Anti-network-rubbing wireless routing method and routing system
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a network rubbing prevention wireless routing method and a routing system.
Background
With the development of communication technology, people are becoming more and more accustomed to using wireless networks for various activities, such as watching videos, shopping, browsing web pages, and the like. At present, people often connect to a wireless network through the wireless function of a router. The wireless function of the router is to forward the broadband network signal to nearby wireless network devices, such as notebook computers, smart phones and all devices with WiFi function, through an antenna.
The encryption commonly used by the router is the ordinary WPA (WiFi Protected Access) -PSK (pre-shared key) encryption. WPA is a protocol and algorithm for security using keys, which changes the way keys are generated, transforms keys more frequently to obtain security, and adds a message integrity check function to prevent packet forgery. The wireless network device can be connected to the router if the authentication is successful by inputting the password of the SSID (Service Set identifier) of the wireless network, and cannot be connected to the router to access the network if the authentication is failed.
In the process of implementing the invention, the inventor finds that the prior art has at least the following problems:
the existing authentication processing mode enhances the mobility of network users and makes network use more convenient and safer, but brings convenience for some users to crack wireless passwords of other people through brute force cracking. The brute force cracking method is that the SSID of other people is connected at a high speed by using different passwords through software, so that the password of the SSID is cracked within a certain time. The existing WPA-PSK encryption is easy to crack because only one layer of password is used as security protection, so that wireless network resources are maliciously occupied, and meanwhile, great potential safety hazards are brought.
It should be noted that the above background description is only for the sake of clarity and complete description of the technical solutions of the present invention and for the understanding of those skilled in the art. Such solutions are not considered to be known to the person skilled in the art merely because they have been set forth in the background section of the invention.
Disclosure of Invention
In view of the foregoing problems, an object of embodiments of the present invention is to provide a method and a system for preventing a network from being stolen, which can effectively prevent a wireless password of a router from influencing normal use of a user.
In order to achieve the above object, an embodiment of the present invention provides a network handover prevention wireless routing method, including: appointing a management terminal for a router in advance, wherein the management terminal stores and manages equipment information of a wireless terminal accessed to the router; the method comprises the steps that a wireless terminal sends a connection request to a router, when the wireless terminal is connected to the router after passing the authentication of the router, the router acquires the equipment information of the wireless terminal and sends the acquired equipment information of the wireless terminal to a management terminal; if the equipment information of the wireless terminal is stored in the management terminal, the router starts a service set identifier and a password of an access network corresponding to the equipment information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password; if the equipment information of the wireless terminal is not stored in the management terminal, after the equipment information of the wireless terminal is confirmed, the equipment information of the wireless terminal is stored in the management terminal, and the router generates a service set identifier and a password of a corresponding access network according to the equipment information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password.
Further, the management terminal stores and manages device information of the wireless terminal accessing to the router, including: the management terminal is provided with a device information table used for storing the device information of the wireless terminal accessed to the router; and the management terminal manages the equipment information table and sets the wireless terminal information in the equipment information table to be read only for the router.
Further, the sending, by the wireless terminal, a connection request to a router, and when the wireless terminal is connected to the router after passing authentication of the router, the router acquiring device information of the wireless terminal and sending the acquired device information of the wireless terminal to the management terminal includes: the router broadcasts a service set identifier, and the wireless terminal sends a connection request to the corresponding router after searching the service set identifier, wherein the connection request comprises the equipment information of the wireless terminal and the authentication password of the service set identifier; if the wireless terminal passes the authentication of the router by adopting the authentication password, the wireless terminal is connected to the router, and the router acquires the equipment information of the wireless terminal from the connection request and sends the acquired equipment information of the wireless terminal to the management terminal; the router maintains a routing connection with the wireless terminal but prohibits the wireless terminal from accessing the network.
Further, if the device information of the wireless terminal is already stored in the management terminal, the router obtains a service set identifier and a password of an access network corresponding to the device information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password, including: if the equipment information of the wireless terminal is stored in the management terminal, the wireless terminal has access to a network through the router and has stored a service set identifier and a password of the access network; and the router acquires the stored service set identification and password of the access network and allows the wireless terminal to access the network through the router according to the service set identification and password of the access network.
Further, if the device information of the wireless terminal is not stored in the management terminal, after the device information of the wireless terminal is confirmed, the device information of the wireless terminal is stored in the management terminal, and the router generates a service set identifier and a password of a corresponding access network according to the device information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password, including: if the equipment information of the wireless terminal is not stored in the management terminal, the wireless terminal is a new access wireless terminal which is not accessed to the network through the router, and the management terminal confirms the equipment information of the new access wireless terminal; if the confirmation is not passed, the router does not allow the new access wireless terminal to access the network; if the confirmation is passed, storing the device information of the newly accessed wireless terminal in the management terminal; and the router generates a service set identifier and a password of a corresponding access network according to the equipment information of the new access wireless terminal, so that the new access wireless terminal accesses the network through the router according to the service set identifier and the password of the access network.
Further, the service set identifier and the password of the access network correspond to the device information of the wireless terminal one to one, and cannot be searched by other wireless terminals except the wireless terminal.
In order to achieve the above object, an embodiment of the present invention further provides a network setup prevention wireless routing system, including: the management terminal is used as the management equipment of the router and used for storing and managing the equipment information of the wireless terminal accessed to the router; the router is used for allowing the wireless terminal to be connected to the router after the received connection request of the wireless terminal passes authentication, acquiring the equipment information of the wireless terminal and sending the acquired equipment information of the wireless terminal to the management terminal; if the equipment information of the wireless terminal is stored in the management terminal, starting a service set identifier and a password of an access network corresponding to the equipment information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password; if the equipment information of the wireless terminal is not stored in the management terminal, after the equipment information of the wireless terminal is confirmed, the equipment information of the wireless terminal is stored in the management terminal, and a service set identifier and a password of a corresponding access network are generated according to the equipment information of the wireless terminal; and the wireless terminal is used for accessing the network through the router according to the service set identification and the password of the access network.
In view of the above, the method and system for preventing network from being stolen provided by the embodiment of the present invention pre-designate a management terminal for a router, and when the wireless terminal is authenticated by a password of a service set identifier broadcasted by the router, the wireless terminal can only establish a routing connection with the router and cannot access a network; if the equipment information of the wireless terminal is stored in the management terminal, the router is used for indicating that the wireless terminal has accessed the network through the router and has stored the service set identifier and the password of the accessed network, and the router only needs to open the service set identifier and the password of the accessed network corresponding to the stored equipment information of the wireless terminal to enable the wireless terminal to be accessed to the network; if the device information of the wireless terminal is not stored in the management terminal, it indicates that the wireless terminal does not access the network through the router before, the management terminal needs to confirm the device information of the newly accessed wireless terminal and can store the device information of the newly accessed wireless terminal in the management terminal after the confirmation is passed, the router generates a service set identifier and a password of a corresponding access network according to the device information of the newly accessed wireless terminal, and the wireless terminal can access the network according to the service set identifier and the password subsequently. Therefore, a management terminal is added in the wireless verification of the router, the special information of the terminal equipment is recorded in cooperation with the operation of a user, the terminal is not controlled by the router to be written, and the terminal is not required to be rewritten by a cracking tool; by using the secondary connection, the router generates a corresponding service set identifier and a password by using the special information of the equipment, so that a new connection is established between the wireless router and the equipment and cannot be interfered by a cracking tool; therefore, the influence on the normal use of the user after the wireless password of the router is stolen can be effectively avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a network setup prevention wireless routing method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a network setup prevention wireless routing system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The embodiment of the invention provides a network rubbing prevention wireless routing method. Referring to fig. 1, the method may include the following steps:
step S1: a management terminal is designated in advance for a router, and the management terminal stores and manages device information of a wireless terminal accessing the router.
In this embodiment, compared with the prior art, the router is extended with a function in advance, and the extended function can designate a management terminal for the router, where the management terminal may be a mobile phone, a computer, or the like, and the specific form is not limited.
The management terminal has a device information table for storing device information of the wireless terminal accessing the router. The management terminal also manages the device information table, for example, the wireless terminal information in the device information table is set to be read-only for the router, that is, the router only allows route reading but not writing, and if the router writes the wireless terminal information, confirmation of the management terminal is required.
Step S2: the method comprises the steps that a wireless terminal sends a connection request to a router, when the wireless terminal is connected to the router after passing the authentication of the router, the router acquires the equipment information of the wireless terminal and sends the acquired equipment information of the wireless terminal to a management terminal.
In this embodiment, the device information of the wireless terminal may include unique information such as a MAC address and a PN code. The router broadcasts the service set identifier, the wireless terminal searches the service set identifier and sends a connection request to the corresponding router, and the router can acquire the equipment information of the wireless terminal from the connection request of the wireless terminal.
The Service Set Identifier (SSID) can divide a wireless local area network into several sub-networks requiring different authentication, each sub-network requires independent authentication, and only users who pass the authentication can enter the corresponding sub-network, so that unauthorized users are prevented from entering the wireless local area network.
The router encrypts the service set identifier in advance through a WiFi protected access-pre-shared key (WPA-PSK), and the password is added by the router, wherein the shortest number of the password is 8 characters, and the longest number of the password is 63 characters. The router opens the service set identifier for broadcasting, the wireless terminal searches the service set identifier and inputs the password of the service set identifier, if the authentication is successful, the router can be connected, and if the authentication is failed, the router cannot be connected.
In the prior art, if authentication is successful, a wireless terminal can be connected to a router to surf the internet. However, in this embodiment, even if the authentication is successful, the wireless terminal can only maintain the routing connection with the router, and the router prohibits the wireless terminal from accessing the network, that is, the wireless terminal cannot be connected to the network through the router, and further authentication of the terminal needs to be managed.
Step S3: the management terminal judges whether the received device information of the wireless terminal is already stored locally, if so, the step S4 is performed; if not, go to step S5.
In this embodiment, a management terminal searches for the acquired device information of the wireless terminal in a device information table;
if the device information of the wireless terminal is found, the device information of the wireless terminal is stored in the management terminal;
and if the device information of the wireless terminal is not found, the device information of the wireless terminal is not stored in the management terminal.
Step S4: and if the equipment information of the wireless terminal is stored in the management terminal, the router starts a service set identifier and a password of an access network corresponding to the equipment information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password.
In this embodiment, if the device information of the wireless terminal is already stored in the management terminal, the wireless terminal has already accessed the network through the router and has stored the service set identifier and the password of the access network; and the router acquires the stored service set identification and password of the access network and allows the wireless terminal to access the network through the router according to the service set identification and password of the access network.
Step S5: if the equipment information of the wireless terminal is not stored in the management terminal, after the equipment information of the wireless terminal is confirmed, the equipment information of the wireless terminal is stored in the management terminal, and the router generates a service set identifier and a password of a corresponding access network according to the equipment information of the wireless terminal, so that the wireless terminal accesses the network according to the service set identifier and the password.
In this embodiment, if the device information of the wireless terminal is not stored in the management terminal, the wireless terminal is a new access wireless terminal that does not access the network through the router, and the management terminal confirms the device information of the new access wireless terminal;
if not, notifying a router that the wireless terminal is not allowed to access the network;
if the confirmation is passed, storing the device information of the newly accessed wireless terminal in the management terminal; and the router generates a service set identifier and a password of a corresponding access network according to the equipment information of the new access wireless terminal, so that the new access wireless terminal accesses the network through the router according to the service set identifier and the password of the access network.
The service set identification and the password of the access network correspond to the equipment information of the wireless terminal one by one, and the service set identification and the password cannot be searched by other wireless terminals except the wireless terminal, so that a user cannot worry about network setback. Since the management terminal stores unique information such as MAC address and PN code, there is no fear that other devices have duplication of information.
In addition, when the wireless terminal disconnects the wireless connection, the corresponding generated service set identifier is closed through the router. When the wireless terminal is connected again, the router queries the management terminal according to the special information such as the MAC address and the like to judge whether the equipment is the connected terminal, if so, the router restarts the previous corresponding SSID, the connection is established again, and the network can be normally used.
Please refer to fig. 2. An embodiment of the present invention further provides a network setup prevention wireless routing system, including:
the management terminal is used as the management equipment of the router and used for storing and managing the equipment information of the wireless terminal accessed to the router;
the router is used for allowing the wireless terminal to be connected to the router after the received connection request of the wireless terminal passes authentication, acquiring the equipment information of the wireless terminal and sending the acquired equipment information of the wireless terminal to the management terminal; if the equipment information of the wireless terminal is stored in the management terminal, starting a service set identifier and a password of an access network corresponding to the equipment information of the wireless terminal; if the equipment information of the wireless terminal is not stored in the management terminal, after the equipment information of the wireless terminal is confirmed, the equipment information of the wireless terminal is stored in the management terminal, and a service set identifier and a password of a corresponding access network are generated according to the equipment information of the wireless terminal;
and the wireless terminal is used for accessing the network through the router according to the service set identification and the password of the access network.
Wherein the router is specifically configured to:
broadcasting a service set identifier, and enabling a wireless terminal to send a connection request to a corresponding router after searching the service set identifier, wherein the connection request comprises equipment information of the wireless terminal and an authentication password of the service set identifier; if the wireless terminal passes the authentication by adopting the authentication password, allowing the wireless terminal to be connected to the router, acquiring the equipment information of the wireless terminal from the connection request, and sending the acquired equipment information of the wireless terminal to the management terminal; maintaining a routing connection with the wireless terminal but prohibiting the wireless terminal from accessing the network.
If the equipment information of the wireless terminal is stored in the management terminal, the wireless terminal has access to a network through the router and has stored a service set identifier and a password of the access network; the router acquires the stored service set identification and password of the access network and allows the wireless terminal to access the network through the router according to the service set identification and password of the access network;
if the equipment information of the wireless terminal is not stored in the management terminal, the wireless terminal is a new access wireless terminal which is not accessed to the network through the router, and the management terminal confirms the equipment information of the new access wireless terminal; if the confirmation is not passed, the router does not allow the new access wireless terminal to access the network; if the confirmation is passed, storing the device information of the newly accessed wireless terminal in the management terminal; and the router generates a service set identifier and a password of a corresponding access network according to the equipment information of the new access wireless terminal, so that the new access wireless terminal accesses the network through the router according to the service set identifier and the password of the access network.
The specific technical details of the above-mentioned network-stealing prevention wireless routing system are similar to those of the network-stealing prevention wireless routing method, and therefore detailed descriptions thereof are omitted.
In view of the above, the method and system for preventing network from being stolen provided by the embodiment of the present invention pre-designate a management terminal for a router, and when the wireless terminal is authenticated by a password of a service set identifier broadcasted by the router, the wireless terminal can only establish a routing connection with the router and cannot access a network; if the equipment information of the wireless terminal is stored in the management terminal, the router is used for indicating that the wireless terminal has accessed the network through the router and has stored the service set identifier and the password of the accessed network, and the router only needs to open the service set identifier and the password of the accessed network corresponding to the stored equipment information of the wireless terminal to enable the wireless terminal to be accessed to the network; if the device information of the wireless terminal is not stored in the management terminal, it indicates that the wireless terminal does not access the network through the router before, the management terminal needs to confirm the device information of the newly accessed wireless terminal and can store the device information of the newly accessed wireless terminal in the management terminal after the confirmation is passed, the router generates a service set identifier and a password of a corresponding access network according to the device information of the newly accessed wireless terminal, and the wireless terminal can access the network according to the service set identifier and the password subsequently. Therefore, a management terminal is added in the wireless verification of the router, the special information of the terminal equipment is recorded in cooperation with the operation of a user, the terminal is not controlled by the router to be written, and the terminal is not required to be rewritten by a cracking tool; by using the secondary connection, the router generates a corresponding service set identifier and a password by using the special information of the equipment, so that a new connection is established between the wireless router and the equipment and cannot be interfered by a cracking tool; therefore, the influence on the normal use of the user after the wireless password of the router is stolen can be effectively avoided.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments.
Finally, it should be noted that: the foregoing description of various embodiments of the invention is provided to those skilled in the art for the purpose of illustration. It is not intended to be exhaustive or to limit the invention to a single disclosed embodiment. Various alternatives and modifications of the invention, as described above, will be apparent to those skilled in the art. Thus, while some alternative embodiments have been discussed in detail, other embodiments will be apparent or relatively easy to derive by those of ordinary skill in the art. The present invention is intended to embrace all such alternatives, modifications, and variances which have been discussed herein, and other embodiments which fall within the spirit and scope of the above application.