CN117596600B - Wireless network access method, system and routing device - Google Patents
Wireless network access method, system and routing device Download PDFInfo
- Publication number
- CN117596600B CN117596600B CN202311659024.3A CN202311659024A CN117596600B CN 117596600 B CN117596600 B CN 117596600B CN 202311659024 A CN202311659024 A CN 202311659024A CN 117596600 B CN117596600 B CN 117596600B
- Authority
- CN
- China
- Prior art keywords
- wireless network
- server
- isolation
- access
- weight value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000002955 isolation Methods 0.000 claims abstract description 136
- 230000007704 transition Effects 0.000 claims description 44
- 230000015654 memory Effects 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 19
- 230000011218 segmentation Effects 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 4
- 238000005192 partition Methods 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 4
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 238000012163 sequencing technique Methods 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 230000006854 communication Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000000638 solvent extraction Methods 0.000 description 2
- 238000005406 washing Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/66—Trust-dependent, e.g. using trust scores or trust relationships
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention is applicable to the technical field of wireless networks, and particularly relates to a wireless network access method, a wireless network access system and a wireless network routing device, wherein the wireless network access method comprises the following steps: acquiring an access range of a wireless network, dividing the access range, and determining that the divided access range is an isolation area, wherein the number of the isolation areas is at least two; and determining a server which is supported by the wireless network access target router to access, inserting a weight value label into the server, and dividing the server into isolation areas. The invention realizes the setting of the isolation area by dividing the wireless network, and can determine the importance degree of the isolation area by weighting the isolation area, thereby protecting the important isolation area, and by constructing the trust chain, the access range of the wireless network is determined, the lateral movement of the wireless network is limited, the damage range of the wireless network when the wireless network is attacked is effectively reduced, and the protection effect of the important isolation area is greatly improved.
Description
Technical Field
The present invention relates to the field of wireless network technologies, and in particular, to a wireless network access method, system, and routing device.
Background
With the popularization of network technology, the threshold of the wireless network to be cracked is lower and lower, an attacker mainly breaks the legal wireless client from the wireless network by forcing, the legal wireless client automatically tries to reconnect to the wireless network, in the reconnection process, data communication is generated, then the attacker captures the communication process of the router and the wireless client to generate a data packet, and finally the attacker uses a dictionary to perform violent cracking, so that a wireless password is obtained; when the wireless network is cracked, an attacker can enter the family and the working environment of the user at will, input virus programs to the equipment of the user, even steal personal information of the user, such as sensitive information of an identity card number, a bank account, a password and the like, and once the information is revealed, unnecessary economic loss and life trouble can be suffered.
Therefore, how to strengthen the protection of important data and reduce the possibility of leakage is a technical problem to be solved by the invention.
Disclosure of Invention
The present invention aims to provide a wireless network access method, a wireless network access system and a wireless network routing device, so as to solve the problem of how to strengthen the protection of important data and reduce the possibility of leakage in the background art.
In order to achieve the above purpose, the present invention provides the following technical solutions:
A wireless network access method, the method comprising:
Acquiring an access range of a wireless network, dividing the access range, and determining that the divided access range is an isolation area, wherein the number of the isolation areas is at least two;
Determining a server supported by a wireless network access target router to access, inserting a weight value label into the server, and dividing the server into an isolation area;
Weighting the weight value labels in the isolation area, and calculating a weighted score value;
Arranging isolation areas according to the sequence of the score values from low to high, constructing a trust chain, and generating a transition key between two adjacent isolation areas on the trust chain;
and when receiving a wireless network connection request sent by the terminal, sequentially verifying the trust chain.
Further, the step of inserting a weight value tag into the server and dividing the server into isolation areas includes:
acquiring a weight value of the server, generating a weight value label, and inserting the weight value label into the server;
establishing a dividing standard of the server, and dividing the server into isolation areas.
Further, the step of weighting the weight value labels in the isolation area and calculating the weighted score value is performed:
and generating a corresponding relation between the isolation area and the server, weighting the weight value of the server in the isolation area, and calculating to obtain the score value of the isolation area.
Further, the step of arranging the isolation areas according to the order of the score values from low to high to construct a trust chain, and the step of generating a transition key between two adjacent isolation areas on the trust chain comprises the following steps:
Sorting the isolation areas according to the sequence from the large fraction value to the small fraction value, and connecting all the isolation areas in series according to the sorted result to construct a trust chain;
generating a transition protocol between two adjacent isolation areas on the trust chain, and determining a transition key according to a preset key generation mode;
And testing the transition protocol and the transition key.
Further, when receiving a wireless network connection request sent by the terminal, the step of sequentially verifying the trust chain includes:
When a wireless network connection request sent by a terminal is received, verifying the trust chain;
If the verification is passed, the wireless network connection request is accessed into a trust chain, and the transition key of the wireless network connection request is continuously verified;
and if the verification is not passed, rejecting the wireless network connection request.
Further, the method further comprises:
Receiving a wireless network connection request in an effective range, and judging whether the wireless network connection request contains malicious features or not;
If the wireless network connection request contains malicious features, the malicious features in the wireless network connection request are extracted, a protection platform is built, the wireless network connection request is marked based on the protection platform, a marking request is obtained, and the limited access time of the marking request is determined;
if no malicious features are contained, the wireless network connection request is allowed.
Further, the system includes:
the segmentation module can acquire an access range of the wireless network, segment the access range and determine that the segmented access range is an isolation area, and the number of the isolation areas is at least two;
The weighting module can determine a server supported by the wireless network access target router to access, insert a weight value label into the server, divide the server into an isolation area, weight the weight value label in the isolation area, and calculate a weighted score value;
The construction module is used for arranging the isolation areas according to the sequence from low to high of the score value, constructing a trust chain and generating a transition key between two adjacent isolation areas on the trust chain;
and the verification module can sequentially verify the trust chain when receiving a wireless network connection request sent by the terminal.
Further, the segmentation module includes:
the access unit is used for acquiring the weight value of the server, generating a weight value label and inserting the weight value label into the server;
and the establishing unit can establish the dividing standard of the server and divide the server into the isolation areas.
Further, the weighting module includes:
The corresponding unit can generate a corresponding relation between the isolation area and the server;
and the calculating unit is used for weighting the weight value of the server in the isolation area and calculating to obtain the fraction value of the isolation area.
The technical scheme of the invention also provides a routing device, which comprises one or more processors and one or more memories, wherein at least one program code is stored in the one or more memories, and the wireless network access method is realized when the program code is loaded and executed by the one or more processors.
Compared with the prior art, the invention has the beneficial effects that:
1. the wireless network is divided, the isolation area is set, the importance degree of the isolation area can be determined by weighting the isolation area, so that the important isolation area is protected, the access range of the wireless network is determined by constructing a trust chain, the lateral movement of the wireless network is limited, the damage range of the wireless network when the wireless network is attacked is effectively reduced, and the protection effect of the important isolation area is greatly improved.
2. By utilizing the malicious features to construct a protection platform and marking the wireless network connection request containing the malicious features, the re-connection of the malicious features is avoided, and the security of the isolation area is further improved.
Drawings
Fig. 1 is a flow chart of a wireless network access method according to an embodiment of the present invention;
Fig. 2 is a first sub-flowchart of a wireless network access method according to an embodiment of the present invention;
fig. 3 is a second sub-flowchart of a wireless network access method according to an embodiment of the present invention;
fig. 4 is a third sub-flowchart of a wireless network access method according to an embodiment of the present invention;
Fig. 5 is a fourth sub-flowchart of a wireless network access method according to an embodiment of the present invention;
fig. 6 is a block diagram of a wireless network access system according to an embodiment of the present invention;
fig. 7 is a block diagram of a segmentation module in a wireless network access system according to an embodiment of the present invention;
Fig. 8 is a block diagram of a weighting module in a wireless network access system according to an embodiment of the present invention;
fig. 9 is a block diagram of a building block of a wireless network access system according to an embodiment of the present invention;
fig. 10 is a block diagram of a verification module in a wireless network access system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In embodiment 1, fig. 1 shows an implementation flow of a wireless network access method provided by an embodiment of the present invention, and the following details are described below:
S100: and acquiring an access range of the wireless network, dividing the access range, and determining the divided access range as isolation areas, wherein the number of the isolation areas is at least two.
Firstly, determining a server or equipment which is accessed to a wireless network, such as a smart refrigerator, a washing machine, a mobile phone, a notebook computer and the like in a household, and also can be a server of a production department, wherein the use range of the equipment is called as an access range of the wireless network, the access range is divided into a plurality of isolation areas, and the division standard is the importance of the equipment; for example, a device such as a mobile phone, a notebook computer, etc. may be divided into a first isolation area for protecting important devices, and a smart refrigerator, a washing machine, etc. may be divided into a second isolation area for protecting general devices.
S200: determining a server supported by a wireless network access target router to access, inserting a weight value label into the server, dividing the server into an isolation area, weighting the weight value label in the isolation area, and calculating a weighted score value.
The server supporting access is a mobile phone, a notebook computer and other devices, and firstly, different weight values are given to each device, for example, the mobile phone needs to be protected with emphasis, a higher weight value can be given, a refrigerator does not need to be protected with emphasis, a lower weight value can be given, the weight values of the devices in each isolation region are overlapped, the score value of each isolation region is determined, and the higher the score value, the more important the isolation region is, and the important protection is needed.
S300: and arranging the isolation areas according to the sequence from low to high of the score value, constructing a trust chain, and generating a transition key between two adjacent isolation areas on the trust chain.
And sequencing the isolation areas according to the magnitude of the isolation area values, constructing a trust chain, and determining a transition key between two adjacent isolation areas on the trust chain.
When an access request is received, verifying the access request, if the access request passes the verification, accessing the access request to a first isolation area, if the access request needs to be accessed to a second isolation area, verifying a transition key in the access request, and after the transition key passes the verification, allowing the access request to the second isolation area; the fraction value of the first isolation region is smaller than that of the second isolation region, and when the third isolation region or more is required to be accessed, the transition keys are required to be verified in sequence; upon accessing the first isolation region, the second isolation region, or more, the data within the accessed isolation region may be invoked or the devices within the accessed isolation region may be controlled.
The method has the advantages that even if malicious features exist in the access request, only the accessed isolation area is affected, other isolation areas are not affected, and the attack range of the malicious features is greatly reduced; in addition, by constructing different isolation areas according to the importance degree, the protection effect of important equipment is greatly improved.
S400: and when receiving a wireless network connection request sent by the terminal, sequentially verifying the trust chain.
And verifying the received wireless network connection request by using the trust chain, and allowing access to the corresponding isolation area if the verification is passed.
In embodiment 2, fig. 2 shows an implementation flow of the wireless network access method provided by the embodiment of the present invention, and the following steps of acquiring the access range of the wireless network and dividing the wireless network are described in detail, where:
S101: and acquiring the weight value of the server, generating a weight value label, and inserting the weight value label into the server.
Firstly, a connection relation between a server and a target router is required to be established, and after the wireless network is used for accessing the target router, data in the server can be called, wherein the server can be a mobile phone, a computer and the like, and can also be a server of a production department; according to the importance of the servers, giving different weight values to each server, generating weight value labels according to the weight values, and inserting the weight value labels into the servers.
S102: establishing a dividing standard of the server, and dividing the server into isolation areas.
The server partitioning criteria is generally the importance of the server, or the vulnerability of the server, and the server is partitioned into different isolation areas according to the partitioning criteria.
In embodiment 3, fig. 3 shows a flow of implementing the wireless network access method according to the embodiment of the present invention, and the following steps of weighting all isolation areas based on preset weight values and determining the weighted score values of the isolation areas are described in detail, as follows:
s201: and generating the corresponding relation between the isolation area and the server.
The corresponding weight values of all the servers are obtained, wherein the weight values represent the importance degrees of the servers, the higher the weight values are, the higher the importance degrees are, and meanwhile, the corresponding relation with the isolation areas is determined according to the importance degrees of each server.
S202: and weighting the weight value of the server in the isolation area, and calculating to obtain the fraction value of the isolation area.
The weight values of all servers in the isolation area are weighted, and the total score value of the isolation area is calculated, wherein the higher the score value is, the more important the isolation area is proved.
In embodiment 4, fig. 4 shows a flow of implementing the wireless network access method provided by the embodiment of the present invention, and the following steps of ordering all isolation areas according to weighted score values, constructing a trust chain by using a first isolation area and a second isolation area according to the order of the score values from low to high, and determining a transition key between two adjacent isolation areas on the trust chain are detailed as follows:
S301: and sequencing the isolation areas according to the sequence from the large fraction value to the small fraction value, and connecting all the isolation areas in series according to the sequencing result to construct a trust chain.
And sequencing all the isolation areas according to the total score value of the isolation areas, and connecting the sequenced isolation areas in series to construct a trust chain.
S302: and generating a transition protocol between two adjacent isolation areas on the trust chain, and determining a transition key according to a preset key generation mode.
And determining a transition protocol between two adjacent isolation areas on the trust chain, wherein the transition protocol can be a QKD protocol, a BB84 protocol and the like, different transition protocols have different key generation modes, and generating a transition key according to a preset key generation mode, wherein the preset key generation mode is a key generation mode matched with the transition protocol.
S303: and testing the transition protocol and the transition key.
And testing the transition protocol and the transition key to ensure the compatibility of the transition protocol and the transition key.
In embodiment 5, fig. 5 shows a flow of implementing the wireless network access method provided by the embodiment of the present invention, and the following details of the step of sequentially verifying the trust chain when a wireless network connection request sent by a terminal is received, where:
s401: and when a wireless network connection request sent by the terminal is received, verifying the trust chain.
When a wireless network connection request sent by a terminal is received, the terminal can be terminal equipment with any position source, and the wireless network connection request is utilized to sequentially verify all isolation areas on a trust chain.
S402: judging whether the verification is passed or not, if the verification is passed, accessing the wireless network connection request into a trust chain, and continuing to verify a transition key of the wireless network connection request; and if the verification is not passed, rejecting the wireless network connection request.
If the verification is passed, allowing access to the isolation area, and simultaneously allowing control of equipment in the isolation area or calling of data in the isolation area; the transition key in the wireless network connection request is then verified again, and if the transition key verification passes, access to the next quarantine area is allowed.
In embodiment 6, unlike embodiment 1, in an embodiment of the present invention, the method further includes:
Receiving a wireless network connection request in an effective range, and judging whether the wireless network connection request contains malicious features or not;
If the wireless network connection request contains malicious features, the malicious features in the wireless network connection request are extracted, a protection platform is built, the wireless network connection request is marked based on the protection platform, a marking request is obtained, and the limited access time of the marking request is determined;
if no malicious features are contained, the wireless network connection request is allowed.
Determining an effective signal range of a router, receiving a wireless network connection request in the range, and determining whether the wireless network connection request contains malicious features by checking a source of the wireless network connection request, analyzing signal strength of the wireless network connection request, detecting an unsynchronized MAC time stamp, checking a wrong channel and other modes; if the wireless network connection request comprises the malicious features, a protection platform is built, the wireless network connection request containing the malicious features is marked, so that a marked request is obtained, the marked request is uploaded to the protection platform, the limited access time of the marked request is added in the protection platform, and the wireless network connection request containing the malicious features is prevented from frequently applying for access for a plurality of times in a short time.
By adding the restricted access time to the mark request, the protection effect of the router can be improved, and the security of the server can be improved.
Fig. 6 shows a block diagram of a wireless network access system according to an embodiment of the present invention, where the wireless network access system 1 includes:
The segmentation module 11 is configured to obtain an access range of a wireless network, segment the access range, and determine that the segmented access range is an isolation area, where the number of the isolation areas is at least two;
The weighting module 12 is capable of determining a server which is supported by the wireless network access target router to access, inserting a weight value label into the server, and dividing the server into isolation areas; weighting the weight value labels in the isolation area, and calculating a weighted score value;
The construction module 13 is used for arranging the isolation areas according to the sequence from low to high of the score value, constructing a trust chain and generating a transition key between two adjacent isolation areas on the trust chain;
the verification module 14 may sequentially verify the trust chain when receiving a wireless network connection request sent by the terminal.
Fig. 7 shows a block diagram of a wireless network access system according to an embodiment of the present invention, where the dividing module 11 includes:
an access unit 111, configured to obtain a weight value of the server, generate a weight value tag, and insert the weight value tag into the server;
The establishing unit 112 can establish a division standard of the server and divide the server into the isolation areas.
Fig. 8 shows a block diagram of a wireless network access system according to an embodiment of the present invention, where the weighting module 12 includes:
a correspondence unit 121 capable of generating a correspondence between the isolation area and a server;
and a calculating unit 122, configured to weight the weight value of the server in the isolation area, and calculate a score value of the isolation area.
Fig. 9 shows a block diagram of a wireless network access system according to an embodiment of the present invention, where the building module 13 includes:
The sorting unit 131 can sort the isolation areas according to the order of the score values from large to small, and connect all the isolation areas in series according to the sorted result to construct a trust chain;
A determining unit 132, configured to generate a transition protocol between two adjacent isolation areas on the trust chain, and determine a transition key according to a preset key generation manner;
And a test unit 133 for testing the transition protocol and the transition key.
Fig. 10 shows a block diagram of a wireless network access system according to an embodiment of the present invention, where the verification module 14 includes:
A receiving unit 141, configured to verify the trust chain when receiving a wireless network connection request of a wireless network sent by a terminal;
A judging unit 142, configured to judge whether the authentication is passed, and if the authentication is passed, to access the wireless network connection request to a trust chain, and to continue to authenticate the transition key of the wireless network connection request; and if the verification is not passed, rejecting the wireless network connection request.
The segmentation module 11 is mainly used for completing step S100, the weighting module 12 is mainly used for completing step S200, the construction module 13 is mainly used for completing step S300, and the verification module 14 is mainly used for completing step S400;
Wherein the access unit 111 is mainly used for completing step S101, and the establishing unit 112 is mainly used for completing step S102; the corresponding unit 121 is mainly used for completing step S201, and the calculating unit 122 is mainly used for completing step S202; the sorting unit 131 is mainly used for completing step S301, the determining unit 132 is mainly used for completing step S302, and the testing unit 133 is mainly used for completing step S303; the receiving unit 141 is mainly used for completing step S401, and the judging unit 142 is mainly used for completing step S402.
The functions that can be implemented by the wireless network access method are all completed by a computer device, the computer device comprises one or more processors and one or more memories, at least one program code is stored in the one or more memories, and the program code is loaded and executed by the one or more processors to implement the wireless network access method.
The processor takes out instructions from the memory one by one, analyzes the instructions, then completes corresponding operation according to the instruction requirement, generates a series of control commands, enables all parts of the computer to automatically, continuously and cooperatively act to form an organic whole, realizes the input of programs, the input of data, the operation and the output of results, and the arithmetic operation or the logic operation generated in the process is completed by the arithmetic unit; the memory comprises a read-only memory, the read-only memory is used for storing a computer program, and a protection device is arranged outside the memory.
For example, a computer program may be split into one or more modules, one or more modules stored in memory and executed by a processor to perform the present invention. One or more of the modules may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program in the terminal device.
It will be appreciated by those skilled in the art that the foregoing description of the service device is merely an example and is not meant to be limiting, and may include more or fewer components than the foregoing description, or may combine certain components, or different components, such as may include input-output devices, network access devices, buses, etc.
The processor may be a central processing unit, or may be other general purpose processors, digital signal processors, application specific integrated circuits, off-the-shelf programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is the control center of the terminal device described above, and which connects the various parts of the entire user terminal using various interfaces and lines.
The memory may be used for storing computer programs and/or modules, and the processor may implement various functions of the terminal device by running or executing the computer programs and/or modules stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as an information acquisition template display function, a product information release function, etc.), and the like; the storage data area may store data created according to the use of the berth status display system (e.g., product information acquisition templates corresponding to different product types, product information required to be released by different product providers, etc.), and so on. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card, secure digital card, flash memory card, at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The modules/units integrated in the terminal device may be stored in a computer readable medium if implemented in the form of software functional units and sold or used as separate products. Based on this understanding, the present invention may implement all or part of the modules/units in the system of the above-described embodiments, or may be implemented by instructing the relevant hardware by a computer program, which may be stored in a computer-readable medium, and which, when executed by a processor, may implement the functions of the respective system embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, a recording medium, a USB flash disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory, a random access memory, an electrical carrier wave signal, a telecommunication signal, a software distribution medium, and so forth.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the invention, and all equivalent structures or equivalent processes using the present invention and the appended claims, or direct or indirect application in other relevant technical fields, are included in the scope of the present invention.
Claims (10)
1. A wireless network access method, the method comprising:
Acquiring an access range of a wireless network, dividing the access range, and determining that the divided access range is an isolation area, wherein the number of the isolation areas is at least two;
Determining a server supported by a wireless network access target router to access, inserting a weight value label into the server, and dividing the server into an isolation area;
Weighting the weight value labels in the isolation area, and calculating a weighted score value;
Arranging isolation areas according to the sequence of the score values from low to high, constructing a trust chain, and generating a transition key between two adjacent isolation areas on the trust chain;
when a wireless network connection request sent by a terminal is received, sequentially verifying the trust chain;
The server comprises a mobile phone and a computer, the dividing standard of the server is the importance degree of the server, the vulnerable degree of the server can be also realized, different weight values are given to each device in the server, a weight value label is generated according to the weight values, and then the weight value label is inserted into the server.
2. The method of claim 1, wherein the step of inserting a weight value tag into the server to partition the server into isolation zones comprises:
acquiring a weight value of the server, generating a weight value label, and inserting the weight value label into the server;
establishing a dividing standard of the server, and dividing the server into isolation areas.
3. The method of claim 2, wherein the step of weighting the weight value tags in the isolation zone and calculating a weighted score value comprises the steps of:
and generating a corresponding relation between the isolation area and the server, weighting the weight value of the server in the isolation area, and calculating to obtain the score value of the isolation area.
4. A method according to claim 3, wherein the step of arranging the isolation regions in the order of the score values from low to high, constructing a trust chain, and generating a transition key between two adjacent isolation regions on the trust chain comprises:
Sorting the isolation areas according to the sequence from the large fraction value to the small fraction value, and connecting all the isolation areas in series according to the sorted result to construct a trust chain;
generating a transition protocol between two adjacent isolation areas on the trust chain, and determining a transition key according to a preset key generation mode;
And testing the transition protocol and the transition key.
5. The method of claim 4, wherein the step of sequentially verifying the trust chain when the wireless network connection request sent by the terminal is received comprises:
When a wireless network connection request sent by a terminal is received, verifying the trust chain;
If the verification is passed, the wireless network connection request is accessed into a trust chain, and the transition key of the wireless network connection request is continuously verified;
and if the verification is not passed, rejecting the wireless network connection request.
6. The method according to claim 1, wherein the method further comprises:
Receiving a wireless network connection request in an effective range, and judging whether the wireless network connection request contains malicious features or not;
If the wireless network connection request contains malicious features, the malicious features in the wireless network connection request are extracted, a protection platform is built, the wireless network connection request is marked based on the protection platform, a marking request is obtained, and the limited access time of the marking request is determined;
if no malicious features are contained, the wireless network connection request is allowed.
7. A wireless network access system, the system comprising:
the segmentation module can acquire an access range of the wireless network, segment the access range and determine that the segmented access range is an isolation area, and the number of the isolation areas is at least two;
The weighting module can determine a server supported by the wireless network access target router to access, insert a weight value label into the server, divide the server into an isolation area, weight the weight value label in the isolation area, and calculate a weighted score value;
The construction module is used for arranging the isolation areas according to the sequence from low to high of the score value, constructing a trust chain and generating a transition key between two adjacent isolation areas on the trust chain;
the verification module can sequentially verify the trust chain when receiving a wireless network connection request sent by the terminal;
The server comprises a mobile phone and a computer, the dividing standard of the server is the importance degree of the server, the vulnerable degree of the server can be also realized, different weight values are given to each device in the server, a weight value label is generated according to the weight values, and then the weight value label is inserted into the server.
8. The system of claim 7, wherein the segmentation module comprises:
the access unit is used for acquiring the weight value of the server, generating a weight value label and inserting the weight value label into the server;
and the establishing unit can establish the dividing standard of the server and divide the server into the isolation areas.
9. The system of claim 8, wherein the weighting module comprises:
The corresponding unit can generate a corresponding relation between the isolation area and the server;
and the calculating unit is used for weighting the weight value of the server in the isolation area and calculating to obtain the fraction value of the isolation area.
10. A routing device comprising one or more processors and one or more memories, the one or more memories having stored therein at least one program code that, when loaded and executed by the one or more processors, implements the wireless network access method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311659024.3A CN117596600B (en) | 2023-12-06 | 2023-12-06 | Wireless network access method, system and routing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311659024.3A CN117596600B (en) | 2023-12-06 | 2023-12-06 | Wireless network access method, system and routing device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117596600A CN117596600A (en) | 2024-02-23 |
| CN117596600B true CN117596600B (en) | 2024-06-11 |
Family
ID=89911360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311659024.3A Active CN117596600B (en) | 2023-12-06 | 2023-12-06 | Wireless network access method, system and routing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596600B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104540135A (en) * | 2015-01-12 | 2015-04-22 | 深圳市中兴移动通信有限公司 | Safety access method of wireless network, device and terminal |
| CN104580155A (en) * | 2014-12-11 | 2015-04-29 | 深圳市金立通信设备有限公司 | Safety protection method |
| CN105376738A (en) * | 2015-09-30 | 2016-03-02 | 小米科技有限责任公司 | Wireless network access method, apparatus and system |
| CN109429229A (en) * | 2017-09-05 | 2019-03-05 | 腾讯科技(深圳)有限公司 | Obtain the method, apparatus and computer readable storage medium of network access information |
| CN113365277A (en) * | 2020-07-06 | 2021-09-07 | 中央广播电视总台 | Wireless network safety protection system |
| WO2022033316A1 (en) * | 2020-08-12 | 2022-02-17 | 中兴通讯股份有限公司 | Wifi access method and system, device, and medium |
| CN114268955A (en) * | 2021-12-23 | 2022-04-01 | 智小途(上海)数字科技有限公司 | Cognitive matching method and system for wireless communication network node signals |
-
2023
- 2023-12-06 CN CN202311659024.3A patent/CN117596600B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580155A (en) * | 2014-12-11 | 2015-04-29 | 深圳市金立通信设备有限公司 | Safety protection method |
| CN104540135A (en) * | 2015-01-12 | 2015-04-22 | 深圳市中兴移动通信有限公司 | Safety access method of wireless network, device and terminal |
| CN105376738A (en) * | 2015-09-30 | 2016-03-02 | 小米科技有限责任公司 | Wireless network access method, apparatus and system |
| CN109429229A (en) * | 2017-09-05 | 2019-03-05 | 腾讯科技(深圳)有限公司 | Obtain the method, apparatus and computer readable storage medium of network access information |
| CN113365277A (en) * | 2020-07-06 | 2021-09-07 | 中央广播电视总台 | Wireless network safety protection system |
| WO2022033316A1 (en) * | 2020-08-12 | 2022-02-17 | 中兴通讯股份有限公司 | Wifi access method and system, device, and medium |
| CN114268955A (en) * | 2021-12-23 | 2022-04-01 | 智小途(上海)数字科技有限公司 | Cognitive matching method and system for wireless communication network node signals |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117596600A (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| US11757924B2 (en) | Third-party application risk assessment in an authorization service | |
| CN111383021B (en) | Node management method, device, equipment and medium based on block chain network | |
| CN111556059A (en) | Abnormity detection method, abnormity detection device and terminal equipment | |
| CN114598512B (en) | Network security guarantee method and device based on honeypot and terminal equipment | |
| CN113067859B (en) | Communication method and device based on cloud mobile phone | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| CN109190411A (en) | A kind of active safety means of defence, system and the terminal device of operating system | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN110365626B (en) | User login security authentication method for anti-collision library, terminal equipment and storage medium | |
| CN112583608A (en) | Cooperative processing method, device and equipment | |
| CN114238874A (en) | Digital signature verification method and device, computer equipment and storage medium | |
| CN117596600B (en) | Wireless network access method, system and routing device | |
| CN111800390A (en) | Abnormal access detection method, device, gateway equipment and storage medium | |
| CN112637167A (en) | System login method and device, computer equipment and storage medium | |
| CN109067551A (en) | A kind of real name identification method, computer readable storage medium and terminal device | |
| CN104021351A (en) | Method and device for data resource access | |
| CN111639033B (en) | Software security threat analysis method and system | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN115733674A (en) | Security reinforcement method and device, electronic equipment and readable storage medium | |
| CN116743460A (en) | Data exchange isolation method, system, equipment and storage medium for internal and external network | |
| US20090177616A1 (en) | Hardware security unit and multiple-valued logic operational method thereof | |
| CN116582315A (en) | Verification method, verification device, cloud computing system, electronic equipment and storage medium | |
| CN115567287A (en) | Authority verification method, device, equipment and storage medium | |
| CN117650922A (en) | Security protection method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |