CN106686590A - Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment - Google Patents

Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment Download PDF

Info

Publication number
CN106686590A
CN106686590A CN201510760449.2A CN201510760449A CN106686590A CN 106686590 A CN106686590 A CN 106686590A CN 201510760449 A CN201510760449 A CN 201510760449A CN 106686590 A CN106686590 A CN 106686590A
Authority
CN
China
Prior art keywords
terminal
control
failure
threshold value
management
Prior art date
Application number
CN201510760449.2A
Other languages
Chinese (zh)
Inventor
廉娟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to CN201510760449.2A priority Critical patent/CN106686590A/en
Publication of CN106686590A publication Critical patent/CN106686590A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Abstract

The invention discloses a controlled terminal identification method, a controlled terminal management method, a controlled terminal identification device, a controlled terminal management device and wireless access point equipment, wherein the number of failures in accessing the wireless access point equipment by the terminal through a password can be obtained. The obtained number of failures is compared with a preset controlled threshold. Whether the terminal is the controlled terminal which requires additional management is determined according to a comparison result. Therefore automatic identification of the controlled terminal can be realized. Furthermore the controlled terminals can be managed according to a preset management rule, thereby preventing right damage of a valid user caused by free accessing into the wireless access point equipment by the controlled terminals. The controlled terminal identification, the controlled terminal management method, the controlled terminal identification device, the controlled terminal management device and the wireless access point equipment have advantages of easy realization, high accuracy, in-time management on the identified illegal terminals, and improving user experience to a certain extent.

Description

Control terminal recognition and management method, device, wireless access point device

Technical field

The present invention relates to the communications field, and in particular to a kind of control terminal recognition and management method, device, nothing Line access point apparatus.

Background technology

With the extensive application and the popularization of wireless network of intelligent terminal, WiFi (Wireless-Fidelity) Increasingly become indispensable environment in people's life, public place, office space and home network device Be increasingly using WLAN (Wireless Local Area Networks) AP (Access Point, wirelessly Access point) technical limit spacing Internet service.And the awareness of safety of corresponding self terminal device of people is also increasingly By force, this requires that WAP can provide safely and effectively key and access service.Some restrictions at present Terminal utilizes some illegal softwares, access key can be got by some technological means, so as to smoothly connect Enter WAP, so as to share network traffics.The situation is all generally deposited in family and commercial wireless access point Greatly loss and risk are being caused to WAP holder.But at present, having no effective method can It is limiting terminal and and then takes it corresponding control automatically identifies which terminal.It is above-mentioned in order to be directed to Problem, can only arrange black and white lists manually currently for WAP, and be manually set in blacklist Terminal will be unable to access, only manually by terminal should from blacklist delete, the access terminal can be realized Access.

For said method, because current limiting terminal many obtains WAP keys using having on network Illegal software, can by software polling attempt get WAP key, so as to illegally be linked into The focus, free use flow;This to this kind of limiting terminal due to having no automatic identifying method at present, because This only realizes that difficulty is big by the mode of manual identification and addition limiting terminal, and hysteresis quality is strong, it is difficult to ensure that wirelessly The rights and interests of access point apparatus, and operating process is loaded down with trivial details.

The content of the invention

The main technical problem to be solved in the present invention is to provide a kind of control terminal recognition and management method, dress Put, wireless access point device, solve existing automatic identification limiting terminal and limiting terminal cannot be carried out automatically The problem of management.

To solve above-mentioned technical problem, the present invention provides a kind of control terminal identification method, including:

Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;

The frequency of failure and default control threshold value are compared, the terminal is judged according to comparative result Whether it is the control terminal for needing management;Wherein described control threshold value is that default terminal attempts password access mistake The number of times for losing.

In an embodiment of the present invention, the control threshold value includes the first control threshold value, the control end End includes suspicious terminal, described to judge whether the terminal is that illegal terminal includes according to comparative result:

Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, judges the terminal For suspicious terminal.

In an embodiment of the present invention, the control threshold value is also included more than the first control threshold value Second control threshold value, the control terminal includes illegal terminal;It is described that the terminal is judged according to comparative result Whether it is that illegal terminal also includes:

The frequency of failure is judged more than after the first control threshold value, continuation obtains the frequency of failure, when When the frequency of failure is more than or equal to the second control threshold value, judge the terminal for illegal terminal.

In an embodiment of the present invention, the frequency of failure is compared with the first control threshold value When, the frequency of failure is in the first preset time period, the terminal attempts password and accesses the secondary of continuous failure Number, or the number of times of terminal trial password access accumulation failure;

When the frequency of failure is compared with the second control threshold value, the frequency of failure is second pre- If in the time period, the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and is connect Enter the number of times of accumulation failure;Second preset time period is more than or equal to first preset time period.

