CN113765842A - Network on-line management system for information device - Google Patents

Network on-line management system for information device Download PDF

Info

Publication number
CN113765842A
CN113765842A CN202010483810.2A CN202010483810A CN113765842A CN 113765842 A CN113765842 A CN 113765842A CN 202010483810 A CN202010483810 A CN 202010483810A CN 113765842 A CN113765842 A CN 113765842A
Authority
CN
China
Prior art keywords
data
mac address
identification data
network
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010483810.2A
Other languages
Chinese (zh)
Other versions
CN113765842B (en
Inventor
李坤荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taizhong Computer Co ltd
Original Assignee
Taizhong Computer Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taizhong Computer Co ltd filed Critical Taizhong Computer Co ltd
Priority to CN202010483810.2A priority Critical patent/CN113765842B/en
Publication of CN113765842A publication Critical patent/CN113765842A/en
Application granted granted Critical
Publication of CN113765842B publication Critical patent/CN113765842B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a network online management system of an information device, comprising: more than one information device, a network point data verification device and a network point online management device. The information device is a network point, the network point adopts a mobile network card, and the MAC address of the mobile network card and the identification data of the network point are transmitted to the network point data verification device by data return software. The network point data verification device receives the MAC address and the network point identification data acquired by the data reporting software. The network point online management device is connected with the network point data verification device and blocks the network online of the network point according to the comparison result.

Description

Network on-line management system for information device
Technical Field
The present invention relates to an information system, and more particularly, to a network connection management system for an information device.
Background
The existing network connection management system gives the network connection authority to the network point by identifying the IP Address (Internet Protocol Address) or the MAC Address (Media Access Control Address) of the network point, so as to achieve the management of network connection. The network point is an information device to be networked, such as: personal computer, notebook computer … ….
On the other hand, with the development of network technology, the use of USB network cards with hot plug convenience is becoming widespread. Under the premise that the MAC address of the USB network card is identified and authenticated by the network online management system, the user can carry the USB network card and plug in any information device to carry out network online. Therefore, the user can obtain the maximized network connection freedom and the information device use convenience under the management of the network connection management system.
However, when the USB network card (authenticated by the network connection management system) is pulled from the original information device and plugged into a regulatory information device (e.g., an information device that stores important data and is not allowed to connect to the network in response to the information management policy), the regulatory information device can easily obtain the authority of the network connection management system to connect to the network, thereby causing a doubt in information security. Or, some users falsely use the MAC address of the USB network card (authenticated by the network connection management system) to enable other unregulated information devices to obtain the authority of the network connection management system and connect to the network, thereby causing a vulnerability in network connection management.
Disclosure of Invention
Therefore, an objective of the present invention is to provide a network connection management system for an information device, which ensures that a mobile network card (e.g., a USB network card) authenticated by the network connection management system is used in the same information device, so as to prevent the mobile network card from being plugged into another information device for use when being pulled out from the information device. In addition, the invention can prevent the MAC address of the mobile network card from being falsely used, so that other information devices can be connected on line under the condition of not being controlled.
The technical means adopted by the invention to solve the problems of the prior art provides a network online management system of an information device, which comprises: more than one information device, each information device is a network point, each network point is provided with data reporting software comprising Agent data reporting software and/or WMI data reporting software, wherein the WMI data report software provides information related to the website when the website is online on the premise that the website is provided with a Windows operating system, the Agent data reporting software provides the information of the network points in a mode of not limiting the network points as a Windows operating system, each network point adopts an inserted mobile network card, and the data reporting software transmits the MAC address of the mobile network card and the identification data of the network point to the network point data verification device, the data reliability of the MAC address acquired by the Agent data reporting software and the acquired identification data of the affiliated website is higher than that of the MAC address acquired by the WMI data reporting software and the acquired identification data of the affiliated website; the network point data verifying device is provided with a list management unit, the network point data verifying device is connected with the mobile network card through a signal to receive the MAC address and the affiliated network point identification data acquired by the data reporting software of the network point, and/or the network point data verifying device acquires the MAC address and the affiliated network point identification data of the network point by scanning the network point through Nmap network security scanning software, so as to record the MAC address acquired for the first time and the affiliated network point identification data into an information device list, wherein the Nmap network security scanning software is a network security scanning tool for network scanning and network host exploration, the data reliability of the MAC address acquired by the WMI data reporting software and the affiliated network point identification data acquired by the Nmap network security scanning software is higher than that of the MAC address acquired by the Nmap network security scanning software and the affiliated network point identification data acquired by the Nmap network security scanning software, the list management unit replaces the MAC address with high data reliability and the identification data of the affiliated network point with the MAC address with low data reliability and the identification data of the affiliated network point according to the data reliability, and the network point data verification device compares the currently received MAC address with the identification data of the affiliated network point with the MAC address in the information device list and the identification data of the affiliated network point to obtain a comparison result; and the network point online management device is connected with the network point data verification device, blocks the network online of the network point according to the comparison result when the comparison result is not matched, and prevents the network point to be online from falsely using the MAC address to be online when the MAC address in the information device list corresponds to the identification data of the network point to which the MAC address belongs, and allows the network online of the network point when the comparison result is matched.
In an embodiment of the present invention, in a process of collecting the MAC address of the information device and the identification data of the affiliated website by replacing the MAC address of the low data reliability and the identification data of the affiliated website with the MAC address of the high data reliability and the identification data of the affiliated website by the list management unit, the Agent data reporting software or the WMI data reporting software will continuously query the website, or the Nmap network security scanning software will continuously scan the website to obtain the MAC address and the identification data of the affiliated website, and in a process of comparing the MAC address and the identification data of the affiliated website received currently by the website data verification device with the MAC address and the identification data of the affiliated website in the list of the information device to check the MAC address of the information device and the identification data of the affiliated website, when the Agent data reporting software acquires the MAC address of the website and the identification data of the website, the WMI data reporting software skips the execution of inquiring the MAC address of the website and the identification data of the website, or skips the scanning of the website by the Nmap network security scanning software when the WMI data reporting software acquires the MAC address of the website and the identification data of the website.
In an embodiment of the present invention, a network connection management system for information devices further comprises a list confirmation device connected to more than one information device and the website data verification device, the list confirmation means compares the MAC address and the home node identification data received currently with the MAC address and the home node identification data in the information device list to confirm whether the MAC address and the home node identification data received currently are already recorded in the information device list, when the MAC address and the identification data of the network point are not recorded in the information device list, transmitting the MAC address and the identification data of the node to which the MAC address is currently received to a list management unit of the node data verification device, so that the first acquired MAC address and the identification data of the affiliated node can be recorded in the information device list.
In an embodiment of the present invention, a network connection management system of an information device further includes a list checking device connected between the list confirmation device and the website data verification device, wherein when the list checking device receives a message from the list confirmation device that "the MAC address and the website identification data currently received are recorded in the information device list", the list checking device further confirms whether the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one by the list management unit of the node data verification device, and when confirming that the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one, setting the MAC address and the identification data of the affiliated node in the information device list as: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship.
In one embodiment of the present invention, a network online management system for an information device further comprises a list re-check device connected between the list check device and the site data verification device, wherein when the list re-check device receives a message from the list check device that the MAC address and the site identification data in the information device list are not yet set to have a one-to-one correspondence, the list re-check device further determines whether the MAC address and the site identification data in the information device list are set without having a one-to-one correspondence by a list management unit of the site data verification device, and when the MAC address and the site identification data in the information device list are determined without having a one-to-one correspondence, the list re-check device transmits the currently received MAC address and the site identification data to the site data verification device, the network point data verifying device discards the currently received MAC address and the affiliated network point identification data, or stops the comparison between the currently received MAC address and the affiliated network point identification data and the MAC address and the affiliated network point identification data in the information device list, or when the MAC address and the affiliated network point identification data in the information device list are determined not to be set and do not need to have a one-to-one correspondence, the list re-checking device transmits the currently received MAC address and the affiliated network point identification data to the network point data verifying device, so as to perform the comparison between the currently received MAC address and the affiliated network point identification data and the MAC address and the affiliated network point identification data in the information device list.
In one embodiment of the present invention, a network connection management system of an information device is provided, wherein the network point identification data includes: a computer name and/or a hardware fingerprint value, the hardware fingerprint value is generated by Hash operation of UUID code of the information device, when the computer name of the currently received affiliated website identification data is different from the computer name of the affiliated website identification data in the information device list, the website data verifying device sends out the comparison result of 'computer name is not consistent', when the hardware fingerprint value of the currently received affiliated website identification data is different from the hardware fingerprint value of the affiliated website identification data in the information device list, the website data verifying device sends out the comparison result of 'hardware fingerprint value is not consistent', or when the computer name of the currently received affiliated website identification data and the hardware fingerprint value are different from the computer name and the hardware fingerprint value of the website identification data in the information device list, the mesh point data verification device sends out the comparison result of 'the computer name and the hardware fingerprint value do not accord'.
In an embodiment of the present invention, when the data reporting software cannot acquire the MAC address and the affiliated node identification data and cannot transmit the MAC address and the affiliated node identification data to the node data verification device, the node data verification device sends the comparison result that "the one-to-one correspondence between the MAC address of the information device and the affiliated node identification data cannot be verified" to block the network connection of the information device.
The technical means adopted by the network online management system adopting the information device of the invention can obtain the following technical effects. The mobile network card is used for one information device one to one, so that the situation that the mobile network card is pulled out from the information device and is plugged into another information device for use is avoided. In addition, the invention prevents the MAC address of the mobile network card from being falsely used so as to avoid the situation that a malicious person uses the MAC address to log on the network from other information devices in order to avoid the control of the network online management system.
Drawings
FIG. 1 is a block diagram of a network connection management system of an information device according to a first embodiment of the present invention;
FIG. 2 is a block diagram of a network connection management system of an information device according to a second embodiment of the present invention;
FIG. 3 is a block diagram of a network connection management system of an information device according to a third embodiment of the present invention;
FIG. 4 is a block diagram illustrating a network connection management system of an information device according to a fourth embodiment of the present invention;
FIG. 5 is a flowchart illustrating the process of collecting MAC addresses and identification data of the nodes in the network online management system of the information apparatus according to the present invention; and
FIG. 6 is a flowchart illustrating the process of checking the MAC address and the identification data of the node according to the network connection management system of the information apparatus of the present invention.
Reference numerals:
100 network online management system
100A network online management system
100B network online management system
100C network online management system
1A information device
1B information device
1C information device
11A mobile network card
11B mobile network card
11C mobile network card
2-network point data verification device
21 list management unit
2A list confirmation apparatus
2B list viewing device
2C list coverage inspection device
3 network point online management device
S1 flow
S1A flow
S1B flow
S1C flow
S1D flow
S2 flow
S20 flow
S201A flow
S201B flow
S201C flow
S202A flow
S202B flow
S202C flow
S203B flow
S21A flow
S21B flow
S2A flow
S2B flow
S2C flow
S2E flow
S2R flow
S301 flow
S302 flow
S303 procedure
S304 flow
S3R1 flow
S3R2 flow
S3R3 flow
Detailed Description
Embodiments of the present invention will be described below with reference to fig. 1 to 6. The description is not intended to limit the embodiments of the present invention, but is one example of the present invention.
As shown in fig. 1, a network connection management system 100 of an information device according to a first embodiment of the present invention includes: one or more information devices (1A, 1B, 1C), a point data verification device (2), and a point online management device (3). Therefore, the invention can ensure that the mobile network card identified and authenticated by the network online management system 100 can be used for the same information device (1A, 1B, 1C), and avoid the mobile network card from being pulled out from the information device (1A, 1B, 1C) and being plugged into another information device for use; furthermore, the invention can prevent the MAC address of the mobile network card from being falsely used, so that other information devices can be connected on line under the condition that the other information devices are not controlled.
Further, each of the information devices (1A, 1B, or 1C) is a website, and each website is provided with data reporting software including Agent data reporting software and/or wmi (windows Management instrumentation) data reporting software. In detail, the WMI data report software provides information about the website when the website is online on the premise that the website is installed with a Windows operating system; and the Agent data reporting software is software which is developed by the applicant and applied to Terminal (Computer Terminal) equipment, and provides the information of the website in a mode of not limiting the website to be a Windows operating system.
Furthermore, as shown in FIG. 1, each node (i.e., the information device 1A, 1B, or 1C) employs an interposed mobile network card (11A, 11B, 11C, such as a USB network card) and the data reporting software transmits the MAC address of the mobile network card and the identification data of the node to the node data verification device 2. Specifically, according to a preset setting, the data reliability of the MAC address acquired by the Agent data reporting software and the acquired identification data of the affiliated node is higher than the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the affiliated node.
As shown in fig. 1, the dot data verification apparatus 2 has a list management unit 21. The network point data verification device 2 is connected with the mobile network card (11A, 11B, 11C) through signals to receive the MAC address and the affiliated network point identification data acquired by the data reporting software of the network point, and records the MAC address and the affiliated network point identification data acquired for the first time into an information device list. Specifically, the list management unit 21 searches the MAC addresses of the nodes described in the information device list based on the MAC address to determine whether the MAC address of the information device ( node 1A, 1B, or 1C) and the node identification data thereof are acquired for the first time.
Furthermore, but not limited to, as shown in fig. 1, the website data verifying device 2 may further scan the website through Nmap (network mapper) network security scanning software to obtain the MAC address of the website and the identification data of the website to which the website belongs, so as to record the MAC address and the identification data of the website which are obtained for the first time into the information device list, where the Nmap network security scanning software is a network security scanning tool for performing network scanning and network host (network host) exploration, and is used for the website data verifying device 2 to obtain the information of the website. Further, according to a preset setting, the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the affiliated node is higher than the data reliability of the MAC address acquired by the Nmap network security scanning software and the acquired identification data of the affiliated node.
As shown in fig. 1, in the process of collecting the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node according to the present invention, the list management unit 21 replaces the MAC address with high data reliability and the identification data of the home node with the MAC address with low data reliability and the identification data of the home node according to the data reliability, so as to update the data of the information device (1A, 1B, or 1C) in the information device list. Specifically, the Agent data reporting software or the WMI data reporting software will continuously query the MAC address of the node and the identification data of the node to which the node belongs, and/or the Nmap network security scanning software continuously scans the node to obtain the MAC address of the node and the identification data of the node to which the node belongs.
In the process of checking the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node according to the present invention, the node data verification device 2 compares the MAC address and the home node identification data received at present with the MAC address and the home node identification data in the information device list to obtain a comparison result. Further, since the data reliability of the Agent data reporting software is higher than that of the WMI data reporting software, when the Agent data reporting software acquires the MAC address of the website and the identification data of the website, the WMI data reporting software skips the query of the MAC address of the website and the execution of the identification data of the website. Or, because the reliability of the data acquired by the WMI data reporting software is higher than that of the Nmap network security scanning software, when the WMI data reporting software acquires the MAC address of the website and the identification data of the website, the WMI data reporting software skips scanning the website by the Nmap network security scanning software.
As shown in fig. 1, the website online management apparatus 3 is connected to the website data verification apparatus 2. The network point online management device 3 blocks the network online of the network point (i.e. the information device 1A, 1B, or 1C) according to the comparison result when the comparison result is not matched, and the MAC address in the information device list and the identification data of the network point to which the MAC address belongs are in a one-to-one correspondence relationship, so as to prevent other network points which want to perform network online from using the MAC address to perform online. Or, when the comparison result is matched, the network connection management device 3 allows the network connection of the network.
In addition, in the present invention, the site data verifying device 2 and the site online management device 3 may be installed in the same equipment (for example, the site data verifying device 2 and the site online management device 3 are installed in the same equipment housing). However, the present invention is not limited thereto, and the website data verification apparatus 2 and the website online management apparatus 3 may be separately installed in different devices according to the installation requirement of the system.
As shown in fig. 2, the difference between the network connection management system 100A of the information apparatus according to the second embodiment of the present invention and the network connection management system 100 is that, based on the technology of the network connection management system 100, the network connection management system 100A further has a list confirmation apparatus 2A. The list confirmation means 2A is connected to one or more of the information devices (1A, 1B, 1C) and the point data verification means 2. The list confirmation means 2A compares the MAC address and the home node identification data received at present with the MAC address and the home node identification data in the information device list of the node data verification means 2, and confirms whether the MAC address and the home node identification data received at present are already described in the information device list. When the list confirmation apparatus 2A confirms that "the MAC address and the home node identification data received at present are not recorded in the information apparatus list", the MAC address and the home node identification data received at present are transmitted to the list management unit 21 of the node data verification apparatus 2, so that the MAC address and the home node identification data acquired at the first time are recorded in the information apparatus list.
As shown in fig. 3, the difference between the network connection management system 100B and the network connection management system 100A of the information apparatus according to the third embodiment of the present invention is that, based on the technology of the network connection management system 100A, the network connection management system 100B further has a list viewing apparatus 2B. The list viewing means 2B is connected between the list confirmation means 2A and the point data verification means 2. When the list viewing means 2B receives the message "the MAC address and the home node identification data are recorded in the information device list" from the list confirmation means 2A, the list viewing means 2B further confirms by the list management unit 21 of the node data verification means 2 whether or not the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one. When the list viewing device 2B confirms that "the correspondence between the MAC address and the home node identification data in the information device list is not set to one-to-one", the MAC address and the home node identification data in the information device list are set to: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship.
As shown in fig. 4, the difference between the network connection management system 100C and the network connection management system 100B of the information apparatus according to the fourth embodiment of the present invention is that, based on the technology of the network connection management system 100B, the network connection management system 100C further has a list rechecking device 2C. The list reviewing means 2C is connected between the list reviewing means 2B and the point data verifying means 2. When the list reinspection device 2C receives the message that "the correspondence between the MAC address and the home node identification data in the information device list is not yet set as one-to-one correspondence" from the list inspection device 2B, the list reinspection device 2C further confirms whether the correspondence between the MAC address and the home node identification data in the information device list is set without having one-to-one correspondence by the list management unit 21 of the node data verification device 2. When it is determined that "the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence", the list re-inspection device 2C transmits the currently received MAC address and the home node identification data to the node data verification device 2, and the node data verification device 2 discards the data of "the currently received MAC address and the home node identification data", or stops the comparison between "the currently received MAC address and the home node identification data", and "the MAC address and the home node identification data" in the information device list ". On the contrary, if the list rechecking device 2C confirms that "the MAC address and the home node identification data in the information device list are not set and do not need to have a one-to-one correspondence", the MAC address and the home node identification data received currently are transmitted to the node data verifying device 2, and the node data verifying device 2 performs comparison between "the MAC address and the home node identification data received currently, and the MAC address and the home node identification data in the information device list".
Specifically, in the network connection management system (100, 100A, 100B, 100C) of the information apparatus according to the embodiment of the present invention, the mesh point identification data includes: a computer name, and/or a hardware fingerprint value (i.e., a computer name, and/or a hardware fingerprint value of each of the information apparatuses 1A, 1B, or 1C). The hardware fingerprint value is generated by Hashing the UUID code of the information device (1A, 1B, 1C).
Further, the network online management system (100, 100A, 100B, or 100C) of the information apparatus according to the embodiment of the present invention performs a work flow of "collecting the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the home node" and a work flow of "checking the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the home node" in synchronization. For this reason, the two operation flows are described in detail as follows.
As shown in fig. 5, the "collecting the MAC address of the information apparatus (1A, 1B, or 1C) and the identification data of the corresponding node" process of the network online management system (100, 100A, 100B, or 100C) of the information apparatus according to the embodiment of the present invention includes the following processes.
As shown in fig. 5, in a process S1A, the Agent data report software provides information about the website; in process S1B, the WMI data report software provides information about the website. In the process S1C, the website data verification apparatus 2 obtains the information of the website by using the Nmap network security scanning software.
As shown in fig. 5, in a process S2A, the network connection management system (100, 100A, 100B, or 100C) uses the list confirmation device 2A to confirm whether the MAC address and the scanned site identification data currently received or scanned are recorded in the information device list. If the MAC address and the home node identification data received at present are not recorded in the information device list, the process S21A records the MAC address and the home node identification data acquired for the first time in the information device list. On the contrary, if the MAC address and the home node identification data currently received are already recorded in the information device list, then in a process S2E, the list viewing device 2B and the list reviewing device 2C further confirm whether there is a one-to-one correspondence between the MAC address and the home node identification data in the information device list.
As shown in fig. 5, if the MAC address and the identification data of the home node in the information device list are in one-to-one correspondence, the network connection management system (100, 100A, 100B, or 100C) ends the process of collecting the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node. On the contrary, if the MAC address and the home node identification data in the information device list do not correspond to each other one-to-one, the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the home node identification data currently received by the node data verification device 2 is checked in the process S1D to see if it is higher than the data reliability of the data reporting software or the network security scanning software for "the MAC address and the home node identification data recorded in the information device list".
As shown in fig. 5, in a process S1D, when the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data currently received is not higher than the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data recorded in the information device list, the Agent data reporting software and the WMI data reporting software continuously query the website, or the Nmap network security scanning software continuously scans the website (thereby acquiring the MAC address and the corresponding website identification data).
On the contrary, as shown in fig. 5, if the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data currently received is higher than the data reliability of the data reporting software or the network security scanning software for acquiring the MAC address and the corresponding website identification data recorded in the information device list, the list management unit 21 replaces the MAC address and the corresponding website identification data of the data reporting software or the network security scanning software with low data reliability in the process S20. For example: the MAC address and the affiliated website identification data which are acquired by the Agent data reporting software at present are used for replacing the MAC address and the affiliated website identification data of the WMI data reporting software on the information device list; or the MAC address and the associated site identification data "currently acquired by the WMI data reporting software" are used to replace the MAC address and the associated site identification data "acquired by the Nmap network security scanning software on the information device list". And the Agent data reporting software, the WMI data reporting software or the Nmap network security scanning software continuously collects the MAC address of the website and the identification data of the website.
As shown in fig. 6, "checking the MAC address of the information device (1A, 1B, or 1C) and the identification data of the node to which the MAC address belongs" of the network online management system (100, 100A, 100B, or 100C) of the information device according to the embodiment of the present invention includes the following processes.
As shown in fig. 6, the flow S1 is a flow in which each of the information apparatuses (1A, 1B, or 1C) is ready to perform network connection.
As shown in fig. 6, the flow S2A is executed by the list confirmation apparatus 2A to confirm whether the MAC address and the home node identification data of the information apparatus (1A, 1B, or 1C) currently received are already recorded in the information apparatus list. If the MAC address and the identification data of the home node received currently are not recorded in the information device list, the process S21A records the MAC address and the identification data of the home node acquired for the first time in the information device list. On the contrary, if the MAC address and the home node identification data currently received are already recorded in the information device list, then in a flow S2B, the list viewing device 2B confirms whether "the MAC address and the home node identification data in the information device list are not yet set to have a one-to-one correspondence relationship".
Next, as shown in fig. 6, if the MAC address and the home node identification data in the information device list are not set to have a one-to-one correspondence relationship, then the flow S21B sets the MAC address and the home node identification data in the information device list to: the one-to-one correspondence relationship does not need to have a one-to-one correspondence relationship, or the MAC address of the node in the information device list and the identification data of the node to which the MAC address belongs are not yet set to have a one-to-one correspondence relationship. On the contrary, if the MAC address and the home node identification data in the information device list are not yet set to have a one-to-one correspondence relationship, the list rechecking device 2C determines whether the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence relationship in the process S2C.
As shown in fig. 6, if it is confirmed that the MAC address and the home node identification data in the information device list are set without having a one-to-one correspondence, the node data verification device 2 discards the currently received MAC address and the home node identification data, or stops the comparison between the currently received MAC address and the home node identification data, and the MAC address and the home node identification data in the information device list. Alternatively, if it is determined that the MAC address and the home node identification data in the information device list are not set and do not need to have a one-to-one correspondence, the node data verification device 2 continues the "one-to-one correspondence between the MAC address and the home node identification data in the information device list" determination operation in the flow S2.
As shown in FIG. 6, the process S201A queries the Agent data report software for information about the website. In the process S202A, the website data verifying device 2 determines whether the Agent data reporting software successfully inquires about the website. If the Agent data reporting software successfully provides the information about the node, a process S2R compares the MAC address and the identification data of the node currently received with the MAC address and the identification data of the node in the information device list. Further, when the Agent data reporting software acquires the MAC address of the node and the identification data of the node, the WMI data reporting software skips the execution of querying the MAC address of the node and the identification data of the node, wherein the data reliability of the MAC address acquired by the Agent data reporting software and the data reliability of the identification data of the node acquired by the Agent data reporting software are higher than the data reliability of the MAC address acquired by the WMI data reporting software and the data reliability of the identification data of the node acquired by the Agent data reporting software.
As shown in fig. 6, if the Agent data reporting software does not successfully provide information about the website, the WMI data reporting software queries the website for information at step S201B. In process S202B, the website data verification apparatus 2 determines whether the WMI data report software successfully queries the website for information. If the WMI data reporting software successfully provides information about the node, a comparison between the MAC address and the node identification data currently received and the MAC address and the node identification data in the information device list is performed in a process S2R. Specifically, when the WMI data reporting software acquires the MAC address of the node and the identification data of the node, scanning the node by using the Nmap network security scanning software is skipped, wherein the data reliability of the MAC address acquired by the WMI data reporting software and the acquired identification data of the node is higher than the data reliability of the MAC address acquired by the Nmap network security scanning software and the acquired identification data of the node.
On the contrary, as shown in fig. 6, if the WMI data reporting software does not successfully provide the information about the website, in the process S203B, the website data verification apparatus 2 further confirms whether the MAC address and the website identification data in the information device list form a one-to-one correspondence relationship by "the MAC address of the information device and the computer name of the website identification data".
As shown in fig. 6, when the MAC address and the affiliated node identification data in the information device list form a one-to-one correspondence relationship by "the MAC address and the computer name of the affiliated node identification data", in a process S201C, the Nmap network security scanning software of the node data verification device 2 is used to scan information related to the node. On the contrary, if the MAC address and the home node identification data in the information device list do not form a one-to-one correspondence relationship with the "MAC address and the computer name of the home node identification data", the process S304 sends the comparison result that the one-to-one correspondence relationship between the MAC address of the information device and the home node identification data cannot be verified (for example, the network connection of the information device 1A, 1B, or 1C is blocked by sending the comparison result from the node data verification device 2). That is, in the case where the Agent data reporting software and the WMI data reporting software cannot successfully provide information about the website, and the MAC address and the website identification data in the information device list do not form a one-to-one correspondence with the MAC address and the computer name of the website identification data, the network connection management system (100, 100A, 100B, or 100C) of the present invention issues the comparison result that the one-to-one correspondence between the MAC address of the information device and the website identification data cannot be verified.
In the process S202C, the website data verifying device 2 determines whether the Nmap network security scanning software successfully obtains the information about the website. If the Nmap network security scan software successfully obtains the information about the node (i.e., the MAC address and the computer name of the home node identification data), a comparison between "the MAC address and the home node identification data currently received" and "the MAC address and the home node identification data in the information device list" is performed in a process S2R. On the contrary, if the Nmap network security scanning software cannot successfully acquire the information about the node, the process S304 sends the comparison result that "the one-to-one correspondence between the MAC address of the information apparatus and the identification data of the node to which the MAC address belongs cannot be verified". In other words, when the Nmap network security scanning software cannot acquire the MAC address and the computer name of the home node identification data, the MAC address of the information device (1A, 1B, or 1C) and the computer name of the home node identification data cannot be transmitted to the node data verification device 2, so that the node data verification device 2 cannot verify the one-to-one correspondence between the MAC address of the information device and the home node identification data.
Further, as shown in fig. 6, in a process S2R, a comparison between the MAC address and the home node identification data currently received and the MAC address and the home node identification data in the information device list is performed. In other words, according to the currently received MAC address of the information device, the present invention can find the information device having the same MAC address in the information device list, and compare the currently received home node identification data with the home node identification data in the information device list.
In addition, in the process S301, the present invention further determines whether "the computer name and the hardware fingerprint value of the currently received affiliated website identification data" are different from "the computer name and the hardware fingerprint value of the affiliated website identification data in the information device list". When "the computer name and the hardware fingerprint value of the currently received affiliated website identification data" are different from "the computer name and the hardware fingerprint value of the affiliated website identification data in the information device list", the comparison result of "the computer name and the hardware fingerprint value do not match" is issued in the process S3R1 (that is, the website data verification device 2 issues the comparison result).
As shown in fig. 6, if it is confirmed in the process S301 that "the computer name and the hardware fingerprint value of the currently received home node identification data" are not different from "the computer name and the hardware fingerprint value of the home node identification data in the information device list", it is further confirmed in the process S302 whether "the hardware fingerprint value of the currently received home node identification data" is different from "the hardware fingerprint value of the home node identification data in the information device list". When the hardware fingerprint value of the currently received home node identification data is different from the hardware fingerprint value of the home node identification data in the information device list, the process S3R2 issues the comparison result "hardware fingerprint value does not match" (i.e., the website data verification device 2 issues the comparison result).
As shown in fig. 6, if it is confirmed in the process S303 that "the computer name of the currently received home site identification data" is different from "the computer name of the home site identification data in the information device list", the comparison result of "computer name mismatch" is issued in the process S3R3 (i.e., the comparison result is issued by the home site data verification device 2). Conversely, if the "computer name of the currently received home node identification data" is not different from the "computer name of the home node identification data in the information device list", the flow of "checking the MAC address of the information device (1A, 1B, or 1C) and the identification data of the home node" is terminated.
As described above, the network connection management system (100, 100A, 100B, 100C) of the information apparatus of the present invention receives the Agent data reporting software and/or the WMI data reporting software through the website data verifying device 2, or the website data verifying device 2 scans the website through the Nmap network security scanning software to obtain the MAC address and the affiliated website identification data of each information apparatus (1A, 1B, 1C), compares the MAC address and the affiliated website identification data received currently with the MAC address and the affiliated website identification data in the information apparatus list, and blocks the network connection of the website with the connection management device 3 when the comparison result is not matched. Thus, the invention can ensure that the mobile network cards (11A, 11B, 11C) are used in one information device (1A, 1B, 1C) in a one-to-one manner, so as to avoid the situation that the mobile network cards (11A, 11B, or 11C) are plugged into another information device (1A, 1B, or 1C) for use after being pulled out from the information device (1A, 1B, or 1C).
And the network online management system (100, 100A, 100B, 100C) of the information device sends the comparison result when the computer name and the hardware fingerprint value are not consistent, the hardware fingerprint value is not consistent, or the computer name is not consistent through the comparison between the MAC address and the computer name and/or the hardware fingerprint value of the identification data of the affiliated website which are currently received and the computer name and/or the hardware fingerprint value of the identification data of the affiliated website in the information device list, so as to block the network online of the website. Therefore, the invention can prevent the MAC address of the mobile network card (11A, 11B or 11C) from being falsely used, so as to avoid the situation that a person with worry uses the MAC address to log on the network from other information devices in order to avoid the control of the network online management system.
While the foregoing description and description are of the preferred embodiment of the present invention, other modifications will be apparent to those skilled in the art from this description and it is intended that all such modifications be included within the spirit and scope of the present invention.

Claims (7)

1. A network online management system of an information device, comprising:
more than one information device, each information device is a network point, each network point is provided with data return software including Agent data return software and/or WMI data return software, the WMI data return software provides information related to the network point on the premise that the network point is provided with a Windows operating system and when the network point is online, the Agent data return software provides the information of the network point in a mode that the network point is not limited to be a Windows operating system, each network point adopts an inserted action network card and transmits the MAC address of the action network card and the identification data of the network point to a network point data verification device by the data return software, the data reliability of the MAC address acquired by the Agent data software and the acquired identification data of the network point is higher than that of the MAC address acquired by the WMI data return software and the acquired identification data of the network point can be acquired by the WMI data return software Reliability;
the network point data verifying device is provided with a list management unit, the network point data verifying device is connected with the mobile network card through a signal to receive the MAC address and the affiliated network point identification data acquired by the data reporting software of the network point, and/or the network point data verifying device acquires the MAC address and the affiliated network point identification data of the network point by scanning the network point through Nmap network security scanning software, so as to record the MAC address acquired for the first time and the affiliated network point identification data into an information device list, wherein the Nmap network security scanning software is a network security scanning tool for network scanning and network host exploration, and the WMI data reports the data reliability of the MAC address acquired by the WMI data reporting software and the affiliated network point identification data acquired by the WMI data reporting software, in order to be higher than the data reliability of the MAC address acquired by the Nmap network security scanning software and the acquired identification data of the affiliated node, the list management unit replaces the MAC address with high data reliability and the identification data of the affiliated node with low data reliability according to the data reliability, and the network point data verification device compares the currently received MAC address and the identification data of the affiliated node with the MAC address and the identification data of the affiliated node in the information device list to obtain a comparison result; and
the network point online management device is connected with the network point data verification device, blocks the network online of the network point when the comparison result is not matched according to the comparison result, and the MAC address in the information device list and the identification data of the affiliated network point are in one-to-one correspondence so as to prevent the network point which wants to perform network online from falsely using the MAC address to realize online, and allows the network online of the network point when the comparison result is matched.
2. The system of claim 1, wherein in the process of collecting the MAC address of the information device and the identification data of the website by replacing the MAC address with low data reliability and the identification data of the website with high data reliability and the identification data of the website, the Agent data reporting software or the WMI data reporting software will continuously inquire the website or the Nmap network security scanning software will continuously scan the website to obtain the MAC address and the identification data of the website, and the list management unit will continuously inquire the website or the WMI data reporting software will continuously inquire the website or the Nmap network security scanning software will continuously scan the website to obtain the MAC address and the identification data of the website, and the network management unit will not need to provide the MAC address and the identification data of the website
Comparing the MAC address and the identification data of the affiliated website received currently by the website data verifying device with the MAC address and the identification data of the affiliated website in the information device list to check the MAC address of the information device and the identification data of the affiliated website, when the Agent data reporting software acquires the MAC address of the website and the identification data of the affiliated website, the WMI data reporting software skips the execution of inquiring the MAC address of the website and the identification data of the affiliated website, or when the WMI data reporting software acquires the MAC address of the website and the identification data of the affiliated website, skips the scanning of the website by the Nmap network security scanning software.
3. The system of claim 1, further comprising a list confirmation unit connected to at least one of the information devices and the point data verification device, wherein the list confirmation unit compares the MAC address and the point identification data received currently with the MAC address and the point identification data in the information device list to confirm whether the MAC address and the point identification data received currently are recorded in the information device list, and when confirming that the MAC address and the point identification data received currently are not recorded in the information device list, the list management unit transmits the MAC address and the point identification data received currently to the point data verification device, so that the first acquired MAC address and the associated network node identification data can be recorded in the information device list.
4. The system of claim 3, further comprising a list checking device connected between said list confirmation device and said dot data verification device, wherein when said list checking device receives a message from said list confirmation device that said MAC address and said dot identification data are recorded in said information device list, said list checking device further confirms by said dot data verification device a one-to-one correspondence between said MAC address and said dot identification data in said information device list, and when confirming a one-to-one correspondence between said MAC address and said dot identification data in said information device list, setting the MAC address and the home node identification data in the information device list as: the one-to-one correspondence relationship does not need to be one-to-one correspondence relationship, or the MAC addresses of the nodes in the information device list and the identification data of the nodes are not set to one-to-one correspondence relationship.
5. The system of claim 4, further comprising a list re-check device connected between said list check device and said point-of-presence verification device, wherein when said list re-check device receives a message from said list check device that said MAC address and said point-of-presence identification data in said list of information devices are not yet set to have a one-to-one correspondence, said list re-check device further confirms by said list management unit of said point-of-presence verification device whether said MAC address and said point-of-presence identification data in said list of information devices are set without having a one-to-one correspondence,
when the MAC address and the affiliated node identification data in the information device list are confirmed to be set without one-to-one correspondence, the list rechecking device transmits the currently received MAC address and the affiliated node identification data to the node data verifying device, and the node data verifying device abandons the currently received MAC address and the affiliated node identification data or stops the comparison between the currently received MAC address and the affiliated node identification data and the MAC address and the affiliated node identification data in the information device list, or
When the MAC address and the home node identification data in the information device list are determined not to be set and do not need to have a one-to-one correspondence, the list re-inspection device transmits the currently received MAC address and the home node identification data to the node data verification device, and performs a comparison between the currently received MAC address and the home node identification data, and the MAC address and the home node identification data in the information device list.
6. The system according to claim 1, wherein said node identification data comprises: a computer name, and/or a hardware fingerprint value generated by hashing the UUID code of the information device,
when the computer name of the currently received affiliated network point identification data is different from the computer name of the affiliated network point identification data in the information device list, the network point data verification device sends out the comparison result of 'computer name is not matched',
when the hardware fingerprint value of the currently received affiliated network point identification data is different from the hardware fingerprint value of the affiliated network point identification data in the information device list, the network point data verification device sends out the comparison result of 'hardware fingerprint value is not met', or
When the computer name and the hardware fingerprint value of the currently received affiliated website identification data are different from the computer name and the hardware fingerprint value of the affiliated website identification data in the information device list, the website data verification device sends out the comparison result of 'the computer name and the hardware fingerprint value are not consistent'.
7. The system as claimed in claim 1, wherein when the data reporting software cannot obtain the MAC address and the home node identification data and cannot transmit the MAC address and the home node identification data to the node data verifier, the node data verifier sends the comparison result indicating that the one-to-one correspondence between the MAC address of the information device and the home node identification data cannot be verified, thereby blocking network connection of the information device.
CN202010483810.2A 2020-06-01 2020-06-01 Network on-line management system for information device Active CN113765842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010483810.2A CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010483810.2A CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Publications (2)

Publication Number Publication Date
CN113765842A true CN113765842A (en) 2021-12-07
CN113765842B CN113765842B (en) 2023-04-07

Family

ID=78782475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010483810.2A Active CN113765842B (en) 2020-06-01 2020-06-01 Network on-line management system for information device

Country Status (1)

Country Link
CN (1) CN113765842B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501637A (en) * 2002-11-13 2004-06-02 上海宽讯时代科技有限公司 Wireless local area network safety protection wall system device
CN1509002A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall link layer and internet protocol layer address binding method
CN103246851A (en) * 2013-05-10 2013-08-14 榆林学院 Wireless network card anti-theft method
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501637A (en) * 2002-11-13 2004-06-02 上海宽讯时代科技有限公司 Wireless local area network safety protection wall system device
CN1509002A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall link layer and internet protocol layer address binding method
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103246851A (en) * 2013-05-10 2013-08-14 榆林学院 Wireless network card anti-theft method
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
宋敏;: "供电企业无线局域网安全防护" *

Also Published As

Publication number Publication date
CN113765842B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
JP4692251B2 (en) Computer system providing access and management method thereof
US7587201B2 (en) Network apparatus capable of confirming whether a device is operating properly after a change of communication settings
US20070066280A1 (en) Connection management system, method and program
CN103067340A (en) Authentication method for remote control network information domestic appliance, and system and internet domestic gateway
JP5093247B2 (en) Wireless access system, wireless access method, and access point device
US8274401B2 (en) Secure data transfer in a communication system including portable meters
US20070288998A1 (en) System and method for biometric authentication
CN1659898B (en) Determining the state of a station in a local area
CN106060072B (en) Authentication method and device
US20140298436A1 (en) Cloud control system and method for lan-based controlled apparatus
KR101366622B1 (en) Apparatus for recognizing platform to identify a node for the control of unauthorized access
CN113765842B (en) Network on-line management system for information device
TWI742704B (en) Network connection management system for information device
JP2009277024A (en) Connection control method, communication system and terminal
US20080117837A1 (en) Method for setting wireless lan communication system and wireless lan access point
US10574659B2 (en) Network security management system
KR101816463B1 (en) Authentication server testing method and system
KR100965626B1 (en) Method of testing for wireless LAN system and test protocol
CN115134125A (en) Data acquisition and monitoring method based on data routing gateway
CN113781677A (en) Method for replacing intelligent door lock and cloud platform
CN110519130B (en) Equipment network access method and system
RU2757108C1 (en) Method for protecting mobile communication devices of wireless data transmission networks from information and technical impact
CN108632090B (en) Network management method and system
CN117544960B (en) Automatic Wi-Fi protocol fuzzy test method based on generation
KR100998750B1 (en) Method of testing for wireless LAN system and test protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant