CN105681352A - Wi-Fi access security control method and system - Google Patents
Wi-Fi access security control method and system Download PDFInfo
- Publication number
- CN105681352A CN105681352A CN201610160900.1A CN201610160900A CN105681352A CN 105681352 A CN105681352 A CN 105681352A CN 201610160900 A CN201610160900 A CN 201610160900A CN 105681352 A CN105681352 A CN 105681352A
- Authority
- CN
- China
- Prior art keywords
- reception device
- radio reception
- terminal unit
- described terminal
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Provided is a Wi-Fi (Wireless-Fidelity) access security control method, comprising the steps of: a terminal device sending an access request to a first wireless access device; a second wireless access device monitoring the communication information between the terminal device and the first wireless access device so as to obtain the relevant information between the first wireless access device and the terminal device; the second wireless access device determining whether the terminal device is allowed to access a network, and sending a message of refusing access to the terminal device if the terminal device is not allowed to access a network; the terminal device sending an access request to a third wireless access device; and the third wireless access device determining whether the terminal device is allowed to access a network, and allowing the terminal device to access the internet and monitoring the Internet behavior of the terminal device if the terminal device is allowed to access a network. The invention also discloses a Wi-Fi access security control system.
Description
Technical field
The present invention relates to a kind of wireless network access security control method and system.
Background technology
At present, smart mobile phone becomes the carrier of the various information of user, stores a large amount of important information. Along with the fast development of wireless network (Wireless-Fidelity, Wi-Fi) technology, smart mobile phone also becomes the preferred object of malicious attack. The security threat significant portion of smart mobile phone from individual privacy divulge a secret and various malice is deducted fees software. These Malwares utilize leak abuse authority opponent's machine of conventional authority mechanism to attack, and What is more spies upon privacy at Background scheduling hardware. Existing Wi-Fi security control method, the communication data between monitoring mobile terminal and radio reception device that can only be passive, and optionally shielding cannot be accomplished and filter mobile terminal accessing the Internet.
Summary of the invention
In view of more than, it is necessary to a kind of wireless network access security control method and system be provided, and then optionally filter mobile terminal and connect radio reception device by wireless network and access the Internet.
A kind of wireless network access security control method, comprises the following steps:
Access request is sent to one first radio reception device by a terminal unit;
The communication information between described terminal unit and described first radio reception device is monitored, to obtain the relevant information of described first radio reception device and described terminal unit by one second radio reception device;
According to the relevant information of the described terminal unit obtained, described second radio reception device judges whether described terminal unit is the equipment allowing to access,
If described terminal unit is the equipment allowing to access, described first radio reception device allows the access request of described terminal unit, and described terminal unit accesses the Internet by described first radio reception device,
As described terminal unit does not allow for the equipment of access, described second radio reception device sends the information of a denied access to described terminal unit;
By described second radio reception device, the relevant information of the described terminal unit obtained is sent to one the 3rd radio reception device;
Access request is sent to described 3rd radio reception device by described terminal unit;
Described 3rd radio reception device judges whether described terminal unit is the equipment allowing to access,
If described terminal unit is the equipment allowing to access, described 3rd radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described 3rd radio reception device, and the internet behavior of described terminal unit is monitored by described 3rd radio reception device
As described terminal unit does not allow for the equipment of access, described 3rd radio reception device refuses the access request of described terminal unit, thus forbidding that described terminal unit accesses the Internet.
A kind of system being applied to above-mentioned wireless network access security control method, including one first radio reception device and a terminal unit, described terminal unit sends access request to described first radio reception device and carries out communication with described first radio reception device, described wireless network access security management and control system also includes a wireless network control unit, described wireless network control unit includes one second radio reception device and one the 3rd radio reception device, described second radio reception device monitors the communication information between described terminal unit and described first radio reception device, and its access the Internet is refused when described terminal unit is and does not allow the equipment accessed, described 3rd radio reception device receives the access request that described terminal unit sends, and allow described terminal unit to access the Internet when described terminal unit is and allows the equipment accessed, the internet behavior of described terminal unit is monitored by described 3rd radio reception device.
Compared to prior art, by described second radio reception device, wireless network access security control method of the present invention and system judge whether described terminal unit is the equipment allowing to access, and by described 3rd radio reception device, the internet behavior of described terminal unit is monitored, can effectively filter out unauthorized device and access the Internet by described first radio reception device, make the terminal called satisfied condition unimpeded, and the terminal being unsatisfactory for condition cannot access the Internet or it accesses all data of the Internet all among monitor in real time.
Accompanying drawing explanation
Fig. 1 is the structure chart of wireless network access security management and control system of the present invention.
Fig. 2 is the flow chart of wireless network access security control method of the present invention.
Detailed description of the invention
Refer to Fig. 1, the better embodiment of a kind of wireless network access security management and control system of the present invention includes one first radio reception device 100, wireless network control unit 200 and a terminal unit 300. Described wireless network control unit 200 includes one second radio reception device 210 and one the 3rd radio reception device 220. Described terminal unit 300 can pass through some communication links and communicate wirelessly with described first radio reception device 100, described second radio reception device 210 and described 3rd radio reception device 220 respectively. Described first radio reception device 100 and described 3rd radio reception device 220 are connected to the Internet 400 respectively through fiber broadband.
Wherein, described first radio reception device 100 can be a public wireless router.
Wherein, described second radio reception device 210 can be a monitoring wireless router, stores the MAC(MediaAccessControl that a permission accesses, media access control layer in described second radio reception device 210) address list.
Wherein, described 3rd radio reception device 220 can be a management and control wireless router, stores the MAC Address list that a permission accesses in described 3rd radio reception device 220.
Wherein, the MAC Address list stored in described first radio reception device 100 is different with the MAC Address list stored in described 3rd radio reception device 220.
Wherein, described terminal unit 300 can be a communication terminal, such as smart mobile phone or panel computer.
Described terminal unit 300 and described first radio reception device 100, some communication links between described second radio reception device 210 and described 3rd radio reception device 220 include one first communication link 510,1 second communication link 520, the 3rd communication link 530, the 4th communication link 540 and one the 5th communication link 550.
Described terminal unit 300 carries out communication via described first communication link 510 and described first radio reception device 100, described terminal unit 300 can pass through described first communication link 510 and enjoy the network service that described first radio reception device 100 provides, and then accesses the Internet 400 by described first radio reception device 100.
Described second radio reception device 210 monitors the communication information between described terminal unit 300 and described first radio reception device 100 via described second communication link 520. Described second radio reception device 210 sends denied access information via described 3rd communication link 530 to described terminal unit 300.
Described terminal unit 300 carries out communication via described 4th communication link 540 and described 3rd radio reception device 220, described terminal unit 300 can pass through described 4th communication link 540 and enjoy the network service that described 3rd radio reception device 220 provides, and then accesses the Internet 400 by described 3rd radio reception device 220.
Communication information between the described terminal unit 300 monitored and described first radio reception device 100 is sent to described 3rd radio reception device 220 via described 5th communication link 550 by described second radio reception device 210.
Refer to Fig. 2, for adopting the described terminal unit 300 that above-mentioned wireless network access security management and control system docking enters system to carry out the flow chart of management-control method of security management and control, this management-control method comprises the following steps:
S201: described terminal unit 300 sends access request via described first communication link 510 to described first radio reception device 100;
S202: described second radio reception device 210 monitors the described terminal unit 300 on described first communication link 510 and the communication information between described first radio reception device 100 via described second communication link 520, to obtain the relevant information of described first radio reception device 100 and described terminal unit 300, SSID(ServiceSetIdentifier such as described first radio reception device 100, service set) information, IP(InternetProtocol, procotol) address information and mac address information, described first radio reception device 100 information list that the mac address information of described terminal unit 300 and described terminal unit 300 often access,
S203: the MAC Address list allowing to access of the mac address information of the described terminal unit 300 monitored and its storage is compared by described second radio reception device 210, whether the MAC Address to judge described terminal unit 300 is allowing in the MAC Address list accessed
MAC Address such as described terminal unit 300 is allowing in the MAC Address list accessed, described first radio reception device 100 allows the access request of described terminal unit 300, described terminal unit 300 accesses the Internet 400 by described first radio reception device 100, return step S202 simultaneously, described second radio reception device 210 continues monitoring and accesses other terminal unit 300 of described first radio reception device 100
If the MAC Address of described terminal unit 300 is not allowing in the MAC Address list accessed, enter step S204;
S204: its SSID information is changed to the same with described first radio reception device 100 by described second radio reception device 210, and then described first radio reception device 100 that disguises oneself as;
S205: the SSID information of one of them the first radio reception device 100 in described first radio reception device 100 information list that mac address information and the described terminal unit 300 of the described terminal unit 300 monitored often are accessed by described second radio reception device 210 is sent to described 3rd radio reception device 220;
S206: its SSID information is changed to the same with the SSID information of one of them the first radio reception device 100 that described second radio reception device 210 sends by described 3rd radio reception device 220, and then one of them first radio reception device 100 that the described terminal unit 300 that disguises oneself as often accesses;
S207: described second radio reception device 210 receives the access request that described terminal unit 300 sends, and sends the information of a denied access to described terminal unit 300 via described second communication link 520,
Owing to the SSID information of described second radio reception device 210 has been changed to the same with described first radio reception device 100, described terminal unit 300 cannot access described first radio reception device 100 again;
S208: described terminal unit 300 sends access request to described 3rd radio reception device 220;
S209: the MAC Address list allowing to access of the mac address information of the described terminal unit 300 received and its storage is compared by described 3rd radio reception device 220, whether the MAC Address to judge described terminal unit 300 is allowing in the MAC Address list accessed
S210: described 3rd radio reception device 220 allows the access request of described terminal unit 300, described terminal unit 300 accesses the Internet 400 by described 3rd radio reception device 220, the internet behavior of described terminal unit 300 is monitored by described 3rd radio reception device 220 simultaneously
S211: described 3rd radio reception device 220 refuses the access request of described terminal unit 300, thus forbidding that described terminal unit 300 accesses the Internet 400.
By described second radio reception device 210, wireless network access security control method of the present invention and system judge whether described terminal unit 300 is the equipment allowing to access, and by described 3rd radio reception device 220, the internet behavior of described terminal unit 300 is monitored, can effectively filter out unauthorized device and access the Internet 400 by described first radio reception device 100, make the terminal called satisfied condition unimpeded, and the terminal being unsatisfactory for condition cannot access the Internet 400 or it accesses all data of the Internet 400 all among monitor in real time.
Claims (10)
1. a wireless network access security control method, comprises the following steps: send access request by a terminal unit to one first radio reception device, the communication information between described terminal unit and described first radio reception device is monitored, to obtain the relevant information of described first radio reception device and described terminal unit by one second radio reception device, according to the relevant information of the described terminal unit obtained, described second radio reception device judges whether described terminal unit is the equipment allowing to access, if described terminal unit is the equipment allowing to access, described first radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described first radio reception device, as described terminal unit does not allow for the equipment of access, described second radio reception device sends the information of a denied access to described terminal unit, by described second radio reception device, the relevant information of the described terminal unit obtained is sent to one the 3rd radio reception device, access request is sent to described 3rd radio reception device by described terminal unit, described 3rd radio reception device judges whether described terminal unit is the equipment allowing to access, if described terminal unit is the equipment allowing to access, described 3rd radio reception device allows the access request of described terminal unit, described terminal unit accesses the Internet by described 3rd radio reception device, the internet behavior of described terminal unit is monitored by described 3rd radio reception device, as described terminal unit does not allow for the equipment of access, described 3rd radio reception device refuses the access request of described terminal unit, thus forbidding that described terminal unit accesses the Internet.
2. wireless network access security control method as claimed in claim 1, it is characterized in that: the relevant information of described first radio reception device includes its SSID(ServiceSetIdentifier, service set) information, IP(InternetProtocol, procotol) address information and MAC(MediaAccessControl, media access control layer) address information, the described first radio reception device information list that the relevant information of described terminal unit includes its mac address information and described terminal unit often accesses.
3. wireless network access security control method as claimed in claim 2, it is characterized in that: described first radio reception device can be a public wireless router, described second radio reception device can be a monitoring wireless router, the MAC Address list that a permission accesses is stored in described second radio reception device, described 3rd radio reception device can be a management and control wireless router, stores the MAC Address list that a permission accesses in described 3rd radio reception device.
4. wireless network access security control method as claimed in claim 3, it is characterised in that: the MAC Address list stored in described first radio reception device is different with the MAC Address list stored in described 3rd radio reception device.
5. wireless network access security control method as claimed in claim 4, it is characterized in that: the MAC Address list allowing to access of the mac address information of the described terminal unit monitored and its storage is compared by described second radio reception device, whether the MAC Address to judge described terminal unit is allowing in the MAC Address list accessed.
6. wireless network access security control method as claimed in claim 5, it is characterized in that: the MAC Address such as described terminal unit is allowing in the MAC Address list accessed, described first radio reception device allows the access request of described terminal unit, described second radio reception device continues monitoring and accesses other terminal unit of described first radio reception device, MAC Address such as described terminal unit is not allowing in the MAC Address list accessed, its SSID information is changed to the same with described first radio reception device by described second radio reception device, and then described first radio reception device that disguises oneself as, now described terminal unit cannot access described first radio reception device again.
7. wireless network access security control method as claimed in claim 6, it is characterized in that: the SSID information of one of them the first radio reception device in the described first radio reception device information list that mac address information and the described terminal unit of the described terminal unit monitored often are accessed by described second radio reception device is sent to described 3rd radio reception device, the SSID information that its SSID information is changed to by described 3rd radio reception device with described second radio reception device sends one of them the first radio reception device come is the same, and then one of them first radio reception device that the described terminal unit that disguises oneself as often accesses.
8. the system being applied to above-mentioned wireless network access security control method, including one first radio reception device and a terminal unit, described terminal unit sends access request to described first radio reception device and carries out communication with described first radio reception device, it is characterized in that: described wireless network access security management and control system also includes a wireless network control unit, described wireless network control unit includes one second radio reception device and one the 3rd radio reception device, described second radio reception device monitors the communication information between described terminal unit and described first radio reception device, and its access the Internet is refused when described terminal unit is and does not allow the equipment accessed, described 3rd radio reception device receives the access request that described terminal unit sends, and allow described terminal unit to access the Internet when described terminal unit is and allows the equipment accessed, the internet behavior of described terminal unit is monitored by described 3rd radio reception device.
9. wireless network access security management and control system as claimed in claim 8, it is characterized in that: described first radio reception device can be a public wireless router, described second radio reception device can be a monitoring wireless router, and described 3rd radio reception device can be a management and control wireless router.
10. wireless network access security management and control system as claimed in claim 9, it is characterized in that: in described second radio reception device, store the MAC Address list that a permission accesses, storing the MAC Address list that a permission accesses in described 3rd radio reception device, the MAC Address list stored in described first radio reception device is different with the MAC Address list stored in described 3rd radio reception device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610160900.1A CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610160900.1A CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105681352A true CN105681352A (en) | 2016-06-15 |
CN105681352B CN105681352B (en) | 2019-03-19 |
Family
ID=56215236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610160900.1A Active CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105681352B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109586928A (en) * | 2018-12-21 | 2019-04-05 | 杭州全维技术股份有限公司 | A kind of internet behavior blocking-up method based on the network equipment |
CN109788481A (en) * | 2019-01-25 | 2019-05-21 | 刘美连 | A kind of method and device for preventing from illegally accessing monitoring |
CN111866995A (en) * | 2020-07-26 | 2020-10-30 | 广云物联网科技(广州)有限公司 | WeChat applet-based intelligent device network distribution method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1480395A1 (en) * | 2001-03-19 | 2004-11-24 | Sony Corporation | Network system |
CN103138979A (en) * | 2011-11-30 | 2013-06-05 | 华为终端有限公司 | Network access management method and network access facility |
CN103731425A (en) * | 2013-12-31 | 2014-04-16 | 迈普通信技术股份有限公司 | Network wireless terminal access control method and system |
CN104902531A (en) * | 2014-03-03 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Network connection method, application authentication server, terminal and router |
-
2016
- 2016-03-21 CN CN201610160900.1A patent/CN105681352B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1480395A1 (en) * | 2001-03-19 | 2004-11-24 | Sony Corporation | Network system |
CN103138979A (en) * | 2011-11-30 | 2013-06-05 | 华为终端有限公司 | Network access management method and network access facility |
CN103731425A (en) * | 2013-12-31 | 2014-04-16 | 迈普通信技术股份有限公司 | Network wireless terminal access control method and system |
CN104902531A (en) * | 2014-03-03 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Network connection method, application authentication server, terminal and router |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109586928A (en) * | 2018-12-21 | 2019-04-05 | 杭州全维技术股份有限公司 | A kind of internet behavior blocking-up method based on the network equipment |
CN109788481A (en) * | 2019-01-25 | 2019-05-21 | 刘美连 | A kind of method and device for preventing from illegally accessing monitoring |
CN109788481B (en) * | 2019-01-25 | 2021-12-28 | 中科大路(青岛)科技有限公司 | Method and device for preventing illegal access monitoring |
CN111866995A (en) * | 2020-07-26 | 2020-10-30 | 广云物联网科技(广州)有限公司 | WeChat applet-based intelligent device network distribution method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105681352B (en) | 2019-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110611723B (en) | Scheduling method and device of service resources | |
CN104935572B (en) | Multi-layer right management method and device | |
KR101910605B1 (en) | System and method for controlling network access of wireless terminal | |
US11356416B2 (en) | Service flow control method and apparatus | |
CN104540134B (en) | Wireless access node detection method, wireless network detecting system and server | |
CN106412901B (en) | Anti-network-rubbing wireless routing method and routing system | |
JP2010518764A (en) | Mobile system and method for remote control and monitoring | |
JP2014511167A (en) | Method and system for providing distributed wireless network services | |
KR20160074612A (en) | Security gateway for a regional/home network | |
US9491625B2 (en) | Access point apparatus for configuring multiple security tunnel, and system having the same and method thereof | |
CN106332070A (en) | Secure communication method, device and system | |
CN107528712A (en) | The determination of access rights, the access method of the page and device | |
US20140150069A1 (en) | Method for distinguishing and blocking off network node | |
CN109995769A (en) | A kind of trans-regional full actual time safety management-control method of multi-tier Heterogeneous | |
CN104093151A (en) | Method and device for preventing Wi-Fi (Wireless-Fidelity) hot spot from being illegally accessed | |
CN105681352A (en) | Wi-Fi access security control method and system | |
CN108111516A (en) | Based on WLAN safety communicating method, device and electronic equipment | |
CN108738015A (en) | Network safety protective method, equipment and system | |
CN105812338A (en) | Data access management and control method and network management equipment | |
CN115134175B (en) | Security communication method and device based on authorization strategy | |
CN102045361A (en) | Network security processing method and wireless communications device | |
CN108696482A (en) | A kind of method and device blocking Wi-Fi malicious attacks | |
KR101335293B1 (en) | System for blocking internal network intrusion and method the same | |
KR101365889B1 (en) | Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof | |
KR102123549B1 (en) | Server and method for controlling of internet page access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |