CN113645054A

CN113645054A - Wireless network equipment configuration method and system

Info

Publication number: CN113645054A
Application number: CN202110520516.9A
Authority: CN
Inventors: 曾庆初; 杨沙; 杨显湖; 高华辰
Original assignee: Yichen Shenzhen Technology Co ltd
Current assignee: Yichen Shenzhen Technology Co ltd
Priority date: 2021-05-13
Filing date: 2021-05-13
Publication date: 2021-11-12
Anticipated expiration: 2041-05-13
Also published as: CN113645054B

Abstract

The application provides a wireless network equipment configuration method and a system, wherein the method comprises the following steps: the first mobile terminal obtains a first WiFi name, a first WiFi password, a first management address and a first management account password which are prestored by the wireless network equipment by scanning the first identification code on the wireless network equipment, and accesses a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password; the method comprises the steps that a first mobile terminal obtains network configuration information set by a user and sends a configuration request carrying a first management account password and the network configuration information to a first management address; and the wireless network equipment applies the network configuration information after the configuration request is verified according to the first management account password. Therefore, the mobile terminal scans the identification code arranged on the wireless network equipment, so that the mobile terminal automatically completes actions of WiFi access, network configuration and the like of the wireless network equipment, a large amount of complex manual operations are not required for a user, the configuration efficiency of the wireless network equipment can be improved, and the possibility of configuration errors is reduced.

Description

Wireless network equipment configuration method and system

Technical Field

The present application relates to the field of network device technologies, and in particular, to a method and a system for configuring a wireless network device.

Background

With the popularization and development of network information technology, broadband networks are more and more widely covered, and the use of wireless network equipment for accessing broadband is a very common terminal equipment internet access form at present. Before a wireless network device is used to access a broadband network, a series of configurations, such as a WiFi name, a WiFi password, a device management account, a device management password, a dial-up account, a dial-up password, etc., are generally required for the wireless network device.

In a conventional wireless network device configuration method, a terminal device is generally required to access a wireless network device in a wired or wireless manner, then a wireless network device management page is opened according to a management address, and then a series of configurations are performed on the management page. The operation action for completing one configuration operation is complex, the operation chain is long, the operation process is not friendly to non-professional ordinary users, and the configuration efficiency of even professional network maintenance personnel is low.

Disclosure of Invention

In order to overcome the above-mentioned deficiencies in the prior art, the present application aims to provide a wireless network device configuration method, comprising:

the method comprises the steps that a first mobile terminal obtains a first WiFi name, a first WiFi password, a first management address and a first management account password which are prestored by wireless network equipment through scanning a first identification code on the wireless network equipment;

the first mobile terminal accesses a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password;

the first mobile terminal responds to user operation and acquires network configuration information set by a user, wherein the network configuration information comprises an updated second WiFi name, a second WiFi password, a second management address or a second management account password;

the first mobile terminal sends a configuration request carrying the first management account password and the network configuration information to the first management address;

and the wireless network equipment verifies the configuration request according to the pre-stored first management account password and applies the network configuration information after the verification is passed.

In a possible implementation manner, the step of obtaining, by the first mobile terminal, an initial first WiFi name, a first WiFi password, a first management address, and a first management account password of the wireless network device by scanning a first identification code on the wireless network device includes:

the first mobile terminal obtains the identity of the wireless network equipment by scanning the first identification code on the wireless network equipment;

the first mobile terminal sends a login information acquisition request to a server, wherein the login information acquisition request carries the identity of the wireless network equipment;

the server searches the first WiFi name, the first WiFi password, the first management address and the first management account password corresponding to the wireless network equipment according to the identity of the wireless network equipment in the received login information acquisition request and sends the first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal.

In one possible implementation, the method further includes:

the server records the corresponding relation between the identity of the user who buys the wireless network equipment and the identity of the wireless network equipment in advance;

the step that the first mobile terminal sends a login information acquisition request to a server comprises the following steps:

the first mobile terminal sends a login information acquisition request carrying an identity of a user logged in the first mobile terminal and an identity of the wireless network equipment to a server;

the server searches for an initial first WiFi name, a first WiFi password, a first management address and a first management account password of the wireless network equipment according to the identity of the wireless network equipment in the received login information acquisition request and sends the initial first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal, and the steps comprise:

the server verifies whether the identity of the user in the login information acquisition request is consistent with the identity of the wireless network equipment or not according to the pre-stored corresponding relation;

if the identity identification of the wireless network equipment is matched with the identity identification of the wireless network equipment, searching a first WiFi name, a first WiFi password, a first management address and a first management account password corresponding to the identity identification of the wireless network equipment, and sending the first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal.

In one possible implementation, the method further includes:

the first mobile terminal acquires a communication identifier, network service time and a speed limit strategy of a second mobile terminal;

the first mobile terminal encrypts a communication identifier of the second mobile terminal, the network service time and the speed limit strategy according to the second management account password to obtain encrypted information;

the first mobile terminal generates a second identification code according to the encryption information and a second management address of the wireless network equipment;

the second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends networking configuration information carrying the encrypted information to the second management address;

the wireless network equipment decrypts the encrypted information in the received networking configuration information according to the second management account password to obtain a communication identifier of the second mobile terminal, the network service time and the speed limit strategy;

and the wireless network equipment adds the second mobile terminal into a white list allowing internet surfing according to the communication identifier of the second mobile terminal, and limits the internet surfing time and speed of the second mobile terminal according to the network service time and the speed limit strategy.

In a possible implementation manner, the step of encrypting, by the first mobile terminal, the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain encrypted information includes:

the first mobile terminal acquires the current time as authorization time;

the first mobile terminal encrypts the authorization time, the communication identifier of the second mobile terminal, the network use time and the speed limit strategy by using the second management account password to obtain the encrypted information;

the wireless network equipment decrypts the received encrypted information according to the second management account password to obtain the communication identifier of the second mobile terminal, the network service time and the speed limit strategy, and the steps comprise:

the wireless network equipment decrypts the encrypted information in the networking configuration information received this time according to the second management account password to obtain the communication identifier of the second mobile terminal, the network use time, the speed limit strategy and the authorization time;

the wireless network equipment detects whether historical networking configuration information which is the same as the authorization time of the networking configuration information received this time is received;

if so, not processing the current networking configuration information;

if not, recording the received networking configuration information as historical networking configuration information, then adding the second mobile terminal into a white list allowing to surf the internet, and limiting the internet surfing time and speed of the second mobile terminal according to the network use time and the speed limiting strategy.

In a possible implementation manner, before the step of acquiring, by the first mobile terminal, the communication identifier, the network usage time, and the speed limit policy of the second mobile terminal, the method further includes:

the second mobile terminal obtains the identity of the wireless network equipment and the address of the server by scanning the first identification code arranged on the wireless network equipment;

and the second mobile terminal sends networking application information to the wireless network equipment according to the address of the server, wherein the networking application information comprises a communication identifier of the second mobile terminal and an identity identifier of the wireless network equipment.

And the server searches a first mobile terminal with management authority to the wireless network equipment according to the identity of the wireless network equipment and sends the networking application information to the first mobile terminal.

In a possible implementation manner, the step of the second mobile terminal obtaining the second management address and the encrypted information by scanning the second identification code, and sending networking configuration information carrying the encrypted information to the second management address includes:

the first mobile terminal generates a second identification code according to the encryption information, a second WiFi name of the wireless network equipment, a second WiFi password and a second management address;

the step of obtaining the second management address and the encryption information by the second mobile terminal by scanning the second identification code includes:

the second mobile terminal obtains the second WiFi name, the second WiFi password, the second management address and the encryption information by scanning the second identification code;

and the second mobile terminal accesses a wireless local area network provided by the wireless network equipment according to the second WiFi name and the second WiFi password, and sends networking configuration information carrying the encrypted information to the second management address through the wireless local area network.

In one possible implementation, the wireless network device is further communicatively connected to a network security server, and the method further includes:

when receiving an unknown information access request for updating the current network configuration information, the wireless network equipment intercepts the unknown information access request when the unknown information access request is not matched with a white list member in a trust white list, and sends the access configuration information in the unknown information access request to the network security server while intercepting the unknown information access request;

the network security server acquires a historical network event set corresponding to each access configuration attribute in the access configuration information, updates a routing security protection strategy of the wireless network equipment on the network security server based on a preset updating strategy of a target network attack event after the target network attack event related to a routing operation environment of the wireless network equipment is found in the historical network event set, and simulates network security attack event information in a virtual security protection environment of the wireless network equipment based on the updated routing security protection strategy;

acquiring response interception behavior objects of a plurality of response interception behaviors in the virtual security protection environment of the wireless network equipment for responding to the network security attack event information, and acquiring a plurality of historical interception extension tracking behaviors related to the plurality of response interception behaviors, wherein any historical interception extension tracking behavior comprises an extension tracking object and an extension tracking path set;

determining a response interception behavior to which each history interception extended tracking behavior belongs according to an extended tracking object of each history interception extended tracking behavior and a plurality of response interception behavior objects of the response interception behaviors;

clustering the plurality of history interception extended tracking behaviors according to an extended tracking path set of each history interception extended tracking behavior and the response interception behavior to which each history interception extended tracking behavior belongs to obtain the response interception behaviors to which the plurality of history interception extended tracking behavior clusters belong respectively;

determining a response interception behavior to which each extended tracking behavior belongs in a plurality of history interception extended tracking behaviors according to response interception behaviors to which a plurality of history interception extended tracking behavior clusters belong respectively, establishing an association relationship between each extended tracking behavior and the response interception behavior to which each extended tracking behavior belongs, and performing extended updating on the routing security protection strategy based on the established association relationship information so as to send the extended and updated routing security protection strategy to the wireless network equipment for automatic response configuration.

The application also provides a wireless network equipment configuration system, which comprises a first mobile terminal and wireless network equipment;

the first mobile terminal is used for scanning a first identification code on wireless network equipment to obtain a first WiFi name, a first WiFi password, a first management address and a first management account password which are prestored by the wireless network equipment;

the first mobile terminal is also used for accessing a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password;

the first mobile terminal is further used for responding to user operation and acquiring network configuration information set by a user, wherein the network configuration information comprises an updated second WiFi name, a second WiFi password, a second management address and a second management account password;

the first mobile terminal is further configured to send a configuration request carrying the first management account password and the network configuration information to the first management address;

the wireless network equipment is used for verifying the configuration request according to the prestored first management account password and replacing the first WiFi name, the first WiFi password, the first management address and the first management account password with the second WiFi name, the second WiFi password, the second management address and the second management account password after the configuration request is verified.

In one possible implementation, the system further includes a second mobile terminal;

the first mobile terminal is also used for acquiring a communication identifier, network service time and a speed limit strategy of the second mobile terminal;

the first mobile terminal is further used for encrypting the communication identifier of the second mobile terminal, the network service time and the speed limit strategy according to the second management account password to obtain encrypted information;

the first mobile terminal is further used for generating a second identification code according to the encryption information and a second management address of the wireless network equipment;

the second mobile terminal is used for scanning the second identification code to obtain the second management address and the encrypted information and sending networking configuration information carrying the encrypted information to the second management address;

the wireless network equipment is further used for decrypting the encrypted information in the received networking configuration information according to the second management account password to obtain a communication identifier of the second mobile terminal, the network service time and the speed limit strategy;

the wireless network equipment is also used for adding the second mobile terminal into a white list allowing internet surfing according to the communication identification of the second mobile terminal and limiting the internet surfing time and speed of the second mobile terminal according to the network service time and the speed limit strategy.

Compared with the prior art, the method has the following beneficial effects:

according to the wireless network equipment configuration method and system, the mobile terminal scans the identification code arranged on the wireless network equipment, so that the mobile terminal automatically completes actions of WiFi access, network configuration and the like of the wireless network equipment, and a large amount of complex manual operations are not required to be performed by a user, so that the wireless network equipment configuration efficiency can be improved, and the possibility of configuration errors is reduced.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.

Fig. 1 is a schematic diagram of a wireless network device configuration system according to an embodiment of the present application;

fig. 2 is a schematic diagram of a wireless network device configuration method according to an embodiment of the present application;

fig. 3 is a second schematic diagram of a wireless network device configuration system according to an embodiment of the present application;

fig. 4 is a second schematic diagram of a wireless network device configuration method according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

In the description of the present application, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.

In the description of the present application, it is further noted that, unless expressly stated or limited otherwise, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.

Referring to fig. 1, fig. 1 is a schematic diagram of a wireless network device configuration system according to the present embodiment, which may include a first mobile terminal 200 and a wireless network device 100 used by a user.

The first mobile terminal 200 may be a mobile terminal having a Wireless Local Area Network (WLAN) communication function. The first mobile terminal 200 may further have an image acquisition module that may be used to scan an identification code (e.g., a two-dimensional code, a barcode, etc.). For example, the first mobile terminal 200 may be a smart phone, a tablet computer, a notebook computer with code scanning function, a personal computer, or the like. The wireless network device 100 may be a WLAN enabled wireless network device 100.

In the above scenario, the present embodiment further provides a method for configuring a wireless network device, please refer to fig. 2, and each step of the method is explained in detail below.

Step 110, the first mobile terminal scans a first identification code on the wireless network device to obtain a first WiFi name, a first WiFi password, a first management address and a first management account password, which are pre-stored by the wireless network device.

In this embodiment, before selling the wireless network device, the merchant selling the wireless network device may paste a first identification code (e.g., a two-dimensional code, a barcode, etc.) associated with the wireless network device on the wireless network device.

In a possible implementation manner, the first identification code may carry a first WiFi name, a first WiFi password, a first management address, and a first management account password, which are pre-stored (i.e., initial) in the wireless network device. The user who purchases the wireless network equipment can scan the first identification code on the wireless network equipment through the first mobile terminal of the user, so that the first WiFi name, the first WiFi password, the first management address and the first management account password are obtained through analysis.

For example, identifying the obtained information from the first identification code may be as follows:

ssid1=test1&wifipwd=abcd1234&username=user&userpwd=ccabcd&ip=192.168.10.1&productname=xxx&mac=aabbccdd1122&vendor=ysz&model=wifi&date=2021.2.20

the "&" is used for field segmentation, the ssid field is the first WiFi name, the wifipwd field is the first WiFi password, the username field and the userppwd field are the first management account password, and the ip field is the first management address. Other fields may be used to record information including vendor name, wireless network device MAC address, wireless network device mode, time, etc.

In another possible implementation manner, a merchant selling the wireless network devices may record, before selling the wireless network devices, an initial first WiFi name, a first WiFi password, a first management address, and a correspondence between a first management account password and an identity of the wireless network device of each wireless network device. The identity may be the wireless network device serial number, a unique device identifier, a MAC address, etc.

The first identification code may carry an identity of the wireless network device and a server address of a merchant that sells the wireless network device. The user who purchases the wireless network equipment can scan the first identification code on the wireless network equipment through the first mobile terminal, and therefore a login information acquisition request carrying the identification code of the wireless network equipment is sent to the server. The server searches the first WiFi name, the first WiFi password, the first management address and the first management account password corresponding to the wireless network equipment according to the identity of the wireless network equipment in the received login information acquisition request and sends the first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal.

Further, in order to avoid that an illegal user maliciously obtains the wireless network device information pre-stored by the server, in this embodiment, the server may pre-record a correspondence between the identity of the user who purchases the wireless network device and the identity of the wireless network device.

When the first mobile terminal sends a login information acquisition request to the server, the first mobile terminal may send a login information acquisition request to the server, where the login information acquisition request carries the identity of the user who logs in the first mobile terminal and the identity of the wireless network device.

Then, the server verifies whether the identity of the user in the login information acquisition request is consistent with the identity of the wireless network equipment according to the pre-stored corresponding relation; if the identity identification of the wireless network equipment is matched with the identity identification of the wireless network equipment, searching a first WiFi name, a first WiFi password, a first management address and a first management account password corresponding to the identity identification of the wireless network equipment, and sending the first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal.

After the first mobile terminal acquires the first WiFi name, the first WiFi password, the first management address and the first management account password and sends the first WiFi name, the first WiFi password, the first management address and the first management account password to the first mobile terminal, step S120 may be executed.

And step S120, the first mobile terminal accesses a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password.

In this embodiment, when the wireless network device is powered on for the first time, the wireless local area network device provides a wireless local area network according to a first WiFi name and a first WiFi password that are pre-stored. The first mobile terminal may access the wireless local area network provided by the wireless network device after obtaining the first WiFi name and the first WiFi password in step S110.

It can be understood that after the first mobile terminal accesses the wireless local area network provided by the wireless network device, the first mobile terminal and the wireless network device are in the same local area network, so that information interaction can be performed with the wireless network device in a local area network communication manner.

Step S130, the first mobile terminal responds to the user operation, and acquires network configuration information set by the user, where the network configuration information includes an updated second WiFi name, a second WiFi password, a second management address, or a second management account password.

In an implementation manner of this embodiment, after accessing the wireless WiFi provided by the wireless network device, the first mobile terminal may initiate a management connection to the first management address through the first management account password, and obtain current configuration information of the wireless network device.

Then, the first mobile terminal may provide an operation interface, and may display current configuration information of the wireless network device on the operation interface. The user can set a new second WiFi name, a second WiFi password, a second management address, a second management account password and the like on the operation interface according to the needs of the user.

The first mobile terminal can respond to the configuration operation of the user on the operation interface, and acquire a second WiFi name, a second WiFi password, a second management address and a second management account password which are set by the user as network configuration information.

Optionally, in a scenario where the wireless network device needs to initiate dial-up networking (e.g., PPPoE dial-up networking), the user may further set a dial-up PPPoE account password of the wireless network device on the operation interface. The network configuration information may include a PPPoE account password.

Step S140, the first mobile terminal sends a configuration request carrying the first management account password and the network configuration information to the first management address.

In a possible implementation manner, the first mobile terminal may splice an http Post request for accessing the first management address according to the first management address, the first management account password, and the network configuration information.

For example, taking the example that the network configuration information includes the PPPoE account password, the second WiFi name, and the second WiFi password, the configuration request may be in the following form:

http://192.168.10.1/itms/username=xxxx&userpwd=xxxx&PPPOEuser=xxx&PPPOEpassword=xxx&SSID=test-2&WiFiPassword=12345678

the username field and userpwd are the first management account password, the PPPOEuser field and PPPOEpassword field are the PPPoE account password, the SSID field is the second WiFi name, and the WiFi password field is the second WiFi password.

Step S150, the wireless network device verifies the configuration request according to the pre-stored first management account password, and applies the network configuration information after the verification is passed.

In this embodiment, after receiving the configuration request, the wireless network device may verify whether a first management account password pre-stored by the wireless network device matches the first management account password carried in the configuration request. And if the network configuration information is matched with the preset network configuration information, the network configuration information is applied, namely, the network configuration newly set by the user is used for replacing the initial network configuration prestored in the wireless network equipment.

If the network configuration information comprises a PPPoE account password, the wireless network equipment uses the PPPoE account password to dial for surfing the internet after passing the verification, and sends a dialing state to the first mobile terminal.

Based on the above design, in the configuration method for the wireless network device provided in this embodiment, the mobile terminal scans the identification code set on the wireless network device, so that the mobile terminal automatically completes actions of WiFi access, network configuration, and the like of the wireless network device, and a large amount of complicated manual operations are not required to be performed by a user, thereby improving the configuration efficiency of the wireless network device and reducing the possibility of configuration errors.

Generally, the wireless network device also has functions of limiting whether a certain mobile terminal can access the network, limiting the internet access time, limiting the internet speed in a limited time, and the like. These configuration operations also require the user to establish a management connection with the wireless network device through the terminal device and then configure the wireless network device.

In some scenarios, a user having administrative privileges with a wireless network device may be temporarily unable to establish an administrative connection with the wireless network device, but other users may need to apply for privileges to access the wireless network device.

For example, referring to fig. 3, the wireless network device configuration system may further include a second mobile terminal 300. The first mobile terminal 200 is a mobile terminal of a user having a management right to the wireless network device 100, the first mobile terminal 200 may not be able to establish management communication with the wireless network device 100 at present (for example, the wireless network device 100 is an intranet wireless network device, and the first mobile terminal 200 is located in an extranet at this time), and the second mobile terminal 300 may be a terminal that needs to access the wireless network device 100.

In a possible implementation manner of this embodiment, the second mobile terminal can obtain the right to access the wireless network device to surf the internet through steps S210 to S250 without requiring excessive configuration by the user. Referring to fig. 4, the following explains step S210 to step S260 in detail.

And step S210, the first mobile terminal acquires the communication identifier, the network service time and the speed limit strategy of the second mobile terminal.

In this embodiment, the communication identifier of the second mobile terminal may include a MAC address of the second mobile terminal, the network usage time may include a usage duration, and the speed limit policy may include a highest download speed and a highest upload speed.

In a possible implementation manner, the second mobile terminal may obtain the identity of the wireless network device and the address of the server by scanning the first identification code set on the wireless network device.

And then the second mobile terminal sends networking application information to the wireless network equipment according to the address of the server, wherein the networking application information comprises the communication identifier of the second mobile terminal and the identity identifier of the wireless network equipment.

The server can search a first mobile terminal having management authority for the wireless network equipment according to the identity of the wireless network equipment, and send the networking application information to the first mobile terminal.

In this way, the first mobile terminal can obtain the communication identifier of the second mobile terminal.

Further, after receiving the networking application information, the first mobile terminal may display an operation interface, and a user may configure and select the network usage time and the speed limit policy on the operation interface.

Step S220, the first mobile terminal encrypts the communication identifier of the second mobile terminal, the network service time and the speed limit strategy according to the second management account password to obtain encrypted information.

In this embodiment, in order to avoid a malicious terminal device from configuring the wireless network device, the first terminal may encrypt the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy using the second management account password.

Step S230, the first mobile terminal generates a second identification code according to the encrypted information and the second management address of the wireless network device.

In this embodiment, the second identification code may be sent to the second mobile terminal by the first mobile terminal, or sent to a user using the second mobile terminal by using the other method.

Step S240, the second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends networking configuration information carrying the encrypted information to the second management address.

In this embodiment, the second mobile terminal may send the encrypted information to the wireless network device according to the second management address after establishing a network connection with the wireless network device.

In a possible implementation manner, in step S230, the first mobile terminal may generate the second identification code according to the encryption information, the second WiFi name of the wireless network device, the second WiFi password, and the second management address.

Then, in step S240, the second mobile terminal may obtain the second WiFi name, the second WiFi password, the second management address, and the encryption information by scanning the second identification code. Then, the second mobile terminal can access a wireless local area network provided by the wireless network device according to the second WiFi name and the second WiFi password, and send networking configuration information carrying the encryption information to the second management address through the wireless local area network.

Therefore, a user using the second mobile terminal can automatically access the WiFi provided by the wireless network equipment without acquiring the second WiFi name and the second WiFi password of the wireless network equipment in advance and manually selecting the WiFi without sending the networking configuration information.

It can be understood that, at this time, although the second mobile terminal may access the wireless local area network provided by the wireless network device, the second mobile terminal may not be able to surf the internet through the wireless network device, but may surf the internet through the wireless network device after the subsequent processing step of the wireless network device.

And step S250, the wireless network equipment decrypts the encrypted information in the received networking configuration information according to the second management account password to obtain the communication identifier of the second mobile terminal, the network service time and the speed limit strategy.

In this embodiment, the wireless network device may decrypt the encrypted information according to a pre-stored second management account password, and if the decryption is successful, it indicates that the networking configuration information really comes from the first mobile terminal having a management right for the wireless network device, and the wireless network device obtains and decrypts the obtained communication identifier of the second mobile terminal, the network usage time, and the speed limit policy.

Step S260, the wireless network device adds the second mobile terminal to a white list allowing internet access according to the communication identifier of the second mobile terminal, and limits the internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

For example, the wireless network device may add the MAC address of the second mobile terminal to a whitelist of allowed access, and then set a network usage time setting and a speed limit setting associated with the MAC address. After the setting, the wireless network device can release the internet traffic of the second mobile terminal.

Based on the above design, the configuration method for a wireless network device provided in this embodiment can enable a second mobile terminal to initiate information interaction with a first mobile terminal through a scanning action of the second mobile terminal that needs to access the wireless network device when the first mobile terminal having the management authority to the wireless network device cannot directly communicate with the wireless network device, thereby automatically configuring the wireless network device and enabling the second mobile terminal to obtain the authority to surf the internet through the wireless network device. The information transmission and the data configuration in the whole process do not need a user to perform complicated manual operation, so that the configuration efficiency of the wireless network equipment is greatly improved, and the possibility of configuration errors is reduced.

Further, in order to avoid that the second mobile terminal repeatedly uses the same networking configuration information to obtain an extended internet access time, in some possible implementations, the first mobile terminal may set a certain unique identifier in the encrypted information.

For example, in step S230, the first mobile terminal may obtain current time as authorization time, and then encrypt the authorization time, the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain the encrypted information.

In step S260, the wireless network device may decrypt the encrypted information in the networking configuration information received this time according to the second management account password, so as to obtain the communication identifier of the second mobile terminal, the network usage time, the speed limit policy, and the authorization time.

Then, the wireless network device detects whether historical networking configuration information which is the same as the authorization time of the networking configuration information received this time is received.

If the historical networking configuration information which is the same as the authorization time of the networking configuration information received this time is received, it indicates that the networking configuration information received this time is sent by the second mobile terminal, that is, the second mobile terminal may repeatedly use the same networking configuration information to obtain the extended internet surfing time, so the wireless network device does not process the networking configuration information this time.

If the historical networking configuration information which is the same as the authorization time of the networking configuration information received this time is not received, the networking configuration information received this time is new, the wireless network equipment can record the networking configuration information received this time as the historical networking configuration information, then the step of adding the second mobile terminal into a white list allowing to surf the internet and limiting the networking time and speed of the second mobile terminal according to the network use time and the speed limit strategy is executed.

Based on the above design, the configuration method for the wireless network device provided in this embodiment can execute the update of the network security policy of the wireless network device at the cloud, and perform extended update in combination with the simulation behavior and the historical behavior in the update process, so as to improve the network security of the subsequent wireless network device.

Optionally, when the obtaining of the plurality of historical interception extension tracking behaviors related to the plurality of response interception behaviors is performed, an original interception extension tracking behavior set may be obtained, where any original interception extension tracking behavior in the original interception extension tracking behavior set includes an extension tracking object and an extension tracking path set; and then determining an original interception extension tracking behavior matched with at least one response interception behavior object in a plurality of response interception behavior objects from the original interception extension tracking behavior set, and taking the matched plurality of original interception extension tracking behaviors as a plurality of historical interception extension tracking behaviors related to the plurality of response interception behaviors.

Optionally, the response interception behavior object includes a response interception behavior category and a response interception behavior coverage area. When an original interception extension tracking behavior matched with at least one response interception behavior object in a plurality of response interception behavior objects is determined from the original interception extension tracking behavior set, if an extension tracking object in the original interception extension tracking behavior is matched with a target response interception behavior class, determining that the original interception extension tracking behavior is the original interception extension tracking behavior matched with the response interception behavior object corresponding to the target response interception behavior class, and the target response interception behavior class belongs to a plurality of response interception behavior classes.

Optionally, when any history interception extended tracking behavior is executed, and a response interception behavior object corresponding to any history interception extended tracking behavior is determined according to an extended tracking object corresponding to any history interception extended tracking behavior and a plurality of response interception behavior objects corresponding to a plurality of response interception behaviors, a target response interception behavior object matched with an extended tracking object in any history interception extended tracking behavior is determined from the plurality of response interception behavior objects; and then taking the response interception behavior corresponding to the target response interception behavior object as the response interception behavior to which any history interception extension tracking behavior belongs.

Optionally, when the extended trace path set according to each history interception extended trace behavior and the response interception behavior to which each history interception extended trace behavior belongs are executed, the plurality of history interception extended trace behaviors are clustered to obtain response interception behaviors to which the plurality of history interception extended trace behavior clusters respectively belong, a first preset cluster number may be obtained, and the plurality of history interception extended trace behaviors are divided into a plurality of original interception extended trace behavior libraries according to the extended trace path set according to each history interception extended trace behavior and the first preset cluster number. And then determining a plurality of historical interception extension tracking behavior clusters and the response interception behavior of each historical interception extension tracking behavior cluster according to the response interception behavior of the historical interception extension tracking behavior in each original interception extension tracking behavior library.

When a plurality of history interception extension tracking behavior clusters and a response interception behavior to which each history interception extension tracking behavior cluster belongs are determined according to a response interception behavior to which the history interception extension tracking behavior in each original interception extension tracking behavior library belongs, the number of first behaviors of the history interception extension tracking behaviors contained in the original interception extension tracking behavior library can be counted, then the original interception extension tracking behavior library is divided into a plurality of unit original interception extension tracking behavior libraries, and the history interception extension tracking behaviors in any unit original request cluster belong to the same response interception behavior. And then acquiring a target unit original interception extension tracking behavior library containing the largest historical interception extension tracking behavior from the multiple unit original interception extension tracking behavior libraries, and counting the second behavior quantity of the historical interception extension tracking behavior contained in the target unit original interception extension tracking behavior library.

And if the ratio of the first behavior quantity to the second behavior quantity is not less than the preset response interception behavior ratio, determining the original interception extended tracking behavior library as a historical interception extended tracking behavior cluster, and taking the response interception behavior corresponding to the original interception extended tracking behavior library of the target unit as the response interception behavior to which the historical interception extended tracking behavior cluster belongs.

And if the ratio of the first behavior quantity to the second behavior quantity is smaller than the preset response interception behavior ratio, adjusting the first preset clustering quantity to obtain a second preset clustering quantity.

And then, according to the second preset clustering quantity, clustering the historical interception extension tracking behaviors in the original interception extension tracking behavior library again to obtain a historical interception extension tracking behavior cluster and response interception behaviors to which the historical interception extension tracking behavior cluster belongs.

In one possible implementation, the plurality of history interception extension tracking behaviors includes a first history interception extension tracking behavior and a second history interception extension tracking behavior. When a plurality of history interception extended tracking behaviors are divided into a plurality of original interception extended tracking behavior libraries according to an extended tracking path set of each history interception extended tracking behavior and the first preset clustering quantity, counting the number of extended tracking behavior linkage of the first history interception extended tracking behavior and the second history interception extended tracking behavior; acquiring the maximum number of the extended tracking behaviors from the first historical interception extended tracking behavior and the second historical interception extended tracking behavior; if the ratio of the linkage quantity of the extended tracking behaviors to the maximum extended tracking behavior quantity is larger than the first preset clustering quantity, combining the first historical interception extended tracking behavior and the second historical interception extended tracking behavior into an original interception extended tracking behavior library; or

In another possible implementation, the plurality of history interception extension tracking behaviors includes a first history interception extension tracking behavior and a second history interception extension tracking behavior. When the extended tracking path set according to each history interception extended tracking behavior and the first preset clustering quantity are executed, and a plurality of history interception extended tracking behaviors are divided into a plurality of original interception extended tracking behavior libraries, counting the number of extended tracking behavior linkage of the first history interception extended tracking behavior and the second history interception extended tracking behavior; counting the total quantity of the extended tracking behaviors of the first history interception extended tracking behavior and the second history interception extended tracking behavior; if the ratio of the linkage quantity of the extended tracking behaviors to the total quantity of the extended tracking behaviors is larger than the first preset clustering quantity, combining the first history interception extended tracking behavior and the second history interception extended tracking behavior into an original interception extended tracking behavior library; or

In another possible implementation manner, the plurality of history interception extension tracking behaviors include a first history interception extension tracking behavior and a second history interception extension tracking behavior, and both the first history interception extension tracking behavior and the second history interception extension tracking behavior further include a behavior engagement degree of the extension tracking behavior. When an extended tracking path set according to each history interception extended tracking behavior and the first preset clustering number are executed, and a plurality of history interception extended tracking behaviors are divided into a plurality of original interception extended tracking behavior libraries, acquiring a common extended tracking behavior of the first history interception extended tracking behavior and the second history interception extended tracking behavior; determining a behavior participation degree weight according to a difference value between the behavior participation degree of the common extended tracking behavior in the first history interception extended tracking behavior and the behavior participation degree of the common extended tracking behavior in the second history interception extended tracking behavior; and if the behavior participation weight is smaller than the first preset clustering number, combining the first historical interception extension tracking behavior and the second historical interception extension tracking behavior into an original interception extension tracking behavior library.

Optionally, when determining a response interception behavior to which each of the plurality of history interception extended tracking behaviors belongs according to response interception behaviors to which the plurality of history interception extended tracking behaviors belong respectively, while executing any one of the plurality of history interception extended tracking behaviors, counting an extended tracking frequency of the any one extended tracking behavior at each response interception behavior and a total extended tracking frequency of the any one extended tracking behavior at all response interception behaviors according to response interception behaviors to which the plurality of history interception extended tracking behaviors belong respectively; and if the ratio of the maximum extended tracking times to the total extended tracking times in the plurality of extended tracking times is greater than a preset ratio, taking the response interception behavior corresponding to the maximum extended tracking times as the response interception behavior to which any extended tracking behavior belongs.

Optionally, when the routing security protection policy is updated in an extended manner based on the established association relationship information, so as to send the updated routing security protection policy to the wireless network device for automatic response configuration, a policy rule set corresponding to each extended tracking action may be searched according to each extended tracking action in the established association relationship information and a response interception action to which each extended tracking action belongs, and after a corresponding rule to be updated is obtained from the policy rule set according to the response interception action to which each extended tracking action belongs, the routing security protection policy is updated based on the rule to be updated, so as to send the updated routing security protection policy to the wireless network device for automatic response configuration.

The embodiment also provides a wireless network device configuration system, which comprises a first mobile terminal and a wireless network device.

The first mobile terminal is used for scanning a first identification code on wireless network equipment to obtain a first WiFi name, a first WiFi password, a first management address and a first management account password which are prestored by the wireless network equipment; accessing a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password; responding to user operation, and acquiring network configuration information set by a user, wherein the network configuration information comprises an updated second WiFi name, a second WiFi password, a second management address or a second management account password; and sending a configuration request carrying the first management account password and the network configuration information to the first management address.

The wireless network equipment is used for verifying the configuration request according to the pre-stored first management account password and applying the network configuration information after the verification is passed.

In some possible implementations, the system further includes a second mobile terminal.

The first mobile terminal is also used for acquiring a communication identifier, network service time and a speed limit strategy of the second mobile terminal; encrypting the communication identifier of the second mobile terminal, the network service time and the speed limit strategy according to the second management account password to obtain encrypted information; generating a second identification code according to the encryption information and a second management address of the wireless network equipment;

the wireless network equipment is further used for decrypting the encrypted information in the received networking configuration information according to the second management account password to obtain a communication identifier of the second mobile terminal, the network service time and the speed limit strategy; and adding the second mobile terminal into a white list allowing internet surfing according to the communication identifier of the second mobile terminal, and limiting the internet surfing time and speed of the second mobile terminal according to the network service time and the speed limit strategy.

In some possible implementations, the first mobile terminal is further configured to obtain a current time as the authorization time.

The first mobile terminal is specifically used for acquiring current time as authorization time; encrypting the authorization time, the communication identifier of the second mobile terminal, the network use time and the speed limit strategy by using the second management account password to obtain the encrypted information;

the wireless network device is specifically configured to decrypt encrypted information in the networking configuration information received this time according to the second management account password to obtain a communication identifier of the second mobile terminal, the network use time, the speed limit policy, and the authorization time; detecting whether historical networking configuration information which is the same as the authorization time of the networking configuration information received this time is received or not; if so, not processing the current networking configuration information; if not, recording the received networking configuration information as historical networking configuration information, then adding the second mobile terminal into a white list allowing to surf the internet, and limiting the internet surfing time and speed of the second mobile terminal according to the network use time and the speed limiting strategy.

In summary, the method and the system for configuring the wireless network device provided by the application enable the mobile terminal to automatically complete actions such as WiFi access and network configuration of the wireless network device by scanning the identification code set on the wireless network device through the mobile terminal, and do not need a large amount of complicated manual operations by a user, thereby improving the efficiency of configuring the wireless network device and reducing the possibility of configuration errors.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The above description is only for various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and all such changes or substitutions are included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for configuring a wireless network device, the method comprising:

2. The method according to claim 1, wherein the step of the first mobile terminal obtaining a first WiFi name, a first WiFi password, a first management address and a first management account password pre-stored by the wireless network device by scanning a first identification code on the wireless network device comprises:

3. The method of claim 2, further comprising:

4. The method of claim 1, further comprising:

5. The method according to claim 4, wherein the step of encrypting the communication identifier of the second mobile terminal, the network usage time and the speed limit policy by the first mobile terminal according to the second management account password to obtain encrypted information comprises:

the first mobile terminal acquires the current time as authorization time;

if so, not processing the current networking configuration information;

6. The method according to claim 4, wherein before the step of the first mobile terminal obtaining the communication identifier, the network usage time and the speed limit policy of the second mobile terminal, the method further comprises:

the second mobile terminal sends networking application information to the wireless network equipment according to the address of the server, wherein the networking application information comprises a communication identifier of the second mobile terminal and an identity identifier of the wireless network equipment;

7. The method according to claim 4, wherein the step of the first mobile terminal generating the second identification code according to the encryption information and the second management address of the wireless network device comprises:

the step that the second mobile terminal obtains the second management address and the encryption information by scanning the second identification code, and sends the networking configuration information carrying the encryption information to the second management address comprises the following steps:

8. The method of any one of claims 1-7, wherein the wireless network device is further communicatively coupled to a network security server, the method further comprising:

9. A wireless network equipment configuration system is characterized in that the system comprises a first mobile terminal and wireless network equipment;

the first mobile terminal is used for scanning a first identification code on wireless network equipment to obtain a first WiFi name, a first WiFi password, a first management address and a first management account password which are prestored by the wireless network equipment; accessing a wireless local area network provided by the wireless network equipment according to the first WiFi name and the first WiFi password; responding to user operation, and acquiring network configuration information set by a user, wherein the network configuration information comprises an updated second WiFi name, a second WiFi password, a second management address or a second management account password; sending a configuration request carrying the first management account password and the network configuration information to the first management address;

10. The system of claim 9, wherein the system further comprises a second mobile terminal;