CN113328975A - Terminal access method, terminal access system, and computer-readable storage medium - Google Patents
Terminal access method, terminal access system, and computer-readable storage medium Download PDFInfo
- Publication number
- CN113328975A CN113328975A CN202010130039.0A CN202010130039A CN113328975A CN 113328975 A CN113328975 A CN 113328975A CN 202010130039 A CN202010130039 A CN 202010130039A CN 113328975 A CN113328975 A CN 113328975A
- Authority
- CN
- China
- Prior art keywords
- access
- terminal
- network
- visited
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The present disclosure relates to a terminal access method, a terminal access system, and a computer-readable storage medium. The terminal access method comprises the following steps: the method comprises the steps that a preset network receives access request information from a visitor terminal, wherein the access request information comprises a visitor address of the visitor terminal and a line sign of a visited network where the visited terminal is located; the preset network determines whether a preset access condition is met according to the access request information; when the preset access condition is met, the preset network sends the visitor address to the visited network, so that the visited network configures access setting to allow the access of the visitor terminal; and the preset network sends the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a terminal access method, a terminal access system, and a computer-readable storage medium.
Background
With the continuous development of the internet and the mobile internet, the service application range is wider, and more service products can be accessed to the internet to meet the requirements of remote access and remote management of users. Existing remote access and remote management are typically implemented based on a platform-based management model. In the platform management, a user generally needs to register an account on a platform in advance, and then obtains an address and the like associated with a business product according to the account and a corresponding password, so as to realize remote access and remote management. However, in the platform management mode, on one hand, the user needs to perform configuration such as registration in advance, and the operation is relatively cumbersome; on the other hand, account numbers, passwords and other related data on the platform are easy to attack and leak, and security events are caused.
Disclosure of Invention
One of the objects of the present disclosure is to provide a terminal access method, the method including:
the method comprises the steps that a preset network receives access request information from a visitor terminal, wherein the access request information comprises a visitor address of the visitor terminal and a line sign of a visited network where the visited terminal is located;
the preset network determines whether a preset access condition is met according to the access request information;
when the preset access condition is met, the preset network sends the visitor address to the visited network, so that the visited network configures access setting to allow the access of the visitor terminal; and
and the preset network sends the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
The present disclosure also provides a network device, where the network device is configured to preset a network, and the network device includes a first processor configured to execute instructions to implement steps of a terminal access method, where the terminal access method includes: the method comprises the steps that a preset network receives access request information from a visitor terminal, wherein the access request information comprises a visitor address of the visitor terminal and a line sign of a visited network where the visited terminal is located; the preset network determines whether a preset access condition is met according to the access request information; when the preset access condition is met, the preset network sends the visitor address to the visited network, so that the visited network configures access setting to allow the access of the visitor terminal; and the preset network sends the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
The present disclosure also provides a terminal access method, including:
the method comprises the steps that a visitor terminal sends access request information to a preset network, wherein the access request information comprises a visitor address of the visitor terminal and a line mark of a visited network where the visited terminal is located;
when a preset access condition is met, the visitor terminal receives the visited address of the visited network from the preset network; and
and the visitor terminal establishes connection with the visited terminal according to the visited address.
The present disclosure also provides a guest terminal including a second processor configured to execute instructions to implement steps of a terminal access method, the terminal access method including: the method comprises the steps that a visitor terminal sends access request information to a preset network, wherein the access request information comprises a visitor address of the visitor terminal and a line mark of a visited network where the visited terminal is located; when a preset access condition is met, the visitor terminal receives the visited address of the visited network from the preset network; and the visitor terminal establishes connection with the visited terminal according to the visited address.
The present disclosure also provides a terminal access method, including:
when the preset access condition is met, the visited network where the visited terminal is located receives the visitor address of the visitor terminal from the preset network;
the visited network adds the guest address to an access white list.
The present disclosure also provides a local area network device, where the local area network device is used in a visited network where a visited terminal is located, and the local area network device includes a third processor, where the third processor is configured to execute instructions to implement steps of a terminal access method, where the terminal access method includes: when the preset access condition is met, the visited network where the visited terminal is located receives the visitor address of the visitor terminal from the preset network; the visited network adds the guest address to an access white list.
The present disclosure also provides a terminal access system, the system including:
a visitor terminal;
the preset network is connected with the visitor terminal through a network interface;
the visited network is connected with the preset network through a local area gateway; and
a visited terminal connected to the visited network;
wherein the pre-set network is configured to:
receiving access request information from the guest terminal, wherein the access request information includes a guest address of the guest terminal and a line flag of the visited network;
determining whether a preset access condition is met or not according to the access request information;
when the preset access condition is met, sending the visitor address to the visited network for the visited network to configure access setting to allow the access of the visitor terminal; and
and sending the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
The present disclosure also provides a computer-readable storage medium having instructions stored thereon, which, when executed, implement the steps of the above-mentioned terminal access method.
Other features of the present disclosure and advantages thereof will become more apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flowchart of a terminal access method performed by a preset network according to an exemplary embodiment of the present disclosure;
fig. 2 shows a flowchart of a terminal access method performed by a guest terminal according to an exemplary embodiment of the present disclosure;
fig. 3 shows a flowchart of a terminal access method performed by a visited network according to an example embodiment of the present disclosure;
FIG. 4 shows a schematic diagram of a terminal access system according to an example embodiment of the present disclosure;
fig. 5 illustrates a schematic diagram of a terminal access method according to a specific example of the present disclosure.
Note that in the embodiments described below, the same reference numerals are used in common between different drawings to denote the same portions or portions having the same functions, and a repetitive description thereof will be omitted. In some cases, similar reference numbers and letters are used to denote similar items, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
For convenience of understanding, the positions, sizes, ranges, and the like of the respective structures shown in the drawings and the like do not sometimes indicate actual positions, sizes, ranges, and the like. Therefore, the present disclosure is not limited to the positions, dimensions, ranges, and the like disclosed in the drawings and the like.
Detailed Description
Various exemplary embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. That is, the structures and methods herein are shown by way of example to illustrate different embodiments of the structures and methods of the present disclosure. Those skilled in the art will understand, however, that they are merely illustrative of exemplary ways in which the disclosure may be practiced and not exhaustive. Furthermore, the figures are not necessarily to scale, some features may be exaggerated to show details of particular components.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
Fig. 1 illustrates a flowchart of a terminal access method performed by a provisioning network according to an exemplary embodiment of the present disclosure.
As shown in fig. 1, the terminal access method may include:
step S110, the preset network receives access request information from the guest terminal, where the access request information includes a guest address of the guest terminal and a line identifier of a visited network where the visited terminal is located.
The preset network may include a public network provided by an operator or the like, such as a telecommunication network or the like; alternatively, the default network may include a local area network or the like within a specific range. Since the public network has a large user population and a wide coverage, it is useful to relatively simply implement authentication of an initiated access request and connection to both a guest terminal and a visited terminal when the public network is used as a pre-set network, as will be described in detail later.
The guest terminal may be implemented as a mobile terminal or a vehicle-mounted terminal of a guest (e.g., a user who initiates an access request), etc., such as a smart phone, a tablet Personal Computer (PC), a notebook PC, a portable game terminal, a portable mobile router, a photographing device, or a navigation device, etc. The guest terminal may also be implemented as a wireless communication module, such as an integrated circuit module comprising a single die, or the like, mounted on each of the above terminals. An application program (app) may also be installed on the guest terminal to perform a specific operation.
When a visitor initiates an access request to a visitor terminal, a line sign of a visited network where the visited terminal is located may be provided to the visitor terminal at the same time. The line identifier may include a gateway identifier of the visited network, an owner account number of an owner (e.g., a user owner) to which the visited network belongs, or a network account number (e.g., a broadband number) of the visited network. The line tag may be included in the access request information.
The access request information may also include a guest address of the guest terminal, which may be obtained by the guest terminal inquiring about its own related information. In some cases, the guest address may be an IP address of the guest terminal.
The pre-set network receives access request information including a guest address and a line tag of the guest terminal to wait for further steps to be performed.
As shown in fig. 1, the terminal access method may further include:
step S120, the preset network determines whether the preset access condition is met according to the access request information.
In order to guarantee the security of access and avoid causing attacks on the visited network or the visited terminal, whether the current access meets the preset access condition or not can be determined through the preset network. In subsequent steps, only accesses satisfying the preset access conditions can be implemented accordingly.
In some embodiments, different preset access conditions may also be set according to different access rights. For example, for lower-authority accesses (e.g., accesses having only data read authority), a relatively loose preset access condition may be set; for higher-authority accesses (e.g., accesses with data read authority and data rewrite authority), relatively strict preset access conditions may be set to meet different access requirements.
When determining whether the preset access condition is satisfied, the determination may be performed in various ways according to various data in the access request information. In some embodiments, the determination may be based on a guest address in the access request message, which may reflect the identity of the guest or guest terminal,
in an embodiment, a preset access list set in advance may be used to determine whether the preset access condition is satisfied. Specifically, the determining, by the preset network, whether the preset access condition is met according to the access request information may include:
step S121, judging whether the visitor address is in a preset access list or not;
step S122, when the visitor address is in the preset access list, determining that the preset access condition is met;
and S123, when the visitor address is not in the preset access list, determining that the preset access condition is not met.
In the preset access list, all guest addresses satisfying the preset access condition may be listed in advance. When the preset network receives the access request information, whether the preset access condition is met can be determined by judging whether the visitor address in the access request information is in the preset access list or not. In this way, the preset network can directly determine whether the preset access condition is satisfied, without determining by inquiring about the owner of the visited network or dynamically inquiring about the relevant information of the visited network.
It is understood that other information related to the guest address, or other information corresponding to the guest terminals satisfying the preset access condition one-to-one, etc. may be directly listed in the preset access list, so as to determine whether the guest terminal currently requesting access is in the preset access list according to the information.
In another embodiment, it may be dynamically confirmed whether the current access satisfies a preset access condition to the owner of the visited network according to the access request information. Specifically, the determining, by the preset network, whether the preset access condition is met according to the access request information may include:
step S124, the preset network confirms whether the access is authorized to the owner of the visited network according to the access request information;
step S125, when the preset network slave owner receives the confirmation authorization access information, determining that the preset access condition is met;
and step S126, when the preset network non-slave master receives the confirmation authorization access information or the preset network slave master receives the refusal authorization access information, determining that the preset access condition is not met.
For example, the preset network may send the access request information or the visitor address therein to the owner of the visited network by way of a telephone short message or network information, and the owner of the visited network may return the confirmation authorization access information or the denial authorization access information to the preset network by replying the telephone short message or network information, so that the preset network determines whether the preset access condition is satisfied.
Or, the preset network may also generate a verification code according to the access request information, and send the verification code to the owner of the visited network in the form of telephone short message or network information. When the owner of the visited network returns the confirmation authorization access information to the preset network, the verification code can be returned to the preset network; otherwise, the owner of the visited network may not do anything, thereby denying current access.
The preset network can realize more flexible authorization for access by confirming whether to authorize the current access to the owner, and is not limited by a relatively static preset access list. Access can be achieved in this way very conveniently, especially when there is a temporary access request to the accessed terminal.
Further, the above two manners for determining whether the preset access condition is satisfied may also be combined. For example, it may be first determined whether a preset access condition is satisfied according to the access request information and a preset access list; and if the information related to the current access request information cannot be inquired in the preset access list, confirming whether the current access is authorized or not to the owner of the visited network. If the owner authorizes the access, the information corresponding to the current access can be added into the preset access list, or the information corresponding to the current access is added into the preset access list after the owner confirms, so that the confirmation process of the next access of the access terminal is simplified.
As shown in fig. 1, the terminal access method may further include:
step S131, when a preset access condition is met, the preset network sends a visitor address to the visited network, so that the visited network configures access setting to allow the visitor terminal to access; and
step S132, the preset network sends the visited address of the visited network to the visitor terminal, so that the visitor terminal can establish connection with the visited terminal.
When the preset access condition is satisfied, the connection between the visitor terminal and the visited terminal can be helped to be established through the preset network. Specifically, the preset network may obtain the network account and the visited address of the visited network by back-checking the information. According to the network account of the visited network, the preset network can send the visitor address to the visited network, so that the visited network can configure access setting to allow the access of the visitor terminal. For example, the visited network may add the guest address to its access white list to allow access by the guest terminal. And the preset network can send the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal. For example, access to the visited terminal may be achieved by an application on the guest terminal establishing a point-to-point access channel between the guest terminal and the visited terminal.
On the other hand, when the preset access condition is not satisfied, the access to the accessed terminal will not be continued. Further, in some embodiments, the terminal access method may further include:
and step S140, when the preset access condition is not met, the preset network feeds back the access refusing information to the visitor terminal.
By feeding back the access refusing information to the visitor terminal, the visitor terminal can also output the access refusing information to the visitor, so that the visitor can be helped to find possible problems in the access, and the user experience is improved.
In some embodiments, the terminal access method may further include:
in step S150, when the preset network receives the access end information from the guest terminal, the preset network notifies the visited network to modify the access setting to deny the access of the guest terminal.
The access end information of the guest terminal may be generated according to an instruction of the guest or may be generated along with the corresponding application program for access on the guest terminal being closed or exited. When the predetermined network receives the access end information from the guest terminal, it means that the current access is ended. In this case, in order to avoid redundant information in the access setting on the one hand and to ensure security on the other hand, in particular to prevent some temporarily authorized guest terminals from attacking the visited network or the visited terminal in the future, the visited network may be notified by the preset network to modify the access setting to deny the access of the guest terminal. For example, the visited network may delete the guest address of the guest terminal from its access white list.
In the terminal access method of the above embodiment, remote access by configuring a dynamic domain name or by way of platform management is eliminated, and instead, the access to the accessed terminal is performed through a preset network, such as a public network provided by an operator. Through establishing the access channel point to point, the possibility that the privacy is stolen by a third party can be eliminated, and meanwhile, two links are added to guarantee the access security: the method has the advantages that firstly, the owner of the visited network can master the authorization of access, and the method has practical safety significance, and secondly, the access white list can be configured in the visited network, so that the access safety is improved.
The present disclosure also proposes a network device, which may be used for provisioning a network, and the network device may include a first processor configured to execute instructions to implement the steps of the terminal access method in the above embodiments.
The network device may be implemented as a network server, such as a tower server, a rack server, a blade server, and so on. The network server may also include memory, a network interface, a bus, and the like.
The preset network may be a public network provided by an operator or the like, such as a telecommunication network or the like; alternatively, the default network may include a local area network or the like within a specific range.
The first processor may be, for example, a central processing unit or a digital signal processor, and controls the functions of the network device.
Fig. 2 illustrates a flowchart of a terminal access method performed by a guest terminal according to an exemplary embodiment of the present disclosure. As shown in fig. 2, the terminal access method may include:
step S210, the visitor terminal sends an access request message to a preset network, where the access request message includes a visitor address of the visitor terminal and a line identifier of a visited network where the visitor terminal is located.
Among others, the guest terminal may be implemented as a mobile terminal or a vehicle-mounted terminal of a guest (e.g., a user who initiates an access request), etc., such as a smart phone, a tablet Personal Computer (PC), a notebook PC, a portable game terminal, a portable mobile router, a photographing device, or a navigation device, etc. The guest terminal may also be implemented as a wireless communication module, such as an integrated circuit module comprising a single die, or the like, mounted on each of the above terminals. An application program (app) may also be installed on the guest terminal to perform a specific operation.
The preset network may include a public network provided by an operator or the like, such as a telecommunication network or the like; alternatively, the default network may include a local area network or the like within a specific range.
The access request information may be generated from an access request initiated by a guest. When a visitor initiates an access request to a visitor terminal, a line sign of a visited network where the visited terminal is located may be provided to the visitor terminal at the same time. The guest terminal may also query its own related information to obtain the guest address. Further, the guest address of the guest terminal and the line sign of the visited network are included in the access request message and transmitted to the predetermined network by the guest terminal to wait for further steps to be performed.
As shown in fig. 2, the terminal access method may further include:
step S220, when the preset access condition is met, the visitor terminal receives the visited address of the visited network from the preset network;
and step S230, the visitor terminal establishes connection with the visited terminal according to the visited address.
When the preset access condition is satisfied, the visitor terminal may establish a connection with the visited terminal with the help of a preset network. Specifically, the guest terminal may receive an visited address of the visited network from a preset network, and then, a peer-to-peer access channel between the guest terminal and the visited terminal may be established, for example, through an application on the guest terminal, thereby implementing access to the visited terminal.
On the other hand, the terminal access method may further include:
and step S240, when the preset access condition is not met, the visitor terminal receives the access refusing information from the preset network and outputs the access refusing information.
Specifically, by outputting access denial information received from a preset network to a visitor or the like, the visitor can be helped to find a problem that may exist in access, thereby improving user experience. Of course, in other embodiments, the denial of access information may also be output to other objects to help them learn about access status or to query for possible problems with access.
In some embodiments, the terminal access method may further include:
and step S250, when the access is finished, the visitor terminal disconnects the connection with the visited terminal and sends access finishing information to the preset network.
The guest terminal may generate the access end information according to an instruction of the guest, or may generate the access end information along with a corresponding application program for access on the guest terminal being closed or exited. Further, the guest terminal transmits access end information to the preset network to help the preset network to know the current access state or perform other operations related to the end of access.
The present disclosure also proposes a guest terminal comprising a second processor configured to execute instructions to implement the steps of the terminal access method performed by the guest terminal in the above embodiments.
Among others, the guest terminal may be implemented as a mobile terminal or a vehicle-mounted terminal of a guest (e.g., a user who initiates an access request), etc., such as a smart phone, a tablet Personal Computer (PC), a notebook PC, a portable game terminal, a portable mobile router, a photographing device, or a navigation device, etc. The guest terminal may also be implemented as a wireless communication module, such as an integrated circuit module comprising a single die, or the like, mounted on each of the above terminals.
The second processor may be, for example, a central processing unit or a digital signal processor, and controls the functions of the guest terminal.
Fig. 3 shows a flowchart of a terminal access method performed by a visited network according to an exemplary embodiment of the present disclosure. As shown in fig. 3, the terminal access method includes:
step S311, when the preset access condition is met, the visited network where the visited terminal is located receives the visitor address of the visitor terminal from the preset network;
in step S312, the visited network adds the guest address to the access white list.
Wherein, the visited terminal can comprise at least one of a monitoring device, a storage device, an intelligent lock device and an intelligent household appliance. For example, a visitor may monitor the current conditions in the home or work place by accessing a monitoring device such as a camera. The visitor can also access the storage device to acquire corresponding data thereon, so as to realize remote processing of the data. The visitor can manage room entrance guard through the intelligent lock equipment. In addition, visitors can also remotely control their operation by accessing intelligent home appliances such as intelligent televisions, intelligent air conditioners, or intelligent laundry machines.
The visited network where the visited terminal is located may be implemented as a local area network, such as a home network or a work network. The visited network can be connected with the preset network through a local area gateway and the like, and the visited network generally has higher requirements on security.
When the preset access condition is met, the visited network where the visited terminal is located may receive the guest address of the guest terminal from the preset network, and add the guest address to the access white list to allow access of the corresponding guest terminal.
The terminal access method may further include:
in step S320, when the visited network receives the access end information from the preset network, the visited network deletes the guest address from the access white list.
When the access is finished, on one hand, in order to avoid redundant information in the access white list from being too much, on the other hand, in order to guarantee the safety, particularly to prevent some temporarily authorized guest terminals from attacking the visited network or the visited terminal in the future, the guest address can be deleted from the access white list of the visited network, so that the efficiency of processing the access by the visited network and the safety of the visited network are improved.
The present disclosure also proposes a local area network device, where the local area network device is used in a visited network where a visited terminal is located, and the local area network device includes a third processor configured to execute instructions to implement the steps of the terminal access method executed by the visited network.
The local area network device may be implemented as a local area gateway device, a local area network server, etc.
The visited network where the visited terminal is located may be a home network or a work network, etc.
The third processor may be, for example, a central processing unit or a digital signal processor, and controls the functions of the visited network.
As shown in fig. 4, a terminal access system may include a guest terminal 200. Among them, the guest terminal 200 may be implemented as a mobile terminal or a vehicle-mounted terminal of a guest (e.g., a user who initiates an access request), etc., such as a smart phone, a tablet Personal Computer (PC), a notebook PC, a portable game terminal, a portable mobile router, a photographing device, a navigation device, etc. The guest terminal 200 may also be implemented as a wireless communication module, such as an integrated circuit module including a single chip, etc., mounted on each of the above-described terminals. An application program (app) may also be installed on the guest terminal 200 to perform a specific operation.
The terminal access system may further include a provisioning network 100, and the provisioning network 100 is connected with the guest terminal 200 through a network interface. The preset network 100 may include a public network provided by an operator or the like, such as a telecommunication network or the like; alternatively, the default network 100 may include a local area network or the like within a specific range. Since the public network has a large user population and a wide coverage, it is useful to relatively simply implement authentication of an initiated access request and connection to both the guest terminal 200 and the visited terminal 310 when the public network is used as a pre-set network.
The terminal access system may further include a visited network 320, and the visited network 320 is connected to the provisioning network 100 through a local gateway. The visited network 320 may be implemented as a local area network, such as a home network or a work network, etc.
The terminal access system may also be a visited terminal 310, the visited terminal 310 being connected to a visited network 320. The visited terminal 310 may include at least one of a monitoring device, a storage device, an intelligent lock device, and an intelligent home appliance. For example, a visitor may monitor the current conditions in the home or work place by accessing a monitoring device such as a camera. The visitor can also access the storage device to acquire corresponding data thereon, so as to realize remote processing of the data. The visitor can manage room entrance guard through the intelligent lock equipment. In addition, visitors can also remotely control their operation by accessing intelligent home appliances such as intelligent televisions, intelligent air conditioners, or intelligent laundry machines.
Among other things, the preset network 100 may be configured to:
receiving access request information from the guest terminal 200, wherein the access request information includes a guest address of the guest terminal 200 and a line flag of the visited network 320 in which the visited terminal 310 is located;
determining whether a preset access condition is met or not according to the access request information;
when a preset access condition is satisfied, sending a guest address to the visited network 320 for the visited network 320 to configure access settings to allow access of the guest terminal 200; and
the visited address of the visited network 320 is sent to the guest terminal 200 for the guest terminal 200 to establish a connection with the visited terminal 310.
In some embodiments, the provisioning network 100 is further configured to:
when the preset access condition is not satisfied, the access denial information is fed back to the guest terminal 200.
In some embodiments, the provisioning network 100 is further configured to:
when receiving the access end information from the guest terminal 200, the visited network 320 is notified to modify the access setting to deny access of the guest terminal 200.
Fig. 5 is a schematic diagram illustrating a terminal access method according to a specific example of the present disclosure, where the terminal access method may be performed according to the following procedures:
step S510, the visitor 400 provides the line sign of the visited network 320 to the visitor terminal 200 to initiate an access request;
step S521, the guest terminal 200 acquires a guest address from its own related information;
step S522, the guest terminal 200 transmits access request information including a line sign of the visited network 320 and a guest address of the guest terminal 200 to the preset network 100 to make an access request to the preset network 100;
step S530, the default network 100 confirms to the owner 500 of the visited network 320 whether to authorize access;
step S540, the owner 500 confirms whether to authorize access according to the relevant information (e.g. the guest address in the access request information) provided by the preset network 100;
step S541, if the owner 500 denies the authorized access, the preset network 100 feeds back the access denied information to the visitor 400 through the visitor terminal 200, and terminates the continuous access;
step S542, if the owner 500 confirms that the access is authorized, the preset network 100 performs reverse check on the information to obtain the network account (e.g. broadband number) and the visited address (e.g. IP address of the local gateway of the visited network) of the visited network 320;
step S551, the preset network 100 sends the visitor address to the visited network 320;
step S552, the visited network 320 adds the guest address to the access white list;
step S553, after the configuration access white list is successful, the visited network 320 may return the configuration success information to the preset network 100;
step S560, the preset network 100 sends the visited address to the guest terminal 200;
step S570, the visitor terminal 200 establishes a peer-to-peer access channel with the visited terminal 310 for the visitor 400;
step S581, when the guest terminal 200 receives the access end information, quitting the application program for access on the guest terminal 200;
step S582, the guest terminal 200 notifies the preset network 100 of the end of access;
step S583, the default network 100 notifies the visited network 320 to delete the visitor address from the access white list;
in step S584, the visited network 320 deletes the guest address from the access white list;
in step S585, the access ends.
The present disclosure also proposes a computer-readable storage medium having stored thereon instructions which, when executed, implement the steps of the above-mentioned terminal access method.
The computer readable storage medium may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Synchronous Link Dynamic Random Access Memory (SLDRAM), and direct memory bus random access memory (DR RAM). Note that the computer-readable storage media described herein are intended to comprise, without being limited to, these and any other suitable types of memory.
It is to be noted that the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In general, the various example embodiments of this disclosure may be implemented in hardware or special purpose circuits, software, firmware, logic or any combination thereof. Certain aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While aspects of embodiments of the disclosure have been illustrated or described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that the blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
The terms "front," "back," "top," "bottom," "over," "under," and the like in the description and in the claims, if any, are used for descriptive purposes and not necessarily for describing permanent relative positions. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are, for example, capable of operation in other orientations than those illustrated or otherwise described herein.
As used herein, the word "exemplary" means "serving as an example, instance, or illustration," and not as a "model" that is to be replicated accurately. Any implementation exemplarily described herein is not necessarily to be construed as preferred or advantageous over other implementations. Furthermore, the disclosure is not limited by any expressed or implied theory presented in the preceding technical field, background, brief summary or the detailed description.
As used herein, the term "substantially" is intended to encompass any minor variation resulting from design or manufacturing imperfections, device or component tolerances, environmental influences, and/or other factors. The word "substantially" also allows for differences from a perfect or ideal situation due to parasitics, noise, and other practical considerations that may exist in a practical implementation.
In addition, the foregoing description may refer to elements or nodes or features being "connected" or "coupled" together. As used herein, unless expressly stated otherwise, "connected" means that one element/node/feature is directly connected to (or directly communicates with) another element/node/feature, either electrically, mechanically, logically, or otherwise. Similarly, unless expressly stated otherwise, "coupled" means that one element/node/feature may be mechanically, electrically, logically, or otherwise joined to another element/node/feature in a direct or indirect manner to allow for interaction, even though the two features may not be directly connected. That is, to "couple" is intended to include both direct and indirect joining of elements or other features, including connection with one or more intermediate elements.
In addition, "first," "second," and like terms may also be used herein for reference purposes only, and thus are not intended to be limiting. For example, the terms "first," "second," and other such numerical terms referring to structures or elements do not imply a sequence or order unless clearly indicated by the context.
It will be further understood that the terms "comprises/comprising," "includes" and/or "including," when used herein, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
In the present disclosure, the term "providing" is used broadly to encompass all ways of obtaining an object, and thus "providing an object" includes, but is not limited to, "purchasing," "preparing/manufacturing," "arranging/setting," "installing/assembling," and/or "ordering" the object, and the like.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. The various embodiments disclosed herein may be combined in any combination without departing from the spirit and scope of the present disclosure. It will also be appreciated by those skilled in the art that various modifications may be made to the embodiments without departing from the scope and spirit of the disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (20)
1. A terminal access method, characterized in that the method comprises:
the method comprises the steps that a preset network receives access request information from a visitor terminal, wherein the access request information comprises a visitor address of the visitor terminal and a line sign of a visited network where the visited terminal is located;
the preset network determines whether a preset access condition is met according to the access request information;
when the preset access condition is met, the preset network sends the visitor address to the visited network, so that the visited network configures access setting to allow the access of the visitor terminal; and
and the preset network sends the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
2. The method of claim 1, wherein the determining, by the predetermined network, whether a predetermined access condition is satisfied according to the access request information comprises:
judging whether the visitor address is in a preset access list or not;
determining that the preset access condition is satisfied when the guest address is in the preset access list;
determining that the preset access condition is not satisfied when the guest address is not in the preset access list.
3. The method of claim 1, wherein the determining, by the predetermined network, whether a predetermined access condition is satisfied according to the access request information comprises:
the preset network confirms whether the access is authorized to the owner of the visited network according to the access request information;
determining that the preset access condition is satisfied when the preset network receives a confirmation authorization access message from the owner;
and when the preset network does not receive the confirmed authorized access information from the owner or the preset network receives the refused authorized access information from the owner, determining that the preset access condition is not met.
4. The method of claim 1, further comprising:
and when the preset access condition is not met, the preset network feeds back access refusing information to the visitor terminal.
5. The method of claim 1, further comprising:
when the preset network receives access end information from the guest terminal, the preset network notifies the visited network to modify the access setting to deny access of the guest terminal.
6. The method of claim 1, wherein the predetermined network comprises a public network.
7. A network device for provisioning a network, the network device comprising a first processor configured to execute instructions to implement the steps of the terminal access method of any of claims 1 to 6.
8. A terminal access method, characterized in that the method comprises:
the method comprises the steps that a visitor terminal sends access request information to a preset network, wherein the access request information comprises a visitor address of the visitor terminal and a line mark of a visited network where the visited terminal is located;
when a preset access condition is met, the visitor terminal receives the visited address of the visited network from the preset network; and
and the visitor terminal establishes connection with the visited terminal according to the visited address.
9. The method of claim 8, further comprising:
and when the preset access condition is not met, the visitor terminal receives access refusing information from the preset network and outputs the access refusing information.
10. The method of claim 8, further comprising:
and when the access is finished, the visitor terminal disconnects the connection with the visited terminal and sends access finishing information to the preset network.
11. A guest terminal, characterized in that the guest terminal comprises a second processor configured to execute instructions to implement the steps of the terminal access method according to any of claims 8 to 10.
12. A terminal access method, characterized in that the method comprises:
when the preset access condition is met, the visited network where the visited terminal is located receives the visitor address of the visitor terminal from the preset network;
the visited network adds the guest address to an access white list.
13. The method of claim 12, further comprising:
when the visited network receives access ending information from the preset network, the visited network deletes the guest address from the access white list.
14. The method of claim 12, wherein the visited terminal comprises at least one of a monitoring device, a storage device, a smart lock device, and a smart home appliance.
15. A local area network device for a visited network in which a visited terminal is located, the local area network device comprising a third processor configured to execute instructions to implement the steps of the terminal access method as claimed in any one of claims 12 to 14.
16. A terminal access system, the system comprising:
a visitor terminal;
the preset network is connected with the visitor terminal through a network interface;
the visited network is connected with the preset network through a local area gateway; and
a visited terminal connected to the visited network;
wherein the pre-set network is configured to:
receiving access request information from the guest terminal, wherein the access request information includes a guest address of the guest terminal and a line flag of the visited network;
determining whether a preset access condition is met or not according to the access request information;
when the preset access condition is met, sending the visitor address to the visited network for the visited network to configure access setting to allow the access of the visitor terminal; and
and sending the visited address of the visited network to the visitor terminal so that the visitor terminal can establish connection with the visited terminal.
17. The system of claim 16, wherein the predetermined network is further configured to:
and when the preset access condition is not met, feeding back access refusing information to the visitor terminal.
18. The system of claim 16, wherein the predetermined network is further configured to:
when access end information is received from the guest terminal, notifying the visited network to modify the access setting to deny access of the guest terminal.
19. The system of claim 16, wherein the predetermined network comprises a public network; and/or
The visited terminal comprises at least one of monitoring equipment, storage equipment, intelligent lock equipment and intelligent household appliances.
20. A computer-readable storage medium, having stored thereon instructions which, when executed, implement the steps of the terminal access method of any one of claims 1 to 6, 8 to 10 and 12 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010130039.0A CN113328975A (en) | 2020-02-28 | 2020-02-28 | Terminal access method, terminal access system, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010130039.0A CN113328975A (en) | 2020-02-28 | 2020-02-28 | Terminal access method, terminal access system, and computer-readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113328975A true CN113328975A (en) | 2021-08-31 |
Family
ID=77413328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010130039.0A Pending CN113328975A (en) | 2020-02-28 | 2020-02-28 | Terminal access method, terminal access system, and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113328975A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102113292A (en) * | 2008-06-24 | 2011-06-29 | 法国电信 | Remote network access via a visited network |
| CN105429933A (en) * | 2014-09-19 | 2016-03-23 | 中国电信股份有限公司 | Access method of network equipment in local area network, access equipment and system |
| CN105553987A (en) * | 2015-12-21 | 2016-05-04 | 北京首信科技股份有限公司 | Control device for wireless VPDN (Virtual Private Dial-up Network) network user to access to specific public network site and method |
| CN106302782A (en) * | 2016-08-26 | 2017-01-04 | 维沃移动通信有限公司 | A kind of method for network access control and mobile terminal |
| US20180035290A1 (en) * | 2016-08-01 | 2018-02-01 | At&T Intellectual Property I, L.P. | Method and system to dynamically authenticate and grant access to non-trusted anonymous wi-fi |
| CN108574693A (en) * | 2018-04-17 | 2018-09-25 | 四川斐讯信息技术有限公司 | A kind of access management method and wireless router of wireless router |
| CN110290031A (en) * | 2019-06-12 | 2019-09-27 | 恒大智慧科技有限公司 | A kind of visitor's processing method, terminal and storage medium based on smart home |
| CN110430164A (en) * | 2019-07-01 | 2019-11-08 | 珠海格力电器股份有限公司 | A kind of IP Camera monitoring method, device, system and storage medium |
-
2020
- 2020-02-28 CN CN202010130039.0A patent/CN113328975A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102113292A (en) * | 2008-06-24 | 2011-06-29 | 法国电信 | Remote network access via a visited network |
| CN105429933A (en) * | 2014-09-19 | 2016-03-23 | 中国电信股份有限公司 | Access method of network equipment in local area network, access equipment and system |
| CN105553987A (en) * | 2015-12-21 | 2016-05-04 | 北京首信科技股份有限公司 | Control device for wireless VPDN (Virtual Private Dial-up Network) network user to access to specific public network site and method |
| US20180035290A1 (en) * | 2016-08-01 | 2018-02-01 | At&T Intellectual Property I, L.P. | Method and system to dynamically authenticate and grant access to non-trusted anonymous wi-fi |
| CN106302782A (en) * | 2016-08-26 | 2017-01-04 | 维沃移动通信有限公司 | A kind of method for network access control and mobile terminal |
| CN108574693A (en) * | 2018-04-17 | 2018-09-25 | 四川斐讯信息技术有限公司 | A kind of access management method and wireless router of wireless router |
| CN110290031A (en) * | 2019-06-12 | 2019-09-27 | 恒大智慧科技有限公司 | A kind of visitor's processing method, terminal and storage medium based on smart home |
| CN110430164A (en) * | 2019-07-01 | 2019-11-08 | 珠海格力电器股份有限公司 | A kind of IP Camera monitoring method, device, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6970080B2 (en) | How to control access to an in-vehicle wireless network | |
| US9401901B2 (en) | Self-configuring wireless network | |
| CN107223326B (en) | Network access authority management method and related equipment | |
| EP2053779B1 (en) | A system and method for authenticating the accessing request for the home network | |
| JP5579938B2 (en) | Authentication of access terminal identification information in roaming networks | |
| US9197639B2 (en) | Method for sharing data of device in M2M communication and system therefor | |
| US20140247941A1 (en) | Self-configuring wireless network | |
| CN104717225B (en) | A kind of things-internet gateway access authentication method and system | |
| KR20160067776A (en) | A method of provisioning a subscriber profile for a secure module | |
| CN104053148A (en) | Configuring Secure Wireless Networks | |
| CN104767715A (en) | Network access control method and equipment | |
| US9853980B2 (en) | Technique for configuring secured access to a host network for an invited terminal | |
| EP3972306B1 (en) | Information verification method and related device | |
| CN114553592B (en) | Method, equipment and storage medium for equipment identity verification | |
| CN104581722A (en) | Network connection method and device based on WPS (Wireless Fidelity Protected Setup) | |
| CN105516974A (en) | Router connection method, terminal and router | |
| CN114245403B (en) | Equipment network distribution method and device, electronic equipment and storage medium | |
| US20210243188A1 (en) | Methods and apparatus for authenticating devices | |
| EP2741465A1 (en) | Method and device for managing secure communications in dynamic network environments | |
| CN106102066A (en) | A kind of wireless network secure certification devices and methods therefor, a kind of router | |
| CN103973637A (en) | Method for configuring permission, agent equipment and server | |
| CN106789843B (en) | Method, PORTAL server and system for sharing internet access | |
| CN113328975A (en) | Terminal access method, terminal access system, and computer-readable storage medium | |
| EP2891299B1 (en) | Systems and methods for efficient remote security panel configuration and management | |
| CN104581723A (en) | Application method and device for networking information data of client equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |