CN105681352A - Wi-Fi access security control method and system - Google Patents

Wi-Fi access security control method and system Download PDF

Info

Publication number
CN105681352A
CN105681352A CN201610160900.1A CN201610160900A CN105681352A CN 105681352 A CN105681352 A CN 105681352A CN 201610160900 A CN201610160900 A CN 201610160900A CN 105681352 A CN105681352 A CN 105681352A
Authority
CN
China
Prior art keywords
reception device
radio reception
terminal unit
described terminal
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610160900.1A
Other languages
Chinese (zh)
Other versions
CN105681352B (en
Inventor
郭胜
马文驷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Rongteng Science And Technology Co Ltd
Original Assignee
Shenzhen Rongteng Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Rongteng Science And Technology Co Ltd filed Critical Shenzhen Rongteng Science And Technology Co Ltd
Priority to CN201610160900.1A priority Critical patent/CN105681352B/en
Publication of CN105681352A publication Critical patent/CN105681352A/en
Application granted granted Critical
Publication of CN105681352B publication Critical patent/CN105681352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided is a Wi-Fi (Wireless-Fidelity) access security control method, comprising the steps of: a terminal device sending an access request to a first wireless access device; a second wireless access device monitoring the communication information between the terminal device and the first wireless access device so as to obtain the relevant information between the first wireless access device and the terminal device; the second wireless access device determining whether the terminal device is allowed to access a network, and sending a message of refusing access to the terminal device if the terminal device is not allowed to access a network; the terminal device sending an access request to a third wireless access device; and the third wireless access device determining whether the terminal device is allowed to access a network, and allowing the terminal device to access the internet and monitoring the Internet behavior of the terminal device if the terminal device is allowed to access a network. The invention also discloses a Wi-Fi access security control system.

Description

A kind of wireless network access security control method and system
Technical field
The present invention relates to a kind of wireless network access security control method and system.
Background technology
At present, smart mobile phone becomes the carrier of the various information of user, stores a large amount of important information. Along with the fast development of wireless network (Wireless-Fidelity, Wi-Fi) technology, smart mobile phone also becomes the preferred object of malicious attack. The security threat significant portion of smart mobile phone from individual privacy divulge a secret and various malice is deducted fees software. These Malwares utilize leak abuse authority opponent's machine of conventional authority mechanism to attack, and What is more spies upon privacy at Background scheduling hardware. Existing Wi-Fi security control method, the communication data between monitoring mobile terminal and radio reception device that can only be passive, and optionally shielding cannot be accomplished and filter mobile terminal accessing the Internet.
Summary of the invention
In view of more than, it is necessary to a kind of wireless network access security control method and system be provided, and then optionally filter mobile terminal and connect radio reception device by wireless network and access the Internet.
A kind of wireless network access security control method, comprises the following steps:
Access request is sent to one first radio reception device by a terminal unit;
The communication information between described terminal unit and described first radio reception device is monitored, to obtain the relevant information of described first radio reception device and described terminal unit by one second radio reception device;
According to the relevant information of the described terminal unit obtained, described second radio reception device judges whether described terminal unit is the equipment allowing to access,
If described terminal unit is the equipment allowing to access, described first radio reception device allows the access request of described terminal unit, and described terminal unit accesses the Internet by described first radio reception device,
As described terminal unit does not allow for the equipment of access, described second radio reception device sends the information of a denied access to described terminal unit;
By described second radio reception device, the relevant information of the described terminal unit obtained is sent to one the 3rd radio reception device;
Access request is sent to described 3rd radio reception device by described terminal unit;
Described 3rd radio reception device judges whether described terminal unit is the equipment allowing to access,
If described terminal unit is the equipment allowing to access, described 3rd radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described 3rd radio reception device, and the internet behavior of described terminal unit is monitored by described 3rd radio reception device
As described terminal unit does not allow for the equipment of access, described 3rd radio reception device refuses the access request of described terminal unit, thus forbidding that described terminal unit accesses the Internet.
A kind of system being applied to above-mentioned wireless network access security control method, including one first radio reception device and a terminal unit, described terminal unit sends access request to described first radio reception device and carries out communication with described first radio reception device, described wireless network access security management and control system also includes a wireless network control unit, described wireless network control unit includes one second radio reception device and one the 3rd radio reception device, described second radio reception device monitors the communication information between described terminal unit and described first radio reception device, and its access the Internet is refused when described terminal unit is and does not allow the equipment accessed, described 3rd radio reception device receives the access request that described terminal unit sends, and allow described terminal unit to access the Internet when described terminal unit is and allows the equipment accessed, the internet behavior of described terminal unit is monitored by described 3rd radio reception device.
Compared to prior art, by described second radio reception device, wireless network access security control method of the present invention and system judge whether described terminal unit is the equipment allowing to access, and by described 3rd radio reception device, the internet behavior of described terminal unit is monitored, can effectively filter out unauthorized device and access the Internet by described first radio reception device, make the terminal called satisfied condition unimpeded, and the terminal being unsatisfactory for condition cannot access the Internet or it accesses all data of the Internet all among monitor in real time.
Accompanying drawing explanation
Fig. 1 is the structure chart of wireless network access security management and control system of the present invention.
Fig. 2 is the flow chart of wireless network access security control method of the present invention.
Detailed description of the invention
Refer to Fig. 1, the better embodiment of a kind of wireless network access security management and control system of the present invention includes one first radio reception device 100, wireless network control unit 200 and a terminal unit 300. Described wireless network control unit 200 includes one second radio reception device 210 and one the 3rd radio reception device 220. Described terminal unit 300 can pass through some communication links and communicate wirelessly with described first radio reception device 100, described second radio reception device 210 and described 3rd radio reception device 220 respectively. Described first radio reception device 100 and described 3rd radio reception device 220 are connected to the Internet 400 respectively through fiber broadband.
Wherein, described first radio reception device 100 can be a public wireless router.
Wherein, described second radio reception device 210 can be a monitoring wireless router, stores the MAC(MediaAccessControl that a permission accesses, media access control layer in described second radio reception device 210) address list.
Wherein, described 3rd radio reception device 220 can be a management and control wireless router, stores the MAC Address list that a permission accesses in described 3rd radio reception device 220.
Wherein, the MAC Address list stored in described first radio reception device 100 is different with the MAC Address list stored in described 3rd radio reception device 220.
Wherein, described terminal unit 300 can be a communication terminal, such as smart mobile phone or panel computer.
Described terminal unit 300 and described first radio reception device 100, some communication links between described second radio reception device 210 and described 3rd radio reception device 220 include one first communication link 510,1 second communication link 520, the 3rd communication link 530, the 4th communication link 540 and one the 5th communication link 550.
Described terminal unit 300 carries out communication via described first communication link 510 and described first radio reception device 100, described terminal unit 300 can pass through described first communication link 510 and enjoy the network service that described first radio reception device 100 provides, and then accesses the Internet 400 by described first radio reception device 100.
Described second radio reception device 210 monitors the communication information between described terminal unit 300 and described first radio reception device 100 via described second communication link 520. Described second radio reception device 210 sends denied access information via described 3rd communication link 530 to described terminal unit 300.
Described terminal unit 300 carries out communication via described 4th communication link 540 and described 3rd radio reception device 220, described terminal unit 300 can pass through described 4th communication link 540 and enjoy the network service that described 3rd radio reception device 220 provides, and then accesses the Internet 400 by described 3rd radio reception device 220.
Communication information between the described terminal unit 300 monitored and described first radio reception device 100 is sent to described 3rd radio reception device 220 via described 5th communication link 550 by described second radio reception device 210.
Refer to Fig. 2, for adopting the described terminal unit 300 that above-mentioned wireless network access security management and control system docking enters system to carry out the flow chart of management-control method of security management and control, this management-control method comprises the following steps:
S201: described terminal unit 300 sends access request via described first communication link 510 to described first radio reception device 100;
S202: described second radio reception device 210 monitors the described terminal unit 300 on described first communication link 510 and the communication information between described first radio reception device 100 via described second communication link 520, to obtain the relevant information of described first radio reception device 100 and described terminal unit 300, SSID(ServiceSetIdentifier such as described first radio reception device 100, service set) information, IP(InternetProtocol, procotol) address information and mac address information, described first radio reception device 100 information list that the mac address information of described terminal unit 300 and described terminal unit 300 often access,
S203: the MAC Address list allowing to access of the mac address information of the described terminal unit 300 monitored and its storage is compared by described second radio reception device 210, whether the MAC Address to judge described terminal unit 300 is allowing in the MAC Address list accessed
MAC Address such as described terminal unit 300 is allowing in the MAC Address list accessed, described first radio reception device 100 allows the access request of described terminal unit 300, described terminal unit 300 accesses the Internet 400 by described first radio reception device 100, return step S202 simultaneously, described second radio reception device 210 continues monitoring and accesses other terminal unit 300 of described first radio reception device 100
If the MAC Address of described terminal unit 300 is not allowing in the MAC Address list accessed, enter step S204;
S204: its SSID information is changed to the same with described first radio reception device 100 by described second radio reception device 210, and then described first radio reception device 100 that disguises oneself as;
S205: the SSID information of one of them the first radio reception device 100 in described first radio reception device 100 information list that mac address information and the described terminal unit 300 of the described terminal unit 300 monitored often are accessed by described second radio reception device 210 is sent to described 3rd radio reception device 220;
S206: its SSID information is changed to the same with the SSID information of one of them the first radio reception device 100 that described second radio reception device 210 sends by described 3rd radio reception device 220, and then one of them first radio reception device 100 that the described terminal unit 300 that disguises oneself as often accesses;
S207: described second radio reception device 210 receives the access request that described terminal unit 300 sends, and sends the information of a denied access to described terminal unit 300 via described second communication link 520,
Owing to the SSID information of described second radio reception device 210 has been changed to the same with described first radio reception device 100, described terminal unit 300 cannot access described first radio reception device 100 again;
S208: described terminal unit 300 sends access request to described 3rd radio reception device 220;
S209: the MAC Address list allowing to access of the mac address information of the described terminal unit 300 received and its storage is compared by described 3rd radio reception device 220, whether the MAC Address to judge described terminal unit 300 is allowing in the MAC Address list accessed
S210: described 3rd radio reception device 220 allows the access request of described terminal unit 300, described terminal unit 300 accesses the Internet 400 by described 3rd radio reception device 220, the internet behavior of described terminal unit 300 is monitored by described 3rd radio reception device 220 simultaneously
S211: described 3rd radio reception device 220 refuses the access request of described terminal unit 300, thus forbidding that described terminal unit 300 accesses the Internet 400.
By described second radio reception device 210, wireless network access security control method of the present invention and system judge whether described terminal unit 300 is the equipment allowing to access, and by described 3rd radio reception device 220, the internet behavior of described terminal unit 300 is monitored, can effectively filter out unauthorized device and access the Internet 400 by described first radio reception device 100, make the terminal called satisfied condition unimpeded, and the terminal being unsatisfactory for condition cannot access the Internet 400 or it accesses all data of the Internet 400 all among monitor in real time.

Claims (10)

1. a wireless network access security control method, comprises the following steps: send access request by a terminal unit to one first radio reception device, the communication information between described terminal unit and described first radio reception device is monitored, to obtain the relevant information of described first radio reception device and described terminal unit by one second radio reception device, according to the relevant information of the described terminal unit obtained, described second radio reception device judges whether described terminal unit is the equipment allowing to access, if described terminal unit is the equipment allowing to access, described first radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described first radio reception device, as described terminal unit does not allow for the equipment of access, described second radio reception device sends the information of a denied access to described terminal unit, by described second radio reception device, the relevant information of the described terminal unit obtained is sent to one the 3rd radio reception device, access request is sent to described 3rd radio reception device by described terminal unit, described 3rd radio reception device judges whether described terminal unit is the equipment allowing to access, if described terminal unit is the equipment allowing to access, described 3rd radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described 3rd radio reception device, the internet behavior of described terminal unit is monitored by described 3rd radio reception device, as described terminal unit does not allow for the equipment of access, described 3rd radio reception device refuses the access request of described terminal unit, thus forbidding that described terminal unit accesses the Internet.
2. wireless network access security control method as claimed in claim 1, it is characterized in that: the relevant information of described first radio reception device includes its SSID(ServiceSetIdentifier, service set) information, IP(InternetProtocol, procotol) address information and MAC(MediaAccessControl, media access control layer) address information, the described first radio reception device information list that the relevant information of described terminal unit includes its mac address information and described terminal unit often accesses.
3. wireless network access security control method as claimed in claim 2, it is characterized in that: described first radio reception device can be a public wireless router, described second radio reception device can be a monitoring wireless router, the MAC Address list that a permission accesses is stored in described second radio reception device, described 3rd radio reception device can be a management and control wireless router, stores the MAC Address list that a permission accesses in described 3rd radio reception device.
4. wireless network access security control method as claimed in claim 3, it is characterised in that: the MAC Address list stored in described first radio reception device is different with the MAC Address list stored in described 3rd radio reception device.
5. wireless network access security control method as claimed in claim 4, it is characterized in that: the MAC Address list allowing to access of the mac address information of the described terminal unit monitored and its storage is compared by described second radio reception device, whether the MAC Address to judge described terminal unit is allowing in the MAC Address list accessed.
6. wireless network access security control method as claimed in claim 5, it is characterized in that: the MAC Address such as described terminal unit is allowing in the MAC Address list accessed, described first radio reception device allows the access request of described terminal unit, described second radio reception device continues monitoring and accesses other terminal unit of described first radio reception device, MAC Address such as described terminal unit is not allowing in the MAC Address list accessed, its SSID information is changed to the same with described first radio reception device by described second radio reception device, and then described first radio reception device that disguises oneself as, now described terminal unit cannot access described first radio reception device again.
7. wireless network access security control method as claimed in claim 6, it is characterized in that: the SSID information of one of them the first radio reception device in the described first radio reception device information list that mac address information and the described terminal unit of the described terminal unit monitored often are accessed by described second radio reception device is sent to described 3rd radio reception device, the SSID information that its SSID information is changed to by described 3rd radio reception device with described second radio reception device sends one of them the first radio reception device come is the same, and then one of them first radio reception device that the described terminal unit that disguises oneself as often accesses.
8. the system being applied to above-mentioned wireless network access security control method, including one first radio reception device and a terminal unit, described terminal unit sends access request to described first radio reception device and carries out communication with described first radio reception device, it is characterized in that: described wireless network access security management and control system also includes a wireless network control unit, described wireless network control unit includes one second radio reception device and one the 3rd radio reception device, described second radio reception device monitors the communication information between described terminal unit and described first radio reception device, and its access the Internet is refused when described terminal unit is and does not allow the equipment accessed, described 3rd radio reception device receives the access request that described terminal unit sends, and allow described terminal unit to access the Internet when described terminal unit is and allows the equipment accessed, the internet behavior of described terminal unit is monitored by described 3rd radio reception device.
9. wireless network access security management and control system as claimed in claim 8, it is characterized in that: described first radio reception device can be a public wireless router, described second radio reception device can be a monitoring wireless router, and described 3rd radio reception device can be a management and control wireless router.
10. wireless network access security management and control system as claimed in claim 9, it is characterized in that: in described second radio reception device, store the MAC Address list that a permission accesses, storing the MAC Address list that a permission accesses in described 3rd radio reception device, the MAC Address list stored in described first radio reception device is different with the MAC Address list stored in described 3rd radio reception device.
CN201610160900.1A 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system Active CN105681352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610160900.1A CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610160900.1A CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Publications (2)

Publication Number Publication Date
CN105681352A true CN105681352A (en) 2016-06-15
CN105681352B CN105681352B (en) 2019-03-19

Family

ID=56215236

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610160900.1A Active CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Country Status (1)

Country Link
CN (1) CN105681352B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586928A (en) * 2018-12-21 2019-04-05 杭州全维技术股份有限公司 A kind of internet behavior blocking-up method based on the network equipment
CN109788481A (en) * 2019-01-25 2019-05-21 刘美连 A kind of method and device for preventing from illegally accessing monitoring
CN111866995A (en) * 2020-07-26 2020-10-30 广云物联网科技(广州)有限公司 WeChat applet-based intelligent device network distribution method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1480395A1 (en) * 2001-03-19 2004-11-24 Sony Corporation Network system
CN103138979A (en) * 2011-11-30 2013-06-05 华为终端有限公司 Network access management method and network access facility
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1480395A1 (en) * 2001-03-19 2004-11-24 Sony Corporation Network system
CN103138979A (en) * 2011-11-30 2013-06-05 华为终端有限公司 Network access management method and network access facility
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586928A (en) * 2018-12-21 2019-04-05 杭州全维技术股份有限公司 A kind of internet behavior blocking-up method based on the network equipment
CN109788481A (en) * 2019-01-25 2019-05-21 刘美连 A kind of method and device for preventing from illegally accessing monitoring
CN109788481B (en) * 2019-01-25 2021-12-28 中科大路(青岛)科技有限公司 Method and device for preventing illegal access monitoring
CN111866995A (en) * 2020-07-26 2020-10-30 广云物联网科技(广州)有限公司 WeChat applet-based intelligent device network distribution method and system

Also Published As

Publication number Publication date
CN105681352B (en) 2019-03-19

Similar Documents

Publication Publication Date Title
CN110611723B (en) Scheduling method and device of service resources
CN104935572B (en) Multi-layer right management method and device
KR101910605B1 (en) System and method for controlling network access of wireless terminal
US11356416B2 (en) Service flow control method and apparatus
CN104540134B (en) Wireless access node detection method, wireless network detecting system and server
CN106412901B (en) Anti-network-rubbing wireless routing method and routing system
JP2010518764A (en) Mobile system and method for remote control and monitoring
JP2014511167A (en) Method and system for providing distributed wireless network services
KR20160074612A (en) Security gateway for a regional/home network
US9491625B2 (en) Access point apparatus for configuring multiple security tunnel, and system having the same and method thereof
CN106332070A (en) Secure communication method, device and system
CN107528712A (en) The determination of access rights, the access method of the page and device
US20140150069A1 (en) Method for distinguishing and blocking off network node
CN109995769A (en) A kind of trans-regional full actual time safety management-control method of multi-tier Heterogeneous
CN104093151A (en) Method and device for preventing Wi-Fi (Wireless-Fidelity) hot spot from being illegally accessed
CN105681352A (en) Wi-Fi access security control method and system
CN108111516A (en) Based on WLAN safety communicating method, device and electronic equipment
CN108738015A (en) Network safety protective method, equipment and system
CN105812338A (en) Data access management and control method and network management equipment
CN115134175B (en) Security communication method and device based on authorization strategy
CN102045361A (en) Network security processing method and wireless communications device
CN108696482A (en) A kind of method and device blocking Wi-Fi malicious attacks
KR101335293B1 (en) System for blocking internal network intrusion and method the same
KR101365889B1 (en) Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof
KR102123549B1 (en) Server and method for controlling of internet page access

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant