is sent to router described in each by described telegon, to accept/to refuse the connection request again of described equipment to be accessed.
According to a preferred implementation, described router is based on the beacon request feedback beacon frame of described equipment to be accessed, and the described router that described beacon frame mates with described beacon frame watch-list and described equipment to be accessed carry out white list certification.
According to a preferred implementation, described router is carried out screening and being connected based on the historical context number of times in described beacon frame by described equipment to be accessed.
According to a preferred implementation, the information of the identification information of described equipment to be accessed with described white list record is mated by described router, thus carries out white list certification.
According to a preferred implementation, described telegon is not by by disposable each router be broadcast in wireless network of the identification information of the equipment described to be accessed of white list certification.
According to a preferred implementation, described telegon or described router are to described equipment feedback beacon frame to be accessed, and described equipment to be accessed delays access of radio network based on the process state information in described beacon frame.
According to a preferred implementation, the networking checking instruction of described telegon or the described equipment to be accessed of described router response, verifies that described equipment to be accessed is by white list certification.
According to a preferred implementation, the white list persistence in described router allows the identification information treating log equipment described in networking.
A kind of wireless network access method, the step of described cut-in method comprises:
Telegon or at least one router feed back the beacon request of equipment to be accessed;
Described telegon or described router are carried out screening and being connected based on beacon frame watch-list by equipment to be accessed;
Described telegon or described router carry out white list certification to described equipment to be accessed;
Described telegon or the response of described router network and verify instruction, carry out from checking to make the equipment described to be accessed of access network.
According to a preferred implementation, the step of described cut-in method also comprises:
Described telegon or described router are carried out screening and being connected based on historical context number of times record in beacon frame by equipment to be accessed.
Advantageous Effects of the present invention:
The present invention carries out the screening of beacon frame buffer memory by treating access device, can not only filter out equipment to be accessed that is invalid or malice, and can obtain the most effective equipment to be accessed according to the screening of historical context number of times, improves the security performance of wireless network.
The present invention, by delaying connecting wireless network delaying the busy extent according to equipment in threshold value, improves the success rate of wireless network networking.
The present invention had both avoided the broadcast storm that equipment is repeatedly refused to produce, and turn avoid wireless network and produced security breaches.
The present invention also makes the equipment to be accessed connected through certification carry out from checking with the form of instruction, thus ensure that the legal connection of the equipment connecting into wireless network.
Accompanying drawing explanation
Fig. 1 is a kind of structural representation of Radio Network System;
Fig. 2 is wherein a kind of preferred implementation of wireless network access method.
Embodiment
Be described in detail below in conjunction with accompanying drawing.
In the present invention, wireless network comprises not only based on the ZigBee-network of IEEE802.15.4 agreement, MiW wireless network and WirelessHART network, also comprises the wireless network that the wireless signals such as WiFi, bluetooth, iBeacon and EnOcean are formed.
As shown in Figure 1, the invention provides a kind of Radio Network System, comprise telegon and at least one router, described router is screened based on beacon frame watch-list by equipment to be accessed, and described router is provided with for carrying out the white list of certification with described equipment to be accessed, the identification information of the authentication result of described white list and described equipment to be accessed is sent to router described in each by described telegon, to accept/to refuse the connection request again of described equipment to be accessed.
Router is based on the beacon request feedback beacon frame of equipment to be accessed, and the router that beacon frame mates with beacon frame watch-list and equipment to be accessed carry out white list certification.
Equipment to be accessed is preset with beacon frame watch-list.Beacon frame watch-list records at least one beacon frame that is invalid or that have record of bad behavior history.Telegon around equipment search to be accessed or router.After searching the signal of at least one telegon or router, equipment to be accessed is at least one router broadcast beacon request.At least one router makes feedback to beacon request.After several beacon frames of equipment receiving router feedback to be accessed, based on beacon frame watch-list, the beacon frame received is identified and screened.The beacon frame be displayed in beacon frame watch-list filters and abandons by equipment to be accessed, and retains the beacon frame be not listed in beacon frame watch-list.The beacon frame be retained is stored in beacon buffer memory.The router corresponding with the beacon frame be retained, becomes the associated objects of equipment to be accessed.
Router is carried out screening and being connected based on the historical context number of times in beacon frame by equipment to be accessed.
Be stored in each beacon frame in beacon buffer memory, all with the recorded information of historical context number of times.Equipment to be accessed based on beacon frame watch-list, after getting rid of router that is invalid or that have a record of bad behavior, determines the router needing to carry out associating.Equipment to be accessed according to the historical context number of times of beacon frame in beacon buffer memory number, corresponding with beacon frame successively router sends and associates request, avoids only the strongest with signal wireless network to associate.Equipment to be accessed sends association request to the router that each beacon frame in beacon buffer memory is corresponding.When equipment to be accessed is rejected once, then the degree of incidence increase of corresponding router once.The identification information of equipment to be accessed comprises physical address and the server identification information of equipment to be accessed.Physical address comprises IEEE address.When the identification information that equipment to be accessed is corresponding is not stored in the white list buffer memory of router time, equipment to be accessed can receive the associated response that refusal connects.Equipment to be accessed is after receiving the associated response of refusal, and the router corresponding with the next beacon frame of beacon caching record associates.When equipment to be accessed associates unsuccessfully with last router successively, equipment to be accessed carries out second time association according to the record of beacon buffer memory.Associate unsuccessfully when the first round, in the white list buffer memory of the router that equipment to be accessed associated, may write the identification information of equipment to be accessed.Therefore, now equipment to be accessed sends the second association request taken turns, and just likely obtains the associated response of at least one router, allows equipment access wireless network to be accessed.Taking turns association request when second of equipment to be accessed is all routed after device refuses successively, and equipment to be accessed sends beacon request again.At least one router feeds back this beacon request and sets up beacon buffer memory.
Telegon or router are to equipment feedback beacon frame to be accessed, and equipment to be accessed delays access of radio network based on the process state information in beacon frame.
There is a region to be allocated (pending territory) in the beacon frame of IEEE802.15.4.The data jamming of how many equipment is had in transmission buffer memory in the current telegon that can access of this region instruction or router.The association request of telegon or the corresponding equipment to be accessed of router, to equipment feedback beacon frame to be accessed.In the beacon frame that equipment to be accessed feeds back according to router, the situation in region to be allocated judges whether telegon or router are in busy operating state.If telegon or router are in busy operating state, equipment choice to be accessed is connected networking with this router in cache-time threshold value.Namely equipment to be accessed to be connected with router after waiting for a period of time and to network, and improves the success rate of networking with this.If after the equipment stand-by period to be accessed exceedes cache-time threshold value, such as after buffer memory 255s, still not and any one router successful connection.So, equipment to be accessed initiates association request again, starts new once search and connection.
The information of the identification information of equipment to be accessed with white list record is mated by router, thus carries out white list certification.
Router is preset with white list, the instruction of ZDO layer and white list management processing module.The instruction of ZDO layer comprises refusal networking instruction, allows networking instruction and the checking instruction that networks.White list records the identification information of the equipment allowing access network, comprises physical address and service set information.
According to a preferred implementation, in telegon, be provided with the white list identical with router.After the white list of router increases, deletes, revises, the white list in telegon synchronously carries out increasing, delete and revising.Namely the white list in telegon and the white list in router synchronously change.
Router is treated access device based on white list and is carried out identification information match.Radio Network System comprises at least one router and/or at least one device node.White list is preset in router.Router, after the association request receiving equipment to be accessed, immediately for it distributes short address and link circuit resource, but can not carry out certification with white list.The association request that equipment to be accessed sends comprises globally unique 8 byte IEEE addresses.Whether router meets the condition of networking according to globally unique 8 byte IEEE address validation equipment to be accessed.If the IEEE address of equipment to be accessed meets the physical address information of white list record, so allow equipment access network to be accessed.Router allows networking instruction to equipment feedback to be accessed.Equipment to be accessed is access of radio network after receiving permission networking instruction.
Telegon is not by by disposable each router be broadcast in wireless network of the identification information of the equipment to be accessed of white list certification.If 8 byte IEEE addresses of equipment to be accessed are not mated with the physical address in the identification information of the white list record in router.Router is to equipment feedback refusal networking instruction to be accessed.Meanwhile, the identification information of all equipment to be accessed unaccepted in the unit interval and refusal networking instruction are sent to telegon.Telegon will be routed identification information and unified each router be broadcast in wireless network of refusal networking instruction of the equipment all to be accessed of device refusal in the unit interval, thus will avoid successively sending the broadcast storm caused one by one.If the router in wireless network is connected with other equipment.The information of refusal networking instruction and equipment to be accessed thereof is sent to other equipment by router equally.
According to a preferred implementation, the white list persistence of the router in wireless network allows the identification information of the equipment to be accessed networked.
White list in router permanently can preserve the identification information allowing the equipment to be accessed networked.Such router or telegon at any time certification is carried out to the equipment to be accessed of access network.Due to non-wireless device, function and the human-computer interaction interface (such as FLASHROM or host computer) of persistence data may be supported.Therefore, will the identification information of the equipment to be accessed networked be allowed to be permanently stored in white list, and allow to support that it increases, delete, the operation of change.After non-wireless device receives refusal networking notice, local data can be mated.When the match is successful, if the notified router from directly connecting, then identification information can be written in its white list.If notify the router from other or telegon, then by allowing networking instruction, its identification information is written in the white list of this router.
The record of the white list preset in router can be deleted.Such as the MAC Address of an equipment to be accessed is recorded in the white list of router.After white list certification is passed through, the MAC Address of equipment to be accessed can be sent in the white list of telegon by router.The MAC Address of equipment to be accessed is sent to each router in wireless network by telegon again.If after this MAC Address buffer memory a period of time, such as after buffer memory 255s, this MAC Address deletes by this router from white list.Avoid the equipment continuous print to be accessed of malice to be linked in wireless network like this, promote the fail safe of wireless network.
Telegon or router respond the networking checking instruction of equipment to be accessed, verify that equipment to be accessed is by white list certification.
After the router in wireless network receives the association request that equipment to be accessed sends again, equipment to be accessed just directly by checking, successfully can add wireless network.And after an equipment to be accessed successfully adds network, the checking instruction that networks can be sent to the requested router of association again, determine that whether oneself is by the legal access of radio network of the mode of white list.Router response networks and verifies instruction, confirms that this equipment to be accessed is by white list certification.Router is according to the instruction of white list authentication record feedback acknowledgment.If equipment to be accessed is not by the legal access of radio network of the approach of white list, then router is not had to make response to networking checking instruction.Equipment to be accessed needs to exit current network, rejoins other wireless network.
Equipment to be accessed is when the white list checking by router, and the related information in its beacon frame is labeled the specific coding of white list.Be programmed into for the specific coding from identity verification in the beacon frame of i.e. equipment to be accessed.After equipment to be accessed successfully adds wireless network, the checking instruction that networks can be sent to the requested router of association again.Equipment to be accessed will be sent to router by the related information of encoding in beacon frame.After router receives related information, search the specific coding in related information.If specific coding is consistent with the specific coding added in white list proof procedure, be then formally connected with equipment to be accessed, start network information transmission.If the specific coding that specific coding and white list add in verifying is inconsistent, then illustrate that equipment to be accessed is not that the approach verified by white list adds wireless network.Equipment to be accessed needs to exit current network, again searches for and adds other wireless network.
As shown in Figure 2, the invention provides a kind of cut-in method of wireless network, the step of cut-in method comprises:
Equipment to be accessed carries out white list certification according to the mode of screening at least one wireless device based on beacon frame watch-list and described wireless device;
By the equipment described to be accessed of described white list certification to delay the mode access of radio network accessed;
Described equipment to be accessed carries out from checking to the described wireless device of association, thus access of radio network.
According to a preferred implementation, the step that equipment to be accessed carries out white list certification according to the mode of screening at least one wireless device based on beacon frame watch-list and described wireless device comprises:
Based on beacon frame watch-list, at least one wireless device is screened;
Based on beacon frame information, the screening of historical context number of times is carried out at least one wireless device;
White list checking is carried out to the described wireless device through screening.
According to a preferred implementation, describedly based on beacon frame watch-list, the step that at least one wireless device screens to be comprised:
Described equipment to be accessed sends beacon request to wireless device described at least one;
Receive at least one beacon frame of at least one wireless device feedback;
The beacon frame of deletion record in described blacklist also retains remaining beacon frame;
Select at least one wireless device corresponding with the described beacon frame retained.
According to a preferred implementation, describedly based on beacon frame information, the step that at least one wireless device carries out the screening of historical context number of times to be comprised:
Described equipment to be accessed based on described historical context number of times record to pre-association at least one described in wireless device arrange shut sequence;
Association request is sent until successful with wireless device association to wireless device circulation described at least one successively based on shut sequence.
According to a preferred implementation, the step that the described described wireless device to passing through screening carries out white list checking comprises:
Described equipment to be accessed sends its physical address and mates with described white list;
Receive and perform the command adapted thereto that described wireless device sends according to white list authentication result.
According to a preferred implementation, the step receiving the command adapted thereto that described wireless device sends according to white list authentication result comprises:
Described wireless device is in a broadcast manner by physical address and disposable each equipment being broadcast to wireless network of refusal networking password not by the equipment described to be accessed of white list certification.
According to a preferred implementation, the described equipment described to be accessed by described white list certification comprises with the step delaying the mode access of radio network accessed:
Described equipment to be accessed waits for rear access of radio network according to the beacon frame information that described wireless device feeds back in slack time threshold value.
According to a preferred implementation, the physical address of the equipment described to be accessed exceeding slack time threshold value is deleted by described wireless device from described white list.
According to a preferred implementation, described equipment to be accessed is to send the approach of mode from checking access of radio network of the checking instruction that networks to the wireless device with association history.
According to a preferred implementation, described white list persistence allows the physical address of the equipment described to be accessed of access network.
Embodiment one
The router supporting accessing wirelessly to access around device scan to be accessed, obtains the beacon frame of surrounding router.Beacon frame watch-list records invalid beacon frame and has the beacon frame of bad history.Screen according to the beacon frame watch-list routers in equipment to be accessed.The beacon frame deleted and filter out in beacon frame watch-list, retains remaining beacon frame and buffer memory.Select the beacon frame that in the beacon frame retained, signal strength values is maximum.Physical address and service set information is extracted from this beacon frame.Include signal strength values (RSSI value) in beacon frame, compare intensity level by resolving and select the maximum beacon frame of intensity level, the wireless access points of this beacon frame of the maximum explanation of intensity level from equipment to be accessed relatively close to.Equipment to be accessed sends connection request to the router that the beacon frame maximum with intensity level is corresponding.Router after receiving connection request, to equipment allocation address to be accessed and resource.Equipment to be accessed is connected with router, access of radio network.
Embodiment two
Zigbee network acquiescence is opened and is allowed networking function, without the need to being set as that special time is opened or this function manually opened.Router receives the inbound information of equipment to be accessed, comprises the checking ID of equipment to be accessed in inbound information, and equipment to be accessed is all configured with unique checking ID before product export.Afterwards, router can judge that the checking ID of equipment to be accessed is whether in the white list of router.White list presets to be stored in router.If the checking ID of equipment to be accessed is in white list, then equipment to be accessed is allowed to add network.Meanwhile, the to be accessed equipment of certification ID not in white list just cannot add network.Namely network itself initiatively can refuse adding of other equipment to be accessed without permission, ensure that the fail safe of Zigbee network.Further, if there are other Zigbee networks, the checking ID of this log equipment, also in its white list, also can add other Zigbee networks, not by the restriction of a Zigbee network.
The present embodiment comprises the following steps:
S01: router receives the inbound information of equipment to be accessed, inbound information comprises association solicited message, and association solicited message comprises the checking ID of equipment to be accessed.
S02: after router receives association solicited message, judges the checking ID of equipment to be accessed that association solicited message comprises whether in white list.
S03: if, router then allows equipment to be accessed to add network.
The inbound information of equipment to be accessed in the present embodiment, comprises the BEACON frame that successively sends and associates solicited message, associating the checking ID that solicited message comprises equipment to be accessed.The BEACON frame successively sent with associate below solicited message correspondence two steps:
1) equipment to be accessed first broadcast transmission BEACONREQUEST frame, with search network; After router receives BEACONREQUEST frame, send BEACON frame, BEACON frame comprises the information of this network.
2) equipment to be accessed receives BEACON frame and confirms that rear just transmission to router associates solicited message.
Performing after the router of step S02 receives association solicited message, judging to verify ID whether in white list.Then if checking ID is in white list, the permission equipment to be accessed performing step S03 adds network.As verified ID not in white list, router directly refuses the association solicited message of equipment to be accessed.
Embodiment three
The present invention will be described for ZigBee-network for the present embodiment.Equipment to be accessed is based on the screening of beacon frame watch-list:
When equipment to be accessed sends beacon request at least one router, and after receiving several beacon frames of router feedback, can filter by beacon frame watch-list the beacon frame received.Every beacon frame in beacon frame watch-list filters to be deleted, and is then kept in beacon buffer memory by remaining beacon frame.This is the first time screening that equipment to be accessed carries out at least one router.
Screening based on association history number of times:
After equipment to be accessed sends beacon request at least one router, after receiving multiple beacon frame.Each beacon frame in beacon buffer memory, all has historical context number of times record.Equipment to be accessed can according to the record of the historical context number of times in beacon frame, and router corresponding with it successively initiates to associate request, avoids only the strongest with signal ZigBee-network to associate.After the association once of each beacon frame, degree of incidence increase once.When initiating association to router, likely its physical address is not in the white list of this router.At this moment, the refusal that equipment to be accessed can receive router feedback adds the instruction of network, and then equipment to be accessed continues the next router of association beacon caching record.When in beacon buffer memory, last router associates unsuccessfully, equipment to be accessed can carry out the second association taken turns according to beacon buffer memory.Therefore, associate unsuccessfully when the first round, in the white list buffer memory of the router associated, may be written into the physical address of equipment to be accessed.Now equipment to be accessed carry out again second take turns operation associated, be just likely successfully associated, thus add ZigBee-network.When second take turns association also refused by all-router time, equipment to be accessed at least one router solicitation beacon, sets up beacon buffer memory again.
Equipment to be accessed delays access:
Beacon frame has a region to be allocated.The data jamming of how many equipment is had in transmission buffer memory in the current multiple routers that can access of region instruction to be allocated.When equipment to be accessed receives the too much beacon frame of an area equipment to be allocated, just can judge that this router current operating state is busy.Equipment choice to be accessed is not connected networking with this router immediately, namely delays to access ZigBee-network, improves the success rate of networking with this.
After router receives the association request of equipment to be accessed transmission, can't be that equipment to be accessed distributes short address and link circuit resource at once, but verify with white list buffer memory.If certification is passed through, equipment so to be accessed networks successfully.
If white list certification is not passed through, equipment so to be accessed receives the refusal networking instruction that router sends, and networks unsuccessfully.Router is by the information of equipment to be accessed and refuse networking command broadcast to telegon.Telegon is again by the information of equipment to be accessed and refusal networking command broadcast other routers to whole ZigBee-network.Namely router is broadcast to whole ZigBee-network by unified for the IEEE address of unaccepted equipment to be accessed all in the unit interval.If router often refuses once a just broadcast IEEE address, then can cause broadcast storm, can broadcast storm be avoided by unified broadcast.If the router in ZigBee-network connects the equipment of other non-supporting Zigbee protocol by other interface or communication protocol, also can be refused inbound information and be informed this equipment.And receiving the equipment to be accessed of refusal networking notice, the equipment of other non-supporting Zigbee protocol connected also can receive the notice being rejected networking.
After non-ZigBee equipment receives refusal networking notice, local data can be mated.When the match is successful, if the notified router from directly connecting, then IEEE address can be written in its white list.If notice is from equipment to be accessed, then by allowing networking instruction, be written in the white list of router.
When in white list at telegon of the MAC Address of equipment to be accessed, and after being verified, the MAC Address of this ZigBee equipment can be sent to router by telegon.If this MAC Address cache-time exceedes cache-time threshold value 200S, router will delete the MAC Address of equipment to be accessed.Thus avoid the ZigBee equipment continuous print of malice to be linked in ZigBee-network, promote the fail safe of ZigBee-network.
After at least one router in ZigBee-network receives corresponding association request again, just directly by white list certification, ZigBee-network can be added.After equipment to be accessed successfully adds network, can send to the requested router of association the checking instruction that networks, carry out from checking, to determine oneself whether by the approach access network of white list.If find that equipment to be accessed is not add ZigBee-network by the checking approach of white list from checking, equipment to be accessed can exit current network, rejoins other ZigBee-network.
Equipment to be accessed is when the white list checking by router, and the related information in its beacon frame is labeled the specific coding of white list.Be programmed into for the specific coding from identity verification in the beacon frame of i.e. equipment to be accessed.After equipment to be accessed successfully adds wireless network, the checking instruction that networks can be sent to the requested router of association again.Equipment to be accessed will be sent to router by the related information of encoding in beacon frame.After router receives related information, search the specific coding in related information.If specific coding is consistent with the specific coding added in white list proof procedure, be then formally connected with equipment to be accessed, start network information transmission.If the specific coding that specific coding and white list add in verifying is inconsistent, then illustrate that equipment to be accessed is not that the approach verified by white list adds wireless network.Equipment to be accessed needs to exit current network, again searches for and adds other wireless network.
It should be noted that; above-mentioned specific embodiment is exemplary; those skilled in the art can find out various solution under the inspiration of the disclosure of invention, and these solutions also all belong to open scope of the present invention and fall within protection scope of the present invention.It will be understood by those skilled in the art that specification of the present invention and accompanying drawing thereof are illustrative and not form limitations on claims.Protection scope of the present invention is by claim and equivalents thereof.
Claims (10)
1. a Radio Network System, comprises telegon and at least one router, it is characterized in that,
Described router is screened based on beacon frame watch-list by equipment to be accessed, and
Described router is provided with for carrying out the white list of certification with described equipment to be accessed,
The identification information of the authentication result of described white list and described equipment to be accessed is sent to router described in each by described telegon, to accept/to refuse the connection request again of described equipment to be accessed.
2. Radio Network System as claimed in claim 1, it is characterized in that, described router is based on the beacon request feedback beacon frame of described equipment to be accessed, and the described router that described beacon frame mates with described beacon frame watch-list and described equipment to be accessed carry out white list certification.
3. Radio Network System as claimed in claim 2, it is characterized in that, described router is carried out screening and being connected based on the historical context number of times in described beacon frame by described equipment to be accessed.
4. Radio Network System as claimed in claim 3, it is characterized in that, the information of the identification information of described equipment to be accessed with described white list record is mated by described router, thus carries out white list certification.
5. Radio Network System as claimed in claim 4, is characterized in that, described telegon is not by by disposable each router be broadcast in wireless network of the identification information of the equipment described to be accessed of white list certification.
6. Radio Network System as claimed in claim 5, is characterized in that, described telegon or described router are to described equipment feedback beacon frame to be accessed, and described equipment to be accessed delays access of radio network based on the process state information in described beacon frame.
7. the Radio Network System as described in one of aforementioned claim, is characterized in that, the networking checking instruction of described telegon or the described equipment to be accessed of described router response, verifies that described equipment to be accessed is by white list certification.
8. Radio Network System as claimed in claim 7, is characterized in that, the white list persistence in described router allows the identification information treating log equipment described in networking.
9. a wireless network access method, is characterized in that, the step of described cut-in method comprises:
Telegon or at least one router feed back the beacon request of equipment to be accessed;
Described telegon or described router are carried out screening and being connected based on beacon frame watch-list by equipment to be accessed;
Described telegon or described router carry out white list certification to described equipment to be accessed;
Described telegon or the response of described router network and verify instruction, carry out from checking to make the equipment described to be accessed of access network.
10. wireless network access method as claimed in claim 9, it is characterized in that, the step of described cut-in method also comprises:
Described telegon or described router are carried out screening and being connected based on historical context number of times record in beacon frame by equipment to be accessed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510471313.XA CN105072613B (en) | 2015-08-04 | 2015-08-04 | A kind of Radio Network System and wireless network access method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510471313.XA CN105072613B (en) | 2015-08-04 | 2015-08-04 | A kind of Radio Network System and wireless network access method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105072613A true CN105072613A (en) | 2015-11-18 |
| CN105072613B CN105072613B (en) | 2019-01-08 |
Family
ID=54501865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510471313.XA Active CN105072613B (en) | 2015-08-04 | 2015-08-04 | A kind of Radio Network System and wireless network access method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105072613B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106788615A (en) * | 2016-12-22 | 2017-05-31 | 华南理工大学 | A kind of method and system of quick management bluetooth equipment white list |
| CN108366438A (en) * | 2018-03-09 | 2018-08-03 | 成都世纪光合作用科技有限公司 | The generation cluster network-building method of extensive ad hoc wireless communication and raw clustered network |
| CN108540547A (en) * | 2018-03-29 | 2018-09-14 | 四川斐讯信息技术有限公司 | A kind of router connection method, device, system and router |
| CN108540497A (en) * | 2018-06-01 | 2018-09-14 | 深圳市彬讯科技有限公司 | Intelligent gateway and its connection control method |
| CN108881328A (en) * | 2018-09-29 | 2018-11-23 | 北京东土军悦科技有限公司 | Packet filtering method, device, gateway and storage medium |
| CN109275202A (en) * | 2017-07-18 | 2019-01-25 | 上海顺舟智能科技股份有限公司 | A kind of wireless networking method of ZigBee-network |
| CN109495888A (en) * | 2018-12-04 | 2019-03-19 | 深圳市四海伽蓝电子科技有限公司 | Certification connection mechanism method based on wireless signal strength |
| CN109743402A (en) * | 2019-01-31 | 2019-05-10 | 深圳云合科技有限公司 | Processing method, transmission method, receiver and the device for answering question of answering information |
| CN109921966A (en) * | 2019-03-01 | 2019-06-21 | 苏州华盖信息科技有限公司 | Smart home device matches network method and smart home system |
| CN110035565A (en) * | 2018-01-12 | 2019-07-19 | 联发科技股份有限公司 | A kind of method and communication device for avoiding establishing inefficient wireless connection |
| CN110309505A (en) * | 2019-05-27 | 2019-10-08 | 重庆高开清芯科技产业发展有限公司 | A kind of data format self-analytic data method of word-based insertion semantic analysis |
| CN110740490A (en) * | 2019-10-22 | 2020-01-31 | 深圳市信锐网科技术有限公司 | Terminal network access method, gateway equipment, system, storage medium and device |
| CN112787884A (en) * | 2020-12-28 | 2021-05-11 | 北京小米移动软件有限公司 | Networking method and device and storage medium |
| CN113970893A (en) * | 2021-09-10 | 2022-01-25 | 江苏方天电力技术有限公司 | Power consumption monitoring terminal equipment and immediate installation and immediate acquisition method thereof |
| CN114338074A (en) * | 2021-11-09 | 2022-04-12 | 国网浙江省电力有限公司宁波供电公司 | Automatic detection method and detection system for IP white list of power distribution terminal |
| WO2023050876A1 (en) * | 2021-09-29 | 2023-04-06 | 青岛海尔空调器有限总公司 | Method and apparatus for network configuration of internet-of-things device, and router and internet-of-things device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006262176A (en) * | 2005-03-17 | 2006-09-28 | Tdk Corp | Onboard radio lan device |
| CN101848514A (en) * | 2009-03-23 | 2010-09-29 | 华为技术有限公司 | Method for switching WiMAX access network to WiFi access network and relevant equipment |
| CN102833824A (en) * | 2012-08-30 | 2012-12-19 | 福建星网锐捷网络有限公司 | Access method and device for wireless local area network and network equipment |
| CN103379480A (en) * | 2012-04-17 | 2013-10-30 | 腾讯科技(深圳)有限公司 | Wireless network connection method and wireless network connection apparatus |
| CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
| CN104144472A (en) * | 2014-08-06 | 2014-11-12 | 广东欧珀移动通信有限公司 | Wireless router scanning method and system |
-
2015
- 2015-08-04 CN CN201510471313.XA patent/CN105072613B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006262176A (en) * | 2005-03-17 | 2006-09-28 | Tdk Corp | Onboard radio lan device |
| CN101848514A (en) * | 2009-03-23 | 2010-09-29 | 华为技术有限公司 | Method for switching WiMAX access network to WiFi access network and relevant equipment |
| CN103379480A (en) * | 2012-04-17 | 2013-10-30 | 腾讯科技(深圳)有限公司 | Wireless network connection method and wireless network connection apparatus |
| CN102833824A (en) * | 2012-08-30 | 2012-12-19 | 福建星网锐捷网络有限公司 | Access method and device for wireless local area network and network equipment |
| CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
| CN104144472A (en) * | 2014-08-06 | 2014-11-12 | 广东欧珀移动通信有限公司 | Wireless router scanning method and system |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106788615B (en) * | 2016-12-22 | 2022-08-12 | 华南理工大学 | Method and system for rapidly managing white list of Bluetooth equipment |
| CN106788615A (en) * | 2016-12-22 | 2017-05-31 | 华南理工大学 | A kind of method and system of quick management bluetooth equipment white list |
| CN109275202A (en) * | 2017-07-18 | 2019-01-25 | 上海顺舟智能科技股份有限公司 | A kind of wireless networking method of ZigBee-network |
| CN110035565A (en) * | 2018-01-12 | 2019-07-19 | 联发科技股份有限公司 | A kind of method and communication device for avoiding establishing inefficient wireless connection |
| CN108366438A (en) * | 2018-03-09 | 2018-08-03 | 成都世纪光合作用科技有限公司 | The generation cluster network-building method of extensive ad hoc wireless communication and raw clustered network |
| CN108540547A (en) * | 2018-03-29 | 2018-09-14 | 四川斐讯信息技术有限公司 | A kind of router connection method, device, system and router |
| CN108540497A (en) * | 2018-06-01 | 2018-09-14 | 深圳市彬讯科技有限公司 | Intelligent gateway and its connection control method |
| CN108881328A (en) * | 2018-09-29 | 2018-11-23 | 北京东土军悦科技有限公司 | Packet filtering method, device, gateway and storage medium |
| CN108881328B (en) * | 2018-09-29 | 2021-02-23 | 北京东土军悦科技有限公司 | Data packet filtering method and device, gateway equipment and storage medium |
| CN109495888A (en) * | 2018-12-04 | 2019-03-19 | 深圳市四海伽蓝电子科技有限公司 | Certification connection mechanism method based on wireless signal strength |
| CN109743402A (en) * | 2019-01-31 | 2019-05-10 | 深圳云合科技有限公司 | Processing method, transmission method, receiver and the device for answering question of answering information |
| CN109921966A (en) * | 2019-03-01 | 2019-06-21 | 苏州华盖信息科技有限公司 | Smart home device matches network method and smart home system |
| CN109921966B (en) * | 2019-03-01 | 2021-05-14 | 深圳冠特家居健康系统有限公司 | Network distribution method of intelligent household equipment and intelligent household system |
| CN110309505A (en) * | 2019-05-27 | 2019-10-08 | 重庆高开清芯科技产业发展有限公司 | A kind of data format self-analytic data method of word-based insertion semantic analysis |
| CN110740490A (en) * | 2019-10-22 | 2020-01-31 | 深圳市信锐网科技术有限公司 | Terminal network access method, gateway equipment, system, storage medium and device |
| CN112787884A (en) * | 2020-12-28 | 2021-05-11 | 北京小米移动软件有限公司 | Networking method and device and storage medium |
| US11805468B2 (en) | 2020-12-28 | 2023-10-31 | Beijing Xiaomi Mobile Software Co., Ltd. | Method and device for networking |
| CN113970893A (en) * | 2021-09-10 | 2022-01-25 | 江苏方天电力技术有限公司 | Power consumption monitoring terminal equipment and immediate installation and immediate acquisition method thereof |
| WO2023050876A1 (en) * | 2021-09-29 | 2023-04-06 | 青岛海尔空调器有限总公司 | Method and apparatus for network configuration of internet-of-things device, and router and internet-of-things device |
| CN114338074A (en) * | 2021-11-09 | 2022-04-12 | 国网浙江省电力有限公司宁波供电公司 | Automatic detection method and detection system for IP white list of power distribution terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105072613B (en) | 2019-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105072613A (en) | Wireless network system and wireless network access method | |
| JP3585422B2 (en) | Access point device and authentication processing method thereof | |
| JP6416409B2 (en) | Access point steering | |
| EP3080963B1 (en) | Methods, devices and systems for dynamic network access administration | |
| EP1589703B1 (en) | System and method for accessing a wireless network | |
| US20180091526A1 (en) | MITIGATING AN INTERNET OF THINGS (IoT) WORM | |
| KR101910605B1 (en) | System and method for controlling network access of wireless terminal | |
| CN105682093A (en) | Wireless network access method and access device, and client | |
| CN101379795A (en) | address assignment by a DHCP server while client credentials are checked by an authentication server | |
| CN109413649B (en) | Access authentication method and device | |
| KR100666947B1 (en) | Network Access Method of WLAN Terminal And Network system thereof | |
| CN107421060A (en) | Air conditioner communication means and air conditioner based on NB IoT networks | |
| WO2016131289A1 (en) | Method, device and user equipment for testing security of wireless hotspot | |
| CN106686592B (en) | Network access method and system with authentication | |
| CN101677440A (en) | Method, system and safe gateway of access point authentication | |
| CN106685843B (en) | Method for safely strengthening router | |
| WO2015196679A1 (en) | Authentication method and apparatus for wireless access | |
| US11683312B2 (en) | Client device authentication to a secure network | |
| US20210243188A1 (en) | Methods and apparatus for authenticating devices | |
| CN106102066A (en) | A kind of wireless network secure certification devices and methods therefor, a kind of router | |
| CN106535189B (en) | Network access control information configuration method and device and exit gateway | |
| JP2003318939A (en) | Communication system and control method thereof | |
| JP2018097821A (en) | Control device and communication control method | |
| JP2005167580A (en) | Access control method and apparatus in wireless lan system | |
| CN107566190B (en) | Wireless access point management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A wireless network system and wireless network access method Effective date of registration: 20230203 Granted publication date: 20190108 Pledgee: Agricultural Bank of China Co.,Ltd. Chengdu Tianfu New Area Branch Pledgor: CHENGDU CENTURY PHOTOSYNTHESIS TECHNOLOGY Co.,Ltd. Registration number: Y2023510000040 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |