CN106714155A - Method and device for monitoring access terminal - Google Patents

Method and device for monitoring access terminal Download PDF

Info

Publication number
CN106714155A
CN106714155A CN201611027266.0A CN201611027266A CN106714155A CN 106714155 A CN106714155 A CN 106714155A CN 201611027266 A CN201611027266 A CN 201611027266A CN 106714155 A CN106714155 A CN 106714155A
Authority
CN
China
Prior art keywords
incoming end
security
level
user
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611027266.0A
Other languages
Chinese (zh)
Inventor
罗涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Gotech Intelligent Technology Co Ltd
Original Assignee
Zhuhai Gotech Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Gotech Intelligent Technology Co Ltd filed Critical Zhuhai Gotech Intelligent Technology Co Ltd
Priority to CN201611027266.0A priority Critical patent/CN106714155A/en
Publication of CN106714155A publication Critical patent/CN106714155A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method and device for monitoring an access terminal. The method comprises the steps of when acquiring an access request of the access terminal, acquiring user features input by a user on the access terminal; according to the user features, determining whether a safety level corresponding to the user is lower than a preset safety level; if yes, refusing access of the access terminal; or, allowing access of the access terminal. Namely, in the accessing process of the access terminal, confirmation of the safety level is carried out on the access terminal, so that the access terminal can be further confirmed on the basis of a password, and safety of the access terminal and a WIFI AP (Access Point) is promoted.

Description

The monitoring method and device of a kind of incoming end
Technical field
The application is related to communication technical field, more particularly to a kind of incoming end monitoring method and device.
Background technology
WIFI access points (English:Access Point, referred to as:AP) important composition portion of the product currently as the logical field of number Point, as the important supplement and composition of various Netcom's products.
Currently, many products are loaded with WIFI AP, because WIFI AP products are increasingly popularized, as the discrepancy of data Mouthful, security is an important appraisal standards.
But, current WIFI AP are but that comparing is delayed in secure context, typically all set one simply by access point Password realize security protection so that the current illegal access for being directed to WIFI network, invasion, control etc. are more and more.
The content of the invention
The monitoring method and device of a kind of incoming end are the embodiment of the invention provides, is used to solve WIFI in the prior art The relatively low problem of AP Access Control securities.
Its specific technical scheme is as follows:
A kind of monitoring method of incoming end, methods described includes:
When the access request of incoming end is got, the user characteristics that user is input on the incoming end is obtained;
According to the user characteristics, determine the corresponding level of security of the user whether less than preset security rank;
Even if if so, Password Input is correct, will all refuse the incoming end and access, and be alerted;
If it is not, in the case of password is correct, then allowing the incoming end to access.
Optionally, after allowing the incoming end to access, methods described also includes:
According to predetermined period, the operation note of the incoming end is periodically gathered;
Judge whether the operation note meets pre-conditioned;
If so, the incoming end then is reduced into the second level of security from the first level of security;
If it is not, then maintaining first level of security of the incoming end.
Optionally, after the incoming end is reduced into the second level of security from the first level of security, methods described is also Including:
According to the corresponding relation between level of security and user right, determine that second level of security corresponding second is used Family authority;
The incoming end is adjusted to second user authority from first user authority.
Optionally, after the incoming end is reduced into the second level of security from the first level of security, methods described is also Including:
Judge second level of security whether less than the preset security rank;
If so, then disconnecting the connection with the incoming end, and alerted;
If it is not, then maintaining to be connected with the incoming end.
Optionally, after the connection with the incoming end is disconnected, methods described also includes:
Generate the prompt message for pointing out the incoming end to be illegal incoming end;
The prompt message is sent to specified user terminal.
A kind of monitoring device of incoming end, including:
Acquisition module, for when the access request of incoming end is got, obtaining what user was input on the incoming end User characteristics;
Processing module, for according to the user characteristics, determining the corresponding level of security of the user whether less than default Level of security;If so, then refuse the incoming end accessing;If it is not, then allowing the incoming end to access.
Optionally, the acquisition module, is additionally operable to periodically be gathered according to predetermined period the operation note of the incoming end Record;
The processing module, is additionally operable to judge whether the operation note meets pre-conditioned;If so, then by the access End is reduced to the second level of security from the first level of security;If it is not, then maintaining first level of security of the incoming end.
Optionally, the processing module, is additionally operable to, according to the corresponding relation between level of security and user right, determine institute State the corresponding second user authority of the second level of security;The incoming end is adjusted to second user power from first user authority Limit.
Optionally, whether the processing module, be additionally operable to judge second level of security less than preset security level Not;If so, then disconnecting the connection with the incoming end;If it is not, then maintaining to be connected with the incoming end.
Optionally, the processing module, is additionally operable to generation for pointing out the prompting that the incoming end is illegal incoming end to believe Breath;The prompt message is sent to specified user terminal.
The method provided by technical solution of the present invention, can be when incoming end be accessed, and access side carries out safety etc. Level confirmed, can be further confirmed that with access side so on the basis of password, improves incoming end and WIFI AP Security.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the monitoring method of incoming end in the embodiment of the present invention;
Fig. 2 is a kind of structural representation of the monitoring device of incoming end in the embodiment of the present invention.
Specific embodiment
In order to the security for solving the problems, such as WIFI AP in the prior art is relatively low, one kind is provided in the embodiment of the present invention The monitoring method of incoming end, can be when incoming end be accessed by the method, and access side carries out safe class confirmation, so exists Can be further confirmed that with access side on the basis of password, be improved the safety of incoming end and WIFI AP Access Controls Property.
Technical solution of the present invention is described in detail below by accompanying drawing and specific embodiment, it will be appreciated that this hair Particular technique feature in bright embodiment and embodiment is the explanation to technical solution of the present invention, rather than restriction, not In the case of conflict, the particular technique feature in the embodiment of the present invention and embodiment can be mutually combined.
It is as shown in Figure 1 a kind of monitoring method flow chart of incoming end in the embodiment of the present invention, the method includes:
S101, when the access request of incoming end is got, obtains the user characteristics that user is input on incoming end;
Whether S102, according to user characteristics, determine the corresponding level of security of user less than preset security rank;
If so, S103 is then performed, if it is not, then performing S104.
S103, refusal incoming end is accessed, and is alerted;
S104, it is allowed to which incoming end is accessed.
Specifically, in embodiments of the present invention, a level of security and user characteristics have been pre-saved in WIFI AP Between corresponding relation, user characteristics here can be with user's physiological characteristic, such as finger print information or other physiology letter Breath.
When incoming end needs to be linked into WIFI AP, it is necessary first to send an access request to WIFI AP, and this connects Enter needs, comprising user characteristics, finger print information can be added in the access request in embodiments of the present invention in asking.
When WIFI AP receive the access request of incoming end, the WIFI AP get access in access request first Password, this access pin sets a setting code for user on WIFI AP.
Password in access request is matched with setting code, if matching, is proved and incoming end is accessible equipment, If mismatching, then directly refuse incoming end access.
Further, in embodiments of the present invention, because password can be cracked by any user, if directly close using setting Code allows incoming end to access, then security is relatively low, so in the case of password match, WIFI AP will also be in access request User characteristics is got, with regard to the corresponding relation between user characteristics and level of security, user characteristics correspondence level of security is determined, Such as, the corresponding level of security of incoming end in the embodiment of the present invention is the first level of security.
It is determined that after the level of security of incoming end, whether WIFI AP will judge first level of security less than default peace Full rank.If the first level of security is less than preset security rank, it is determined that the incoming end is illegal incoming end, and refuse to access Terminate into;If the first level of security is higher than preset security rank, it is determined that the incoming end is legal incoming end, so as to allow to connect Enter to terminate into.Here level of security can be a value fixed.
By above-mentioned method, WIFI AP can also determine to access in addition to verifying setting code according to user characteristics The level of security at end, and carry out legitimate verification according to level of security access side, connect caused by simple password so as to avoid Enter safety issue, also further improve the security of WIFI AP accesses.
Further, in embodiments of the present invention, in order to further lift security, after incoming end is allowed to access, WIFI AP will be according to predetermined period, the periodically operation note of collection incoming end.Here operation note can be user Upload record, Download History, browse vestige etc..
After operation note of the incoming end in predetermined period is got, the WIFI AP by decision record whether Meet pre-conditioned, such as, whether the down operation for judging incoming end is the download more than given amount of data.If the operation is remembered Record then illustrates that the operation of the incoming end is illegal when meeting pre-conditioned, now WIFI AP by the level of security of the incoming end from First level of security is reduced to the second level of security.
If so, when the operation note of incoming end is unsatisfactory for pre-conditioned, then illustrating that the operation of incoming end is legal, will now protect Stay the level of security of incoming end.Operation behavior that thus can in real time according to incoming end adjusts the safe level of incoming end Not, it is ensured that the security of WIFI AP.
For to sum up, in the embodiment of the present invention, the behavior that can be based on incoming end is modeled analysis, so as to according to access The behavior at end carries out safe class, such as the behavioral parameters according to incoming end adjust the safe class of incoming end, so can be with The security of incoming end is monitored at any time.
Further, in embodiments of the present invention, after incoming end is adjusted to the second level of security from the first level of security, The WIFI AP will be again started up the legitimate verification of access side, that is to say, that once there is incoming end has the tune of level of security When whole, the WIFI AP are verified the new level of security of timely incoming end, that is, judge whether the second level of security is low In preset security rank.
If the second level of security is not less than preset security rank, continuing to allow incoming end to access;If the second safety When rank is less than preset security rank, then directly refusal incoming end is accessed.So can in real time disconnect connect other with low level security Enter the connection at end, so as to improve the security of WIFI AP.
Further, in embodiments of the present invention, adjusted to the second level of security from the first level of security in incoming end, and When second level of security is higher than preset security rank, the WIFI AP will transfer the corresponding pass between level of security and user right System, in this relation, level of security is higher, then authority is higher.
In the corresponding relation, determine the corresponding second user authority of the second level of security, then will meter incoming end from First user authority is adjusted to second user authority, has been achieved in that the security based on incoming end to adjust the side of user right Case, so as to limit lower security rank user function authority, has also further deepened the security of WIFI AP.
Further, in embodiments of the present invention, when incoming end is reduced to the second level of security from the first level of security, and Disconnect after the connection with WIFI AP, the WIFI AP will generate the prompt message that user's lifting incoming end is illegal incoming end, And the prompt message is sent to specified user terminal.As long as that is, there is disabled user to be monitored to, the WIFI AP will and When notice to specified user terminal, such as will be prompted to information and be sent to designated mobile phone, or be sent to designated computer etc..This Sample can in time point out user to there is illegal incoming end, further improve the practicality and security of WIFI AP.
For to sum up, in embodiments of the present invention, can be when incoming end be accessed by above-mentioned method, access side is entered Row safe class confirm, can be further confirmed that with access side so on the basis of password, improve incoming end and The security of WIFI AP.
A kind of monitoring method of incoming end in the correspondence embodiment of the present invention, additionally provides a kind of access in the embodiment of the present invention The monitoring device at end, is illustrated in figure 2 a kind of structural representation of the monitoring device of incoming end, the device in the embodiment of the present invention Including:
Acquisition module 201, is input into for when the access request of incoming end is got, obtaining user on the incoming end User characteristics;
Processing module 202, for according to the user characteristics, determining the corresponding level of security of the user whether less than pre- If level of security;If so, then refuse the incoming end accessing;If it is not, then allowing the incoming end to access.
Further, in embodiments of the present invention, the acquisition module 201, is additionally operable to, according to predetermined period, periodically adopt Collect the operation note of the incoming end;
The processing module 202, is additionally operable to judge whether the operation note meets pre-conditioned;If so, then will be described Incoming end is reduced to the second level of security from the first level of security;If it is not, then maintaining first safe level of the incoming end Not.
Further, in embodiments of the present invention, the processing module 202, is additionally operable to according to level of security and user right Between corresponding relation, determine the corresponding second user authority of second level of security;By the incoming end from first user Authority is adjusted to second user authority.
Further, in embodiments of the present invention, the processing module 202, is additionally operable to judge that second level of security is It is no less than the preset security rank;If so, then disconnecting the connection with the incoming end;If it is not, then maintaining and the incoming end Connection.
Further, in embodiments of the present invention, the processing module 202, is additionally operable to generation for pointing out the incoming end It is the prompt message of illegal incoming end;The prompt message is sent to specified user terminal.
Although having been described for the preferred embodiment of the application, one of ordinary skilled in the art once knows substantially Creative concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to bag Include preferred embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the application to the application God and scope.So, if these modifications of the application and modification belong to the scope of the application claim and its equivalent technologies Within, then the application is also intended to comprising these changes and modification.

Claims (10)

1. a kind of monitoring method of incoming end, it is characterised in that methods described includes:
When the access request of incoming end is got, the user characteristics that user is input on the incoming end is obtained;
According to the user characteristics, determine the corresponding level of security of the user whether less than preset security rank;
If so, then refuse the incoming end accessing, and alerted;
If it is not, then allowing the incoming end to access.
2. the method for claim 1, it is characterised in that after allowing the incoming end to access, methods described is also wrapped Include:
According to predetermined period, the operation note of the incoming end is periodically gathered;
Judge whether the operation note meets pre-conditioned;
If so, the incoming end then is reduced into the second level of security from the first level of security;
If it is not, then maintaining first level of security of the incoming end.
3. the method for claim 1, it is characterised in that the incoming end is being reduced to second from the first level of security After level of security, methods described also includes:
According to the corresponding relation between level of security and user right, the corresponding second user power of second level of security is determined Limit;
The incoming end is adjusted to second user authority from first user authority.
4. method as claimed in claim 2, it is characterised in that the incoming end is being reduced to second from the first level of security After level of security, methods described also includes:
Judge second level of security whether less than the preset security rank;
If so, then disconnecting the connection with the incoming end;
If it is not, then maintaining to be connected with the incoming end.
5. method as claimed in claim 4, it is characterised in that after the connection with the incoming end is disconnected, methods described Also include:
Generate the prompt message for pointing out the incoming end to be illegal incoming end;
The prompt message is sent to specified user terminal.
6. a kind of monitoring device of incoming end, it is characterised in that including:
Acquisition module, for when the access request of incoming end is got, obtaining the user that user is input on the incoming end Feature;
Processing module, for according to the user characteristics, determining the corresponding level of security of the user whether less than preset security Rank;If so, then refuse the incoming end accessing;If it is not, then allowing the incoming end to access.
7. monitoring device as claimed in claim 6, it is characterised in that the acquisition module, is additionally operable to according to predetermined period, week The operation note of the collection incoming end of phase property;
The processing module, is additionally operable to judge whether the operation note meets pre-conditioned;If so, then by the incoming end from First level of security is reduced to the second level of security;If it is not, then maintaining first level of security of the incoming end.
8. monitoring device as claimed in claim 6, it is characterised in that the processing module, be additionally operable to according to level of security with Corresponding relation between user right, determines the corresponding second user authority of second level of security;By the incoming end from First user authority is adjusted to second user authority.
9. monitoring device as claimed in claim 7, it is characterised in that the processing module, is additionally operable to judge second peace Whether full rank is less than the preset security rank;If so, then disconnecting the connection with the incoming end;If it is not, then maintaining and institute State incoming end connection.
10. monitoring device as claimed in claim 9, it is characterised in that the processing module, is additionally operable to generation for pointing out institute State the prompt message that incoming end is illegal incoming end;The prompt message is sent to specified user terminal.
CN201611027266.0A 2016-11-17 2016-11-17 Method and device for monitoring access terminal Pending CN106714155A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611027266.0A CN106714155A (en) 2016-11-17 2016-11-17 Method and device for monitoring access terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611027266.0A CN106714155A (en) 2016-11-17 2016-11-17 Method and device for monitoring access terminal

Publications (1)

Publication Number Publication Date
CN106714155A true CN106714155A (en) 2017-05-24

Family

ID=58941186

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611027266.0A Pending CN106714155A (en) 2016-11-17 2016-11-17 Method and device for monitoring access terminal

Country Status (1)

Country Link
CN (1) CN106714155A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819761A (en) * 2017-11-06 2018-03-20 成都西加云杉科技有限公司 Data processing method, device and readable storage medium storing program for executing
CN107864164A (en) * 2017-12-26 2018-03-30 北京中船信息科技有限公司 The linkage alarm device distorted with MAC Address is usurped based on IP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376224A (en) * 2015-11-02 2016-03-02 深圳市广和通无线股份有限公司 WIFI access judge authentication method and device
CN105635102A (en) * 2015-10-30 2016-06-01 东莞酷派软件技术有限公司 Wi-Fi hot spot connection setting method and device
CN105959947A (en) * 2016-04-23 2016-09-21 乐视控股(北京)有限公司 Method for safely having access to network and system thereof
CN106127368A (en) * 2016-06-14 2016-11-16 成都镜杰科技有限责任公司 Date storage method for ERP System

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635102A (en) * 2015-10-30 2016-06-01 东莞酷派软件技术有限公司 Wi-Fi hot spot connection setting method and device
CN105376224A (en) * 2015-11-02 2016-03-02 深圳市广和通无线股份有限公司 WIFI access judge authentication method and device
CN105959947A (en) * 2016-04-23 2016-09-21 乐视控股(北京)有限公司 Method for safely having access to network and system thereof
CN106127368A (en) * 2016-06-14 2016-11-16 成都镜杰科技有限责任公司 Date storage method for ERP System

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819761A (en) * 2017-11-06 2018-03-20 成都西加云杉科技有限公司 Data processing method, device and readable storage medium storing program for executing
CN107864164A (en) * 2017-12-26 2018-03-30 北京中船信息科技有限公司 The linkage alarm device distorted with MAC Address is usurped based on IP
CN107864164B (en) * 2017-12-26 2020-11-06 北京中船信息科技有限公司 Linkage alarm device based on IP embezzlement and MAC address tampering

Similar Documents

Publication Publication Date Title
US9420461B2 (en) Access authentication method and device for wireless local area network hotspot
EP2854433B1 (en) Method, system and related device for realizing virtual sim card
CN106134143A (en) Method, apparatus and system for dynamic network access-in management
CN102215250B (en) Automatic form filling method for mobile communication equipment terminal, server and client
CN102413221B (en) Method for protecting privacy information and mobile terminal
CN105099704A (en) Biometric identification-based OAuth service
CN107592288B (en) Method, intelligent gateway and system for multi-terminal fast login of website
CN102413220B (en) Method for controlling right of using connection function and mobile terminal
CN103079201A (en) Fast authentication method, access controller (AC) and system for wireless local area network
CN101827365A (en) Device and method for Internet surfing control of mobile terminal
CN106936600B (en) Flow charging method and system and related equipment
CN104270250A (en) WiFi Internet surfing connecting authentication method and system based on asymmetric full-process encryption
CN113312674B (en) Access security method and system based on multi-factor environment perception digital certificate
CN103747433A (en) Method and mobile terminal for realizing root request management through manufacturer server
CN105392137A (en) Household WIFI embezzlement preventing method, wireless router and terminal equipment
CN107864475A (en) The quick authentication methods of WiFi based on Portal+ dynamic passwords
CN107484152A (en) The management method and device of terminal applies
CN106714155A (en) Method and device for monitoring access terminal
CN103200276B (en) The method and apparatus that a kind of file security controls
CN106941504B (en) Cloud management authority control method and system
EP2622807B1 (en) Data filtering for communication devices
CN105163317A (en) Network access method, server, terminal and system
CN106331010A (en) Network file access control method and device
CN114885329A (en) Information security system based on wireless communication network
CN104703183A (en) Special line APN (Access Point Name) security-enhanced access method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170524

RJ01 Rejection of invention patent application after publication