In an embodiment of the present invention, the frequency of failure is that the terminal attempts the continuous mistake of password access The number of times for losing, or the number of times of terminal trial password access accumulation failure.

In order to solve the above problems, present invention also offers a kind of illegal terminal management method, including:

Connect using the current password of attempting of control terminal identification method identification as described in any one of claim 1-5 Enter the control terminal of wireless access point device;

When control terminal has been identified, to the control terminal that identifies according to default management rule at Reason.

In an embodiment of the present invention, when the control terminal for identifying is suspicious terminal, to the pipe Terminal processed carries out process according to default management rule to be included:

The suspicious terminal is added in gray list, and to the terminal in the gray list using the first management rule Then it is managed.

In an embodiment of the present invention, first management rule includes:

The suspicious terminal in the gray list is forbidden to access the wireless access point device, or in the gray list In suspicious terminal access the flow and/or connection that the suspicious terminal is limited after the wireless access point device Duration.

In an embodiment of the present invention, first management rule also includes:

Suspicious terminal in the gray list proceeds monitoring, when monitoring the continuous n times of the suspicious terminal Input proper password or when being input into proper password accumulative M time, the suspicious terminal is changed the original sentence to as legal terminal, from The suspicious terminal is deleted in the gray list;The N is more than or equal to 2, less than or equal to 5;The M is more than Equal to 2, less than or equal to 10.

In an embodiment of the present invention, when the control terminal for identifying is illegal terminal, to the pipe Terminal processed carries out process according to default management rule to be included:

The illegal terminal is added in blacklist, and second pipe is adopted to the illegal terminal in the blacklist Reason rule is managed.

In an embodiment of the present invention, second management rule includes:In forbidding the blacklist Illegal terminal accesses the wireless access point device.

In order to solve the above problems, present invention also offers a kind of control terminal identification means, including:

Statistical module, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;

Processing module, for the frequency of failure and default control threshold value to be compared, according to comparing knot Fruit judges whether the terminal is control terminal;Wherein described control threshold value is that default terminal trial password connects Enter the number of times of failure.

In an embodiment of the present invention, the processing module includes the first judging submodule, the control Threshold value includes the first control threshold value, and the control terminal includes suspicious terminal;

Whether first judging submodule is used to judge the frequency of failure more than or equal to the first control threshold Value, in this way, judges that the terminal is suspicious terminal.

In an embodiment of the present invention, the processing module also includes the second judging submodule, the pipe Threshold value processed also includes the second control threshold value more than the first control threshold value, and the control terminal includes illegal Terminal;

Whether second judging submodule is used to judge the frequency of failure more than or equal to the second control threshold Value, in this way, judges the terminal for illegal terminal.

In order to solve the above problems, present invention also offers a kind of control terminal management apparatus, including obtain mould Block and management module;

The acquisition module is used to obtain the control terminal identification means as described in any one of claim 12-14 The current trial password for identifying accesses the control terminal of wireless access point device;

The management module is used to enter the control terminal that the acquisition module is obtained according to default management rule Row is processed.

In an embodiment of the present invention, the management module includes the first management submodule, for working as State control terminal for suspicious terminal when, the terminal is added in gray list, and to the end in the gray list End is managed using the first management rule.

In an embodiment of the present invention, the management module includes the second management submodule, for working as State control terminal for illegal terminal when, the terminal is added in blacklist, and to the end in the blacklist End is managed using the second management rule.

In order to solve the above problems, present invention also offers a kind of wireless access point device, including it is as described above Control terminal identification means and control terminal management apparatus as above;The control terminal identification means For from identification of illegal terminal in the current terminal for attempting the password access wireless access point device;

The control terminal management apparatus are used for the control terminal root identified to the control terminal identification means Processed according to default management rule.

The invention has the beneficial effects as follows:

Control terminal recognition and management method, device, wireless access point device that the present invention is provided, can pass through Acquisition terminal attempts the frequency of failure that password accesses wireless access point device, according to the frequency of failure for obtaining and in advance If control threshold value be compared, judge that whether terminal is the pipe that needs additionally to be managed according to comparative result Terminal processed, therefore the automatic identification of control terminal can be realized;And then can be according to default management rule to this Class control terminal is managed, it is to avoid control free terminal accesses wireless access point device infringement validated user power Benefit.And the above-mentioned control terminal recognition and Managed Solution of present invention offer realizes simple, accuracy rate height and energy In time the limiting terminal to identifying is managed, and can largely lift the satisfaction of Consumer's Experience.

Description of the drawings

Fig. 1 is the control terminal identification method schematic flow sheet that the embodiment of the present invention one is provided;

Fig. 2 is the limiting terminal management method schematic flow sheet that the embodiment of the present invention one is provided;

Fig. 3 is the control terminal identification means structural representation that the embodiment of the present invention two is provided;

Fig. 4 is the structural representation of processing module in Fig. 3;

Fig. 5 is the limiting terminal managing device structural representation that the embodiment of the present invention two is provided;

Fig. 6 is the structural representation of management module in Fig. 5;

Fig. 7 is the limiting terminal management method schematic flow sheet that the embodiment of the present invention three is provided.

Specific embodiment

The present invention can pass through to obtain the frequency of failure that terminal trial password accesses wireless access point device automatically, root The control terminal being additionally managed is recognized the need for according to the frequency of failure for obtaining, and then according to default management Rule is managed to this kind of control terminal, lifts the cut-in quality and safety of legal terminal, prevents this kind of pipe Terminal processed (namely above-mentioned trial password access failure number of times is more than or equal to default certain number of times, namely control This Terminal Type of threshold value) freely use flow and information sharing.And the scheme that provides of the present invention realize it is simple, Accuracy rate is high, promptness is good, can greatly promote the satisfaction of Consumer's Experience.Below by specific embodiment The present invention is described in further detail with reference to accompanying drawing.

Embodiment one:

In the present embodiment, include two stages to the process of limiting terminal, first stage is i.e. to wirelessly connecing Enter the control terminal that point device initiates to identify a need for managing in the terminal for connecting;Second stage is The control terminal identified to first stage is managed.Separately below example is carried out to the above-mentioned two stage Explanation.

Shown in Figure 1, the process of the control terminal identification method provided in the present embodiment includes:

Step 101:Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;

Step 102:By obtain the terminal the frequency of failure and default control threshold value be compared, according to than Relatively result determines whether the terminal is control terminal.

Namely the present embodiment Fig. 1 is provided and is attempted the failure that password is accessed to wireless access point device according to terminal It is the limiting terminal for needing additional management which terminal number of times automatically identifies, and has filled up how automatic identification is limited The technological gap of terminal processed;And the program realizes simple, recognition accuracy height, takes resource few.

In the present embodiment, it can be assumed that every frequency of failure is all more than or equal to the terminal of default control threshold value Limiting terminal.But in order to lift accuracy and the flexibility of management, the present embodiment can also enter to limiting terminal Row further classification, for example, can be divided into suspicious end to limiting terminal according to the frequency of failure situation of its trial connection End and illegal terminal;Wherein suspicious terminal to attempt and can have failed the terminal of certain number of times with qualitative, but should The frequency of failure is also not enough to regard as constituting malicious intrusions, but has the suspicion of malicious intrusions connection;Illegal terminal The terminal that attempt and have failed more number of times is then referred to, and the frequency of failure be enough to regard as constituting malicious intrusions. It is the first control threshold value that suspicious terminal setup failed number of times decision threshold is directed in the present embodiment, and correspondence is illegal eventually End setup failed number of times decision threshold is the second control threshold value;Generally the second control threshold value is more than first Control threshold value, now, by the frequency of failure and default control threshold of the terminal for obtaining in above-mentioned steps 102 The process that value is compared includes:

First the terminal frequency of failure of acquisition can be compared with the first control threshold value, such as larger than equal to first pipe Threshold value processed, then judge that the terminal is suspicious terminal;

After judging the terminal for suspicious terminal, continue the frequency of failure for obtaining the terminal, and the mistake that will be obtained Lose number of times to be compared with the second control threshold value, when the frequency of failure is more than or equal to the second control threshold value, then sentence The fixed terminal is illegal terminal.

In the present embodiment, obtaining the mode of the terminal frequency of failure can adopt following any-mode:

Mode one:The frequency of failure is that terminal attempts the number of times that password accesses continuous failure, or terminal attempts password Access the number of times of accumulation failure;This mode can time-out, acquisition be terminal the history frequency of failure; For example when the frequency of failure is that terminal attempts the number of times of the continuous failure of password access, corresponding first control threshold value May be configured as 10 times, corresponding second control threshold value may be configured as 30 times or 35 times etc.;For example fail again When number of times is that terminal attempts the number of times of password access accumulation failure, corresponding first control threshold value may be configured as 15 Or 20 times, corresponding second control threshold value may be configured as 40 times or 50 times etc.;Namely in the present embodiment respectively The concrete value of threshold value can flexibly select to arrange according to current practical application scene.

Mode two:When whether judge terminal be suspicious terminal, the frequency of failure of acquisition is the first preset time period Interior, terminal attempts the number of times that password accesses continuous failure, or terminal attempts the number of times that password accesses accumulation failure;

When judging terminal for illegal terminal, the frequency of failure of acquisition is that in the second preset time period, terminal is attempted Password accesses the number of times of continuous failure, or terminal attempts the number of times that password accesses accumulation failure;Second it is default when Between section be more than the first preset time period.

For example, it may be judged whether when being suspicious terminal, obtaining within 10 seconds this time periods of the first preset time period Whether terminal attempts password and accesses the number of times of continuous failure existing more than or equal to the first control threshold value 10 times, or acquisition Terminal attempts password and whether accesses the number of times of accumulative failure more than or equal to the first control threshold in 10 seconds this time periods Value 20 times;When whether judge terminal be illegal terminal, obtain the first preset time period 15 or 20 seconds this Terminal attempts password and accesses the number of times of continuous failure whether be more than or equal to the second control threshold value 30 times in time period, Or whether acquisition number of times of the accumulative failure of terminal trial password access within 15 or 20 seconds this time periods is more than Equal to the second control threshold value 35 times.

It should be appreciated that the first preset time period in the present embodiment also can with second then the time period it is equal. It is then now to be taken at the more terminal of the frequency of failure in same time period for illegal terminal.

In the present embodiment, for the terminal being judged in illegal terminal, then no longer changed the original sentence to automatically, removed Non-administrator or user are changed the original sentence to it manually;And for the terminal of suspicious terminal is judged to, then can basis Certain rule of changing the original sentence to is changed the original sentence to as legal terminal, so can increase limiting terminal control flexibility and Accuracy, it is to avoid erroneous judgement causes terminal to be judged to the situation of limiting terminal.For example, this is changed the original sentence to rule and specifically may be used For:

It should be appreciated that the rule of changing the original sentence in the present embodiment is not limited to above-mentioned rule, for example also dependent on The instruction that keeper or user issue is changed the original sentence to accordingly.

Got after limiting terminal by said process, you can according to default management rule to corresponding restriction Terminal is processed.The process is shown in Figure 2, including:

Step 201:The current restriction end for attempting password access wireless access point device is identified by said method End;

Step 202:Limiting terminal to identifying is processed according to default management rule.

In the present embodiment, when not being classified to limiting terminal, then for all limiting terminals can be using system One management rule is processed, for example, directly all add blacklist, and forbids connection WAP to set It is standby.But the present embodiment can adopt above-mentioned differentiated control to further lift accurately determining and flexibility for management Mode, limiting terminal is divided into suspicious terminal and illegal terminal, wherein:

When the terminal for identifying be suspicious terminal when, to the limiting terminal according to default management rule at Reason includes:The suspicious terminal is added in gray list, and to gray list in suspicious terminal manage using first Rule is managed.

When the terminal for identifying be illegal terminal when, to the limiting terminal according to default management rule at Reason includes:Illegal terminal is added in blacklist, and to the illegal terminal in blacklist using the second management rule Then it is managed.

Terminal is added in gray list and blacklist in the present embodiment specifically can be believed by the unique identification by terminal Breath is added in gray list and blacklist, for example, the MAC Address of terminal is added in gray list and blacklist.

The first management rule in the present embodiment includes:The suspicious terminal in gray list is forbidden to access wireless access Point device, or the suspicious terminal in gray list is when being linked into wireless access point device, limits the suspicious terminal Flow and/or connection duration.

The second management rule in the present embodiment includes:The illegal terminal in blacklist is forbidden to access wireless access Point device;Because impact of the illegal terminal to user than larger, therefore can directly forbid it to access.Certainly, According to concrete application scene, can be accessed using its is not prohibited by similar first management rule, but be connect at it Its flow and/or connection duration are limited after entering, can be limited by the way of more strict.

In addition, the first management rule in the present embodiment may also include to gray list in suspicious terminal continue into Row monitoring, when monitoring the continuous n times input proper password of the suspicious terminal or be input into proper password accumulative M time When, the suspicious terminal is changed the original sentence to as legal terminal, the suspicious terminal is deleted from gray list;The present embodiment The value of middle N and M can go in theory any one value more than or equal to 2, for example, can set N and be more than Equal to 2, less than or equal to 5, specifically such as N is equal to 2,3 or 5;M is for example set again is more than or equal to 2, Less than or equal to 10, specifically such as N is equal to 2,3,5,8 or 10.By the way can be by suspicious end After end is deleted from gray list, allow for the terminal and normally access.

In the present embodiment, when the terminal for being judged as suspicious terminal or illegal terminal is sent out to wireless access point device When playing connection, can also notify that it is judged as suspicious terminal or non-to the corresponding notification message of the terminal feedback Method terminal, forbids its connection or accesses immediately also limit its flow and/or connection duration.For example, can adopt 802.11 frames notify, the type field of frame head (Mac header), the Subtype values 0000 of management frame~ 1001 is Reserved, at present and is not used, and in the present embodiment, the reserved field be used to carry mark Information;For identification information, arrange but be not limited to 0000,0001 and represent user's gray list respectively and user is black List, if it is 0000 to detect control frame identification information, for informing that terminal at present received by the terminal In entering gray list, forbid its connection or access immediately also limit its flow and/or connection duration;If detecting Beacon information in control frame is 0001, for informing that at present the terminal has been included into blacklist terminal, It is forbidden to connect.

Embodiment two:

A kind of control terminal identification means are present embodiments provided, shown in Figure 3, it includes:

Statistical module 31, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;

Processing module 32, the frequency of failure and default control threshold value for statistical module 31 to be obtained is compared Compared with judging whether terminal is limiting terminal according to comparative result.

In the present embodiment, it can be assumed that every frequency of failure is all more than or equal to the terminal of default control threshold value Limiting terminal.But in order to lift accuracy and the flexibility of management, the present embodiment can also enter to limiting terminal Row further classification, for example, can be divided into suspicious end to limiting terminal according to the frequency of failure situation of its trial connection End and illegal terminal.Now, shown in Figure 4, the processing module 32 in the present embodiment is sentenced including first Disconnected submodule 321, control threshold value includes the first control threshold value;

Whether the first judging submodule 321 is used to judge the frequency of failure of the terminal for obtaining more than or equal to first pipe Threshold value processed, in this way, judges terminal as suspicious terminal.

Processing module 32 also includes the second judging submodule 322, and control threshold value is also included more than the first control threshold Second control threshold value of value;

Whether the second judging submodule 322 is used to judge the frequency of failure of the terminal for obtaining more than or equal to second pipe Threshold value processed, in this way, judges that terminal is illegal terminal.

In the present embodiment, statistical module 31 obtains the mode of the terminal frequency of failure and can adopt following any-mode:

Mode one:The frequency of failure is that terminal attempts the number of times that password accesses continuous failure, or terminal attempts password Access the number of times of accumulation failure;This mode can time-out, statistical module 31 obtain is terminal history The frequency of failure;For example when the frequency of failure is that terminal attempts password and accesses the number of times of continuous failure, corresponding the One control threshold value may be configured as 10 times, and corresponding second control threshold value may be configured as 30 times or 35 times etc.; When again such as frequency of failure is that terminal attempts the number of times of password access accumulation failure, corresponding first control threshold value May be configured as 15 or 20 times, corresponding second control threshold value may be configured as 40 times or 50 times etc.;Namely The concrete value of each threshold value can flexibly select to arrange according to current practical application scene in the present embodiment.

Mode two:When whether judge terminal be suspicious terminal, the frequency of failure that statistical module 31 is obtained is first In preset time period, terminal attempts the number of times that password accesses continuous failure, or terminal attempts password and accesses accumulation The number of times of failure;

When judging terminal for illegal terminal, statistical module 31 obtain the frequency of failure be the second preset time period in, Terminal attempts the number of times that password accesses continuous failure, or terminal attempts the number of times that password accesses accumulation failure;The Two preset time periods are more than the first preset time period.

For example, it may be judged whether when being suspicious terminal, obtaining within 10 seconds this time periods of the first preset time period Whether terminal attempts password and accesses the number of times of continuous failure existing more than or equal to the first control threshold value 10 times, or acquisition Terminal attempts password and whether accesses the number of times of accumulative failure more than or equal to the first control threshold in 10 seconds this time periods Value 20 times;When whether judge terminal be illegal terminal, obtain the first preset time period 15 or 20 seconds this Terminal attempts password and accesses the number of times of continuous failure whether be more than or equal to the second control threshold value 30 times in time period, Or whether acquisition number of times of the accumulative failure of terminal trial password access within 15 or 20 seconds this time periods is more than Equal to the second control threshold value 35 times.

It should be appreciated that the first preset time period in the present embodiment also can with second then the time period it is equal. It is then now to be taken at the more terminal of the frequency of failure in same time period for illegal terminal.

Shown in Figure 5, the present embodiment additionally provides a kind of limiting terminal managing device, including obtains mould Block 61 and management module 62;

Acquisition module 61 is used to obtain current trial password by control terminal identification means as shown in Figure 3-4 Access the limiting terminal in the terminal of wireless access point device;

Management module 62 is used to carry out the limiting terminal that acquisition module 61 is obtained according to default management rule Process.

Shown in Figure 6, the management module 62 in the present embodiment includes the first management submodule 621 and ash List arranges submodule 622.Gray list setup module 622 is used to arrange gray list, including arranges in gray list Allow the rules such as the maximum number of terminals of storage;First management submodule 621 is used to work as control terminal identification means When the terminal for identifying is suspicious terminal, the terminal is added in gray list, and the terminal in gray list is adopted It is managed with the first management rule;

Management module 62 also includes that the second management submodule 623 and blacklist arrange submodule 624.Blacklist Arranging submodule 624 is used to arrange blacklist, including arranges maximum number of terminals for allowing to store in blacklist etc. Rule;The terminal that second management submodule 623 is used to be identified when control terminal identification means is illegal terminal When, the terminal is added in blacklist, and the terminal in blacklist is managed using the second management rule.

The first management rule in the present embodiment includes:The suspicious terminal in gray list is forbidden to access wireless access Point device, or the suspicious terminal in gray list is when being linked into wireless access point device, limits the stream of the terminal Amount and/or connection duration.The first management rule in the present embodiment may also include for gray list in suspicious end End proceeds monitoring, when monitoring the continuous n times input proper password of the suspicious terminal or be input into for accumulative M time During proper password, the suspicious terminal is changed the original sentence to as legal terminal, the suspicious terminal is deleted from gray list; The value of N and M can go in theory any one value more than or equal to 2 in the present embodiment.

The second management rule in the present embodiment includes:Forbid the terminal in blacklist to access WAP to set It is standby;Because impact of the illegal terminal to user than larger, therefore can directly forbid it to access.Certainly, root According to concrete application scene, can be accessed using its is not prohibited by similar first management rule, but in its access After limit its flow and/or connection duration, can be limited by the way of more strict.

It should be appreciated that the above-mentioned control terminal identification means of the present embodiment and limiting terminal managing device can To be arranged on any wireless access point device so that wireless access point device can be known by the control terminal Other device is attempted identifying limiting terminal in the terminal that password is accessed from current, and is managed by the limiting terminal Device is processed the limiting terminal for identifying according to above-mentioned management rule.Limiting terminal malice loiter network is placed, The network security of legal terminal is effectively ensured.

Embodiment three:

In order to be better understood from the present invention, illustrate for example with reference to a specific application scenarios.

It is assumed to be wireless access point device and gray list, blacklist and right is set in the way of in embodiment one Corresponding management rule, and limiting terminal is managed according to the mode in embodiment one;And gray list and What is stored in blacklist is the MAC Address of limiting terminal, obtains the terminal frequency of failure continuous using terminal is obtained As a example by the frequency of failure.When wireless access point device restarting, when having terminal to attempt accessing, its management process It is shown in Figure 7, including:

Step 801:Wireless access point device starts;

Step 802:Judge it is current attempt terminal that password accesses whether in gray list, in this way, go to step Rapid 809;It is such as no, go to step 803;

Step 803:Judge it is current attempt terminal that password accesses whether in blacklist, in this way, go to step Rapid 812;Otherwise, step 804 is gone to:

Step 804:Obtain the terminal to continually attempt to access the frequency of failure of wireless access point device;

Step 805:Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, goes to step 806; Otherwise, step 813 is gone to;

Step 806:The MAC Address of the terminal is added in gray list;

Step 807:Continue to obtain the frequency of failure that the terminal continually attempts to access wireless access point device;

Step 808:As the frequency of failure is more than or equal to the second control threshold value, its MAC Address is added in blacklist.

Step 809:Monitor correct number of times and the frequency of failure that the terminal continuously input password;

Step 810:Whether correct judgment number of times in this way, goes to step 811 more than or equal to default N values;It is no Then, step 807 is gone to;

Step 811:The MAC Address of the terminal is deleted from gray list, it is allowed to its access.

Step 812:Sending notice to terminal forbids it to access wireless access point device.

Step 813:Terminal is allowed normally to access wireless access point device.

It can be seen that, the number of times that can pass through record terminal trial access failure of the invention is by different terminal storages to not In same list, and it is managed using corresponding management rule, the access of malice loiter network terminal can be prevented, The network security of legal terminal can be effectively ensured.

Above content is to combine specific embodiment further description made for the present invention, it is impossible to recognized Being embodied as of the fixed present invention is confined to these explanations.For the ordinary skill of the technical field of the invention For personnel, without departing from the inventive concept of the premise, some simple deduction or replace can also be made, Protection scope of the present invention should be all considered as belonging to.

Claims (18)

1. a kind of control terminal identification method, it is characterised in that include:
Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;
The frequency of failure and default control threshold value are compared, the terminal is judged according to comparative result Whether it is the control terminal for needing management;Wherein described control threshold value is that default terminal attempts password access mistake The number of times for losing.
2. control terminal identification method as claimed in claim 1, it is characterised in that the control threshold value Including the first control threshold value, the control terminal includes suspicious terminal, described according to comparative result judges Whether terminal is that illegal terminal includes:
Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, judges the terminal For suspicious terminal.
3. control terminal identification method as claimed in claim 2, it is characterised in that the control threshold value Also include the second control threshold value more than the first control threshold value, the control terminal includes illegal terminal; It is described to judge whether the terminal is that illegal terminal also includes according to comparative result:
The frequency of failure is judged more than after the first control threshold value, continuation obtains the frequency of failure, when When the frequency of failure is more than or equal to the second control threshold value, judge the terminal for illegal terminal.
4. control terminal identification method as claimed in claim 3, it is characterised in that by the failure time Number is with the first control threshold value when being compared, and the frequency of failure is in the first preset time period, described Terminal attempts the number of times that password accesses continuous failure, or the terminal attempts the number of times that password accesses accumulation failure;
When the frequency of failure is compared with the second control threshold value, the frequency of failure is second pre- If in the time period, the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and is connect Enter the number of times of accumulation failure;Second preset time period is more than or equal to first preset time period.
5. the control terminal identification method as described in any one of claim 1-3, it is characterised in that described The frequency of failure is that the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and accessed The number of times of accumulation failure.
6. a kind of illegal terminal management method, it is characterised in that include:
Connect using the current password of attempting of control terminal identification method identification as described in any one of claim 1-5 Enter the control terminal of wireless access point device;
When control terminal has been identified, to the control terminal that identifies according to default management rule at Reason.
7. illegal terminal processing method as claimed in claim 6, it is characterised in that when the pipe for identifying When terminal processed is suspicious terminal, carrying out process according to default management rule to the control terminal includes:
The suspicious terminal is added in gray list, and to the terminal in the gray list using the first management rule Then it is managed.
8. illegal terminal processing method as claimed in claim 7, it is characterised in that first management Rule includes:
The suspicious terminal in the gray list is forbidden to access the wireless access point device, or in the gray list Suspicious terminal when accessing flow and/or connection that the suspicious terminal is limited after the wireless access point device It is long.
9. illegal terminal processing method as claimed in claim 8, it is characterised in that the first pipe Reason rule also includes:
Suspicious terminal in the gray list proceeds monitoring, when monitoring the continuous n times of the suspicious terminal Input proper password or when being input into proper password accumulative M time, the suspicious terminal is changed the original sentence to as legal terminal, from The suspicious terminal is deleted in the gray list;The N is more than or equal to 2, less than or equal to 5;The M is more than Equal to 2, less than or equal to 10.
10. the illegal terminal processing method as described in any one of claim 6-9, it is characterised in that work as knowledge When the control terminal not gone out is illegal terminal, the control terminal is processed according to default management rule Including:
The illegal terminal is added in blacklist, and second pipe is adopted to the illegal terminal in the blacklist Reason rule is managed.
11. illegal terminal processing methods as claimed in claim 10, it is characterised in that the second pipe Reason rule includes:The illegal terminal in the blacklist is forbidden to access the wireless access point device.
12. a kind of control terminal identification means, it is characterised in that include:
Statistical module, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;
Processing module, for the frequency of failure and default control threshold value to be compared, according to comparing knot Fruit judges whether the terminal is control terminal;Wherein described control threshold value is that default terminal trial password connects Enter the number of times of failure.
13. control terminal identification means as claimed in claim 12, it is characterised in that the process mould Block includes the first judging submodule, and the control threshold value includes the first control threshold value, and the control terminal includes Suspicious terminal;
Whether first judging submodule is used to judge the frequency of failure more than or equal to the first control threshold Value, in this way, judges that the terminal is suspicious terminal.
14. control terminal identification means as claimed in claim 13, it is characterised in that the process mould Block also includes the second judging submodule, and the control threshold value also includes second more than the first control threshold value Control threshold value, the control terminal includes illegal terminal;
Whether second judging submodule is used to judge the frequency of failure more than or equal to the second control threshold Value, in this way, judges the terminal for illegal terminal.
15. a kind of control terminal management apparatus, it is characterised in that including acquisition module and management module;
The acquisition module is used to obtain the control terminal identification means as described in any one of claim 12-14 The current trial password for identifying accesses the control terminal of wireless access point device;
The management module is used to enter the control terminal that the acquisition module is obtained according to default management rule Row is processed.
16. control terminal management apparatus as claimed in claim 15, it is characterised in that the management mould Block includes the first management submodule, for when the control terminal is suspicious terminal, the terminal being added In gray list, and the terminal in the gray list is managed using the first management rule.
The 17. control terminal management apparatus as described in claim 15 or 16, it is characterised in that the pipe Reason module includes the second management submodule, for when the control terminal is illegal terminal, by the terminal In adding blacklist, and the terminal in the blacklist is managed using the second management rule.
18. a kind of wireless access point devices, it is characterised in that include such as any one of claim 12-14 institute The control terminal identification means stated and the control terminal management apparatus as described in any one of claim 15-17; The control terminal identification means are used to from current attempt in the terminal that password accesses the wireless access point device Identification of illegal terminal;
The control terminal management apparatus are used for the control terminal root identified to the control terminal identification means Processed according to default management rule.
CN201510760449.2A 2015-11-10 2015-11-10 Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment CN106686590A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510760449.2A CN106686590A (en) 2015-11-10 2015-11-10 Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510760449.2A CN106686590A (en) 2015-11-10 2015-11-10 Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment
PCT/CN2016/074369 WO2016184208A1 (en) 2015-11-10 2016-02-23 Limited terminal identification and processing method, apparatus, and wireless access point device

Publications (1)

Publication Number Publication Date
CN106686590A true CN106686590A (en) 2017-05-17

Family

ID=57319383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510760449.2A CN106686590A (en) 2015-11-10 2015-11-10 Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment

Country Status (2)

Country Link
CN (1) CN106686590A (en)
WO (1) WO2016184208A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141259A (en) * 2007-10-22 2008-03-12 杭州华三通信技术有限公司 Method and device of access point equipment for preventing error access
CN101340387A (en) * 2008-08-12 2009-01-07 华为技术有限公司 Method and apparatus for control forwarding data packets
CN101645817A (en) * 2008-08-05 2010-02-10 中兴通讯股份有限公司 Wireless network access system and method thereof for preventing illegal user from malicious access
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN103249040A (en) * 2012-02-08 2013-08-14 华为终端有限公司 Method and device for wireless access authentication
US8713626B2 (en) * 2003-10-16 2014-04-29 Cisco Technology, Inc. Network client validation of network management frames
CN104333863A (en) * 2014-10-20 2015-02-04 小米科技有限责任公司 Connection management method, device and electronic equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8713626B2 (en) * 2003-10-16 2014-04-29 Cisco Technology, Inc. Network client validation of network management frames
CN101141259A (en) * 2007-10-22 2008-03-12 杭州华三通信技术有限公司 Method and device of access point equipment for preventing error access
CN101645817A (en) * 2008-08-05 2010-02-10 中兴通讯股份有限公司 Wireless network access system and method thereof for preventing illegal user from malicious access
CN101340387A (en) * 2008-08-12 2009-01-07 华为技术有限公司 Method and apparatus for control forwarding data packets
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN103249040A (en) * 2012-02-08 2013-08-14 华为终端有限公司 Method and device for wireless access authentication
CN104333863A (en) * 2014-10-20 2015-02-04 小米科技有限责任公司 Connection management method, device and electronic equipment

Also Published As

Publication number Publication date
WO2016184208A1 (en) 2016-11-24

Similar Documents

Publication Publication Date Title
US9749337B2 (en) System and apparatus for rogue VoIP phone detection and managing VoIP phone mobility
US20180324182A1 (en) Network access control method and apparatus
US20160323747A1 (en) Method for adapting the security settings of a communication station, communication station and identification module
JP6599341B2 (en) Method, device and system for dynamic network access management
US9420461B2 (en) Access authentication method and device for wireless local area network hotspot
US6919790B2 (en) Control system and method for controlling system
US8868034B2 (en) Secure wireless device area network of a cellular system
US8924488B2 (en) Employing report ratios for intelligent mobile messaging classification and anti-spam defense
US7316031B2 (en) System and method for remotely monitoring wireless networks
CN102612112B (en) A kind of terminal access method and device
US8769639B2 (en) History-based downgraded network identification
ES2338647T3 (en) System and method for detecting not authorized wireless access points.
CN105120080A (en) Anti-addiction control method and system of mobile terminal, and mobile terminal
EP1908235B1 (en) Rogue ap roaming prevention
EP3439371A1 (en) Method and apparatus for determining access point service capabilities
RU2526754C2 (en) System and method for selecting mobile device control functions
KR101788495B1 (en) Security gateway for a regional/home network
WO2013166999A1 (en) Communications terminal and system and rights management method
CN102480729B (en) Method and the access point of fake user is prevented in wireless access network
CN101166133B (en) Location limit method and system for home base station
KR100920281B1 (en) Communication device, communication system, and communication method
US9485659B2 (en) Method and apparatus for monitoring network device
US8424072B2 (en) Behavior-based security system
US7340768B2 (en) System and method for wireless local area network monitoring and intrusion detection
RU2622876C2 (en) Method, device and electronic device for connection control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination