CN117714279A

CN117714279A - Method for device management, router and readable storage medium

Info

Publication number: CN117714279A
Application number: CN202310950608.XA
Authority: CN
Inventors: 邵磊; 施磊; 李瑾; 方宇卓
Original assignee: Honor Device Co Ltd
Current assignee: Honor Device Co Ltd
Priority date: 2023-07-28
Filing date: 2023-07-28
Publication date: 2024-03-15

Abstract

The application discloses a device management method, a router and a readable storage medium, and belongs to the technical field of terminals. The method comprises the following steps: and under the condition of receiving the service request of the first electronic equipment, responding to the service request according to service authority configuration information, wherein the service authority configuration information is used for indicating the mapping relation between the service authority of the first electronic equipment and the first Media Access Control (MAC) address information currently used. Under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, the first MAC address information in the service authority configuration information is modified into the second MAC address information according to a first mapping relation, and the first mapping relation is used for recording the mapping relation between the equipment fingerprint characteristics of the first electronic equipment and the MAC address information. Therefore, the service authority configuration information is always effective, and the service authority of the first electronic equipment can be effectively controlled.

Description

Method for device management, router and readable storage medium

Technical Field

The present invention relates to the field of terminal technologies, and in particular, to a method for device management, a router, and a readable storage medium.

Background

With the rapid development of terminal technology, electronic devices are widely used. In some application scenarios, a user may configure a service right of an electronic device accessing a router to limit a surfing right of the electronic device, such as a child surfing protection.

In the related art, the service authority of an electronic device is generally configured in a router based on media access control (Medium Access Control, MAC) address information of the electronic device.

However, in some scenarios, the electronic device may access the router using random MAC address information, i.e. no longer using the original MAC address information access, which would result in a failure of the service entitlement configuration in the router.

Disclosure of Invention

The application provides a device management method, a router and a readable storage medium, which can solve the problem that service authority configuration in the router is invalid when electronic equipment is accessed by using random MAC address information in the related technology. The technical scheme is as follows:

in a first aspect, a method for device management is provided, applied to a router, and the method includes:

under the condition of receiving a service request of first electronic equipment, responding to the service request according to service authority configuration information, wherein the first electronic equipment is any electronic equipment accessed to the router, and the service authority configuration information is used for indicating the mapping relation between the service authority of the first electronic equipment and first Media Access Control (MAC) address information currently used;

Under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, the first MAC address information in the service authority configuration information is modified into the second MAC address information according to a first mapping relation, wherein the first mapping relation is used for recording the mapping relation between the equipment fingerprint characteristics of the first electronic equipment and the MAC address information, and the equipment fingerprint characteristics are determined based on the messages interacted between the first electronic equipment and the router after the first electronic equipment is accessed to the router.

Therefore, the MAC address information in the service authority configuration information is matched with the MAC address information used when the first electronic equipment is accessed to the router, namely the service authority configuration information is enabled to be effective all the time, and therefore effective control of the service authority of the first electronic equipment is ensured.

As an example of the present application, when the first electronic device re-accesses the router using second MAC address information, modifying the first MAC address information in the service authority configuration information to the second MAC address information according to a first mapping relationship includes:

Under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, acquiring the equipment fingerprint characteristics according to the message interacted between the first electronic equipment and the router;

inquiring corresponding MAC address information from the first mapping relation according to the equipment fingerprint characteristics to obtain the first MAC address information;

and modifying the first MAC address information in the service authority configuration information into the second MAC address information under the condition that the first MAC address information is different from the second MAC address information.

In this way, by monitoring the message interacted between the first electronic device and the router, a first mapping relation between the device fingerprint feature of the first electronic device and the first MAC address information is established, so that the MAC address information of the first electronic device is managed based on the first mapping relation, service authority configuration information can be modified in time after the MAC address information of the first electronic device is changed, and further the configured service authority configuration information is not invalid after the first electronic device is accessed by using random MAC address information.

As an example of the present application, the method further comprises:

And modifying the first MAC address information in the first mapping relation into the second MAC address information.

Therefore, by modifying the first mapping relation, when the subsequent first electronic equipment uses the random MAC address information again for access, the router can still manage the MAC address information according to the modified first mapping relation.

As an example of the present application, when the first electronic device re-accesses the router using the second MAC address information, the acquiring the device fingerprint feature according to a packet interacted between the first electronic device and the router includes:

under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, monitoring a message of a target type, wherein the message of the target type comprises a Multicast Domain Name System (MDNS) message, a data message transmission layer security protocol (DTLS) message and a BROWSER message;

and under the condition that the message of the target type is monitored, acquiring the fingerprint characteristics of the equipment from the monitored message.

Therefore, by monitoring different types of messages at the same time, the router can acquire the device fingerprint characteristics of the first electronic device, and the success rate of acquiring the device fingerprint characteristics is improved.

As an example of the present application, in a case that the first electronic device re-accesses the router using the second MAC address information, monitoring a message of a target type includes:

and under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, monitoring the message of the target type through a first hook and a second hook respectively, wherein the first hook is used for monitoring the MDNS message, and the second hook is used for monitoring the DTLS message and the BROWSER message.

Therefore, the messages of different types are monitored through the different hooks respectively, so that the first electronic equipment can monitor the messages under the condition of reporting any type of messages, and the equipment fingerprint characteristics of the first electronic equipment can be effectively obtained.

As an example of the present application, in a case where the message of the target type is monitored, the acquiring the device fingerprint feature from the monitored message includes:

under the condition that the MDNS message is monitored, analyzing a character string corresponding to a first key field in the MDNS message to obtain the fingerprint characteristics of the equipment;

Under the condition that the DTLS message is monitored, analyzing a character string corresponding to a second key field in the DTLS message to obtain the fingerprint feature of the equipment;

and under the condition that the BROWSER message is monitored, analyzing the character string corresponding to the third key field in the BROWSER message to obtain the fingerprint feature of the equipment.

In this way, for different messages, the device fingerprint characteristics of the first electronic device can be successfully obtained by analyzing the characteristics of each message.

As an example of the present application, the first key field is a Name field, the second key field is a UDID field, and the third key field is a response computer Name field of a message having a command of Request Announcement (0 x 02) or a Host Name field of a message having a command of Host Announcement (0 x 01).

As an example of the present application, the first HOOK is nf_br_local_in HOOK and the second HOOK is nf_inet_local_in HOOK.

Therefore, the monitoring function is added into the existing hook of the router, so that the development cost is reduced, and the purpose of monitoring the target type message is achieved.

As an example of the present application, the method further comprises:

Responding to the first electronic equipment to re-access the router by using the second MAC address information, and sending a NetBIOS detection message to the first electronic equipment;

and monitoring a NetBIOS response message sent by the first electronic equipment.

Thus, by sending the NetBIOS detection message, the router feeds back the NetBIOS response message, so that the device fingerprint characteristics can be obtained from the NetBIOS response message.

and under the condition that the NetBIOS response message is monitored, analyzing a character string corresponding to a name field in the NetBIOS response message to obtain the fingerprint characteristics of the equipment.

Thus, according to the characteristics of the NetBIOS response message, the character string corresponding to the name field in the NetBIOS response message is analyzed, so that the fingerprint characteristics of the device can be obtained.

As an example of the application, the router includes a data acquisition module, a data control management module, and a service configuration module: under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, acquiring the equipment fingerprint feature according to the message interacted between the first electronic equipment and the router, including:

Under the condition that the first electronic equipment is re-accessed to the router by using the second MAC address information, the data acquisition module acquires the equipment fingerprint characteristics according to the interactive message between the first electronic equipment and the router;

the data acquisition module sends the fingerprint characteristics of the equipment and the second MAC address information to the data control management module;

inquiring corresponding MAC address information from the first mapping relation according to the equipment fingerprint characteristics to obtain the first MAC address information, wherein the method comprises the following steps:

the data control management module inquires corresponding MAC address information from the first mapping relation according to the fingerprint characteristics of the equipment to obtain the first MAC address information;

modifying the first MAC address information in the service authority configuration information to the second MAC address information when the first MAC address information is not identical to the second MAC address information, including:

the data control management module sends a target message to the service configuration module under the condition that the first MAC address information is different from the second MAC address information, wherein the target message carries the first MAC address information and the second MAC address information;

The service configuration module modifies the first MAC address information in the service authority configuration information into the second MAC address information according to the first MAC address information.

Therefore, the modification of the first MAC address information in the service authority configuration information is realized through the interaction of a plurality of modules, so that the service authority configuration information is ensured not to be invalid.

In a second aspect, there is provided an electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of device management of the first aspect described above when executing the computer program.

In a third aspect, there is provided a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of device management of the first aspect described above.

In a fourth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of device management as described in the first aspect above.

The technical effects obtained by the second, third and fourth aspects are similar to the technical effects obtained by the corresponding technical means in the first aspect, and are not described in detail herein.

Drawings

FIG. 1 is a schematic diagram of an application scenario shown in accordance with an exemplary embodiment;

FIG. 2 is a schematic diagram of an application scenario illustrated in accordance with another exemplary embodiment;

FIG. 3 is a schematic diagram of a router according to an exemplary embodiment;

FIG. 4 is a schematic diagram of a framework of a router shown according to an exemplary embodiment;

FIG. 5 is a schematic diagram illustrating a first mapping establishment procedure according to an exemplary embodiment;

FIG. 6 is a schematic diagram of a framework of a router shown according to another exemplary embodiment;

FIG. 7 is a flowchart illustrating a method of device management, according to an example embodiment;

FIG. 8 is a schematic diagram of an electronic device, according to an example embodiment;

fig. 9 is a schematic diagram of a software system of an electronic device, according to an example embodiment.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

It should be understood that reference herein to "a plurality" means two or more. In the description of the present application, "/" means or, unless otherwise indicated, for example, a/B may represent a or B; "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, for the purpose of facilitating the clear description of the technical solutions of the present application, the words "first", "second", etc. are used to distinguish between the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.

Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.

The router is widely applied in the scenes of families, markets, offices and the like, and the electronic equipment can realize various internet surfing services through the access router. In some scenarios, however, a user typically needs to configure the service rights of one or more electronic devices accessing a router to control the internet surfing services of those electronic devices, such as child internet protection, wiFi blacklist, and the like. In the process of configuring service authority, service authority configuration information of an electronic device to be controlled is generally recorded in a router, wherein the service authority configuration information is used for indicating a mapping relationship between MAC address information of the electronic device and service authority, for example, for any electronic device accessing the router, if a user configures the service authority of the electronic device in the router, the router records the mapping relationship between the MAC address information of the electronic device and the configured service authority, and the recorded MAC address information is usually original MAC address information of the electronic device or is factory cured MAC address information of the electronic device. Therefore, when the electronic equipment carries out service request to the router, the router carries the MAC address information of the electronic equipment, and after determining that the configured service authority exists for the electronic equipment according to the mapping relation and the MAC address information carried in the service request, the router responds to the service request of the electronic equipment according to the configured service authority, thereby achieving the purpose of controlling the internet service of the electronic equipment.

With the wide application of electronic devices, device manufacturers continuously strengthen the privacy of users and the security protection of user data, and a random MAC mechanism is introduced for the purpose, so that when the electronic device is connected with a WiFi network, the electronic device uses a randomly generated MAC address information access router instead of the original MAC address information. Therefore, the internet control service of the router is influenced while the safety is brought to the user, so that the electronic equipment can bypass the internet control service, and the internet control service is invalid.

Therefore, the embodiment of the application provides a device management method, which can modify the random MAC address information after the electronic device uses the random MAC address information to access the router, so as to ensure that the service authority configuration information is still effective, thereby solving the problem of network access control service failure caused by random MAC.

For easy understanding, the following will take the example that the electronic device of the access router is a mobile phone and a tablet computer as an example, and briefly describe an exemplary application scenario related to the embodiments of the present application.

Both the tablet computer A and the mobile phone B are connected with the router L, wherein the tablet computer A is connected with the router by using the MAC 1. When the user needs to set up child internet protection for the tablet computer a, APP1 can be opened in the mobile phone B, and an account bound with the router L is logged in the APP1, where APP1 is an application program capable of being used for managing the router L, and APP1 is an intelligent space application program, for example. As shown in fig. 1 (a), after the mobile phone B logs in the account of the router L through the APP1, a router login page S1 is displayed, where the router login page S1 includes a router identifier, and the user may click on the router identifier. As shown in fig. 1 (b), in response to the clicking operation of the router identifier by the user, the mobile phone displays a router management page S2, where the router management page S2 includes a "child internet surfing" option, and the user can click on the "child internet surfing" option. As shown in fig. 1 (c), in response to the triggering operation of the user on the "child internet surfing" option, the mobile phone displays a child internet surfing protection page S3, and the child internet surfing protection page S3 includes an "open child protection" control. When the user triggers the "open child protection" control, as shown in (d) of fig. 1, in response to the triggering operation of the user, the mobile phone B displays a device selection page S4, and two mobile phones accessed in the router L, that is, a tablet computer a (Honor MagicPad 13) and a mobile phone B (Honor Pro 5) are displayed in the device selection page S4, so that the user can select the tablet computer a to perform service authority configuration. In response to the user' S selection operation on the tablet computer a, as shown in (e) of fig. 1, the mobile phone B displays a service authority configuration page S5, so that the user can set a service authority in the service authority configuration page S5. For example, when the user turns off the switch corresponding to the game item, the mobile phone B notifies the router L of the service permission configuration, and the router L records the mapping relationship between the MAC1 of the tablet computer a and the game prohibition service permission, so that when the user uses the tablet computer a to download the game application package, the router L prohibits the service request, that is, the tablet computer a cannot download the game application package.

The above description is given taking, as an example, setting the download prohibition game application package in the service authority configuration page S5. In another example, the user may further perform other service permission configuration based on the service permission configuration page S5, for example, may further perform blacklist setting to set a website that the tablet computer a is not allowed to access, for example, the user may further set a nettime period, and the like of the tablet computer a based on the service permission configuration page S5, which will not be described in detail in this embodiment of the present application.

Referring to fig. 2, after a tablet computer a accesses a router L using a MAC1 and a user performs service authority configuration, the router L records a mapping relationship between the MAC1 and the service authority. The user can trigger the "forget network" in the tablet computer a, and the mapping relationship between the MAC1 and the service authority is still recorded in the router L. After that, the user can trigger the tablet computer a to re-access the router L, and at this time, the tablet computer a randomly generates the MAC2, and then uses the MAC2 to access the router L, where the MAC2 is different from the MAC 1. In this case, the method provided by the embodiment of the present application may enable the router L to modify the MAC1 in the service authority configuration information into the MAC2, that is, the router L records the mapping relationship between the MAC2 and the service authority. After that, when the user downloads the game application package using the tablet computer a, the router L refuses the service request, that is, the tablet computer a still cannot download the game application package.

It should be noted that the random MAC application scenario described in fig. 2 is merely exemplary, and in another example, the user may also enable the tablet computer a to access with the randomly generated MAC address information in the case of re-accessing the router L through other manners, which is not limited in the embodiment of the present application.

In addition, it should be noted that the above application scenario is only exemplary, and does not limit the application configuration of the method provided in the embodiment of the present application. In another example, the method may also be applied to other scenarios of performing service authority control based on MAC address information, which is not limited in this embodiment of the present application.

It should be noted that, the foregoing is an example in which the electronic device of the access router is a mobile phone, and in another example, the electronic device of the access router may also include a tablet computer, a digital camera, a desktop, a laptop, a handheld computer, a notebook, an ultra-mobile personal computer (UMPC), a netbook, a personal digital assistant (personal digital assistant, PDA), an augmented reality (augmented reality, AR) \virtual reality (VR) device, and the like, which is not limited in this embodiment of the present application.

After describing the application scenario related to the embodiments of the present application, the structure of the router related to the embodiments of the present application is described next, referring to fig. 3, fig. 3 is a schematic structural diagram of a router provided in the embodiments of the present application, where the router includes at least one processor 301, a communication bus 302, a memory 303, and at least one communication interface 304.

The processor 301 may be a microprocessor (including a central processing unit (central processing unit, CPU), etc.), an application-specific integrated circuit (ASIC), or may be one or more integrated circuits for controlling the execution of programs in accordance with aspects of the present application.

Communication bus 302 may include a path for transferring information between the above components.

The memory 303 may be, but is not limited to, read-Only memory (ROM), random-access memory (random access memory, RAM), electrically erasable programmable read-Only memory (EEPROM), or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a router. The memory 303 may be stand alone and be coupled to the processor 301 via the communication bus 302. Memory 303 may also be integrated with processor 301.

The communication interface 304 uses any transceiver-like device for communicating with other devices or communication networks.

In a particular implementation, as one embodiment, processor 301 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 3.

In a particular implementation, as one embodiment, a router may include multiple processors, such as processor 301 and processor 305 shown in FIG. 3. Each of these processors may be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

As an embodiment, the router may also include an output device 306 and an input device 307. The output device 306 communicates with the processor 301 and may display information in a variety of ways. For example, the output device 306 may be a liquid crystal display (liquid crystal display, LCD), a light emitting diode (light emitting diode, LED) display device, or the like. The input device 307 is in communication with the processor 301 and may receive user input in a variety of ways. For example, the input device 307 may be a mouse, a keyboard, a touch screen device, a sensing device, or the like.

Wherein the memory 303 is used for storing program code 310 for executing the present application, and the processor 301 is used for executing the program code 310 stored in the memory 303. The router may implement the methods provided by the various embodiments below by means of a processor 301 and program code 310 in a memory 303.

Referring to fig. 4, fig. 4 is a schematic diagram of a router according to an exemplary embodiment, where the router includes a data acquisition module, a data control management module, and a service configuration module.

As an example of the application, the data collection module is configured to monitor a packet carrying a device fingerprint feature, parse out the device fingerprint feature and MAC address information of the first electronic device, and report the device fingerprint feature to the data control management module, where the device fingerprint feature of the first electronic device is used to uniquely identify the first electronic device, and illustratively, the device fingerprint feature includes device identification information, a device model and a device fingerprint feature, and the device identification information may include a device name and/or a device ID. By way of example and not limitation, as shown in fig. 4, the data acquisition module includes a first module and a second module, and the data acquisition module monitors different types of messages through the first module and the second module, respectively.

The data control management module is used for establishing a first mapping relation between the device fingerprint characteristics of the first electronic device and the MAC address information, managing the first mapping relation, and notifying the service configuration module when the change of the MAC address information of the first electronic device is determined. By way of example and not limitation, the data control management module includes a data collection module for establishing and managing a first mapping relationship and an address management module for notifying the service configuration module when the MAC address information of the first electronic device changes.

The service configuration module is used for configuring the service authority of the first electronic equipment and processing the service request of the first electronic equipment according to the configured service authority.

Further, referring to fig. 4, the router further includes a device access management module, where the device access management module is configured to allocate IP address information to the first electronic device, and further is configured to broadcast an access message after the first electronic device accesses the router, where the access message includes access information related to the first electronic device, such as including the IP address information of the first electronic device and MAC address information used by the current access router.

As one example of the present application, a first module of the data acquisition module, and the data control management module, operates in kernel space; the second module of the data control management module, and the device access management module, operate in a user space. The kernel space is the running space of the kernel, can execute any command and call all resources of the system; the user space is the running space of some conventional processes, can only execute simple operation, can not directly call system resources, and needs to send instructions to the kernel through a system interface. Because the kernel space and the user space are mutually independent, even if a conventional process crashes, the kernel is not affected, that is, in the embodiment of the application, the analysis of the fingerprint characteristics of the device and the MAC address information of the electronic device hardly affect the establishment of the first mapping relation and the management of the first mapping relation.

On the basis of the above embodiments, the method provided in the embodiments of the present application will be described next. The method for managing the equipment provided by the embodiment of the application manages the MAC address information of the first electronic equipment based on the first mapping relation, so that the MAC address information in the service authority configuration information is matched with the MAC address information used by the current access router of the first electronic equipment, and the set service authority configuration information is ensured not to be invalid. The first mapping relationship is a mapping between the device fingerprint feature of the first electronic device and the currently used MAC address information, and for convenience of understanding, the following description will be given with reference to fig. 5 for the process of establishing the first mapping relationship:

Referring to fig. 5, fig. 5 is a flowchart illustrating a method for establishing a first mapping relationship according to an exemplary embodiment. The embodiment of the application describes taking the method that the router interacts with the first electronic device as an example, and further, the router interacts with the first electronic device through the plurality of modules. Illustratively, the method may include some or all of the following:

step 501: the first electronic device accesses the router using the first MAC address information.

The first MAC address information is MAC address information used by the access router of the first electronic device. In one possible scenario, the first MAC address information is the original MAC address information of the first electronic device, that is, the MAC address information of the first electronic device that is set by factory, for example, in the case that the first electronic device accesses the router for the first time, the first electronic device uses its original MAC address information to perform the access. In another possible case, the first MAC address information is MAC address information randomly generated when the first electronic device accesses the router this time. In this embodiment, the first MAC address information is described by taking as an example the original MAC address information of the first electronic device.

When a first electronic device requests to access a router by using first MAC address information, the router builds a link between the router and the first electronic device, and then IP address information is distributed to the first electronic device through a device access management module, so that the first electronic device is successfully accessed to the router.

It should be noted that, in the embodiment of the present application, the first electronic device access router refers to a WiFi network to which the first electronic device is connected, or the router has allocated network protocol (Internet Protocol, IP) address information to the first electronic device, and the first electronic device can surf the internet through the router.

Step 502: the device access management module sends an access message to the data control management module, wherein the access message carries the access information of the first electronic device.

In one example, the access information of the first electronic device includes first MAC address information and IP address information.

That is, after determining that the first electronic device successfully accesses the router, the device access management module may send an access message to the data control management module, so as to notify the device control management module that the first electronic device is accessed, and notify the device control management module of the access information of the first electronic device.

In one example, the first MAC address information may be reported by the kernel space to the device access management module via a netlink. Among them, netlink is an inter-process communication (Inter Process Commumicate, IPC) mechanism, which is a mechanism for kernel space and user space communication.

Step 503: the data control management module pulls up the second module and sends access information to the second module.

In one example, the second module is a netbios process.

That is, the data control management module pulls up the second module after receiving the access message, and sends the access information of the first electronic device currently accessed to the second module. As an example, the data control management module may splice the access information of the first electronic device into command parameters according to a preset rule, and then send the spliced command parameters to the second module.

Step 504: and the second module sends NetBIOS detection messages to the first electronic equipment based on the access information.

As an example of the application, the second module sends a NetBIOS detection message to the first electronic device based on the IP address information and the first MAC address information, so as to request to obtain information such as a device fingerprint feature of the first electronic device.

Illustratively, the NetBIOS probe message has the following partial contents:

＞Intrnet Protocol Version 4,Src:192.168.6.111,Dst:192.168.6.47

＞User Datagram Protocol,Src Port:137,Dst Port:137

∨NetBIOS Name Service

Transaction ID:0xfela

＞Flags:0x000,Opcode:Name query

step 505: after receiving the NetBIOS detection message, the first electronic device generates a NetBIOS response message based on the device fingerprint characteristics and the first MAC address information.

In one example, a first electronic device receives a NetBIOS probe message through a NetBIOS services process.

Step 506: the first electronic device sends a NetBIOS response message to the second module.

That is, after receiving the NetBIOS detection message, the first electronic device replies the device fingerprint feature and the first MAC address information to the router through a NetBIOS response message. As one example, the first electronic device sends a NetBIOS response message to the second module through a NetBIOS services process.

Step 507: the second module analyzes the character string corresponding to the name field in the NetBIOS response message to obtain the fingerprint feature of the device.

After the second module monitors the NetBIOS response message, the name field in the NetBIOS response message is analyzed, so that the fingerprint characteristics of the device can be obtained. Illustratively, the message content including the name field in the NetBIOS response message is as follows:

＞Intrnet Protocol Version 4,Src:192.168.6.47,Dst:192.168.6.111

＞User Datagram Protocol,Src Port:137,Dst Port:137

∨NetBIOS Name Service

Transaction ID：0xfela

＞Flags:0x8400,Response,Opcode:Name query,Authoritative,Reply code:No error

...

∨Answers

∨...

∨Name flags:0x8400,Name type,ONT:B-node,Name is active

Name:LAPTOP-NF89D0NP<00>(workstation/Redirector)

in this case, after the second module parses the name field in the NetBIOS response message, a string lapton-NF 89D0NP may be obtained, where the string is a device fingerprint feature of the first electronic device.

In addition, in the process of packet transmission, the first electronic device encapsulates information such as MAC address information in the outer layer of the packet, for example, intrnet Protocol Version, src:192.168.6.47, dst:192.168.6.111 in the packet are the encapsulated MAC address information, so that the packet is packaged into a data frame, and therefore, after analyzing the monitored NetBIOS response packet (i.e. the data frame), the first MAC address information of the first electronic device may be obtained, for example, the first MAC address information is 192.168.6.47.

Step 508: the second module sends the device fingerprint feature and the first MAC address information to the data control management module.

After analyzing the device fingerprint feature of the first electronic device, the second module reports the device fingerprint feature of the first electronic device and the first MAC address information to the data control management module, where the first MAC address information may be obtained by analyzing the NetBIOS response message.

Step 509: the data control management module establishes a first mapping relationship based on the device fingerprint feature and the first MAC address information.

That is, the data control management module associates the device fingerprint feature with the first MAC address information.

Step 510: the data control management module stores the first mapping relation into a database.

It should be noted that, in an alternative embodiment, steps 502 to 510 are performed by the first electronic device, and in another example, after the first electronic device accesses the router, no NetBIOS message interaction may be performed between the router and the first electronic device.

Step 511: and under the condition that the first electronic equipment accesses the router, the first module monitors the message belonging to the target type.

The target type of message is a message including a device fingerprint feature, and as an example of the present application, the target type of message includes a multicast (multicast Domain Name System, MDNS) message, a datagram transport layer security (Datagram Transport Layer Security, DTLS) message, and a BROWSER message.

In general, after the first electronic device accesses the router, some messages interact with the router according to service requirements, and in the case that the types and brands of the first electronic device are different, the sent messages are different. In one example, in the case that the first electronic device is a computer (window) type or mobile phone type electronic device, after the first electronic device of some manufacturers accesses the router, an MDNS message may be sent to the router, so that the communication information of the first electronic device itself is notified to other electronic devices accessing the same local area network through the MDNS message, for example, the communication information includes IP address information and device name of the first electronic device, so that the other electronic devices can discover the first electronic device based on the communication information, and can communicate with the first electronic device if necessary. In another example, when the first electronic device is a mobile phone or computer electronic device, after the first electronic device of some manufacturers accesses the router, a DTLS message may also be sent to the router, so as to realize mutual discovery with other electronic devices through the DTLS message, so that the first electronic device establishes communication with other electronic devices in the local area network. In addition, in the case that the first electronic device is a computer-like electronic device, after the first electronic device of some manufacturers accesses the router, a browse message may also be sent to the router, so as to interact information with other electronic devices through the browse message, where the information includes, for example, access information, an operating system version, a domain name, a machine name, and so on.

Therefore, when the first electronic device is an electronic device of different types and manufacturers, the messages sent by the first electronic device after being connected to the router are different. Based on this, since it is uncertain which message the first electronic device accesses the router, that is, the router cannot determine which type of message in the target types will be sent after the first electronic device accesses the router, the router monitors all types of messages in the target types through the first module at the same time, that is, monitors the MDNS message, the DTLS message and the BROWSER message at the same time, so that the first electronic device can monitor which type of messages in the three types no matter what type of messages the first electronic device sends.

As an example of the present application, the specific implementation of monitoring the message belonging to the target type by the first module includes: the first module monitors the message of the target type through a first hook and a second hook respectively, wherein the first hook is used for monitoring the MDNS message, and the second hook is used for monitoring the DTLS message and the BROWSER message.

IN one example, the first HOOK and the second HOOK are two HOOKs IN a bridge of a router, such as shown IN fig. 6, the first HOOK is nf_br_local_in HOOK and the second HOOK is nf_inet_local_in HOOK. I.e. to add monitoring functions to the target type message IN nf_br_local_in HOOK and nf_inet_local_in HOOK, respectively. Therefore, the development is reduced, and the purpose of message monitoring is achieved.

Please refer to fig. 6,NF_BR_LOCAL_IN HOOK, which is at the link layer (link layer) of the kernel, nf_inet_local_in HOOK is at the network layer (network layer) of the kernel.

It should be noted that, there is no strict sequence of execution between the step 511 and the steps 502 to 510.

Step 512: the first module analyzes the monitored message under the condition that the message belonging to the target type is monitored, so as to obtain the fingerprint characteristics of the equipment.

As described above, before the first electronic device sends the message to the router, the message is packaged into a data frame, and the data frame carries the information of the first MAC address information, the port number, the protocol type, and the like, and then sends the data frame to the router. Correspondingly, after the router receives the data frame through the first module, the first MAC address information can be resolved from the data frame. And the first module can parse the port number and the protocol type from the data frame, so that the type of the message can be determined according to the port number and the protocol type.

As an example of the present application, when the first module monitors a message and determines that the type of the message belongs to a target type according to the port number and the protocol information, the first module analyzes the message according to an analysis rule corresponding to the type of the currently received message, so as to obtain a device fingerprint feature of the first electronic device.

The parsing rules corresponding to the messages of different types are generally different, and the parsing rules corresponding to the messages of various types in the target type can be set according to requirements, and specifically, the parsing rules can include the following possible cases:

IN one possible case, the first electronic device sends the MDNS message to the router after accessing the router, IN which case the first module monitors the MDNS message through nf_br_local_in HOOK, and then the first module analyzes the character string corresponding to the first key field of the query region IN the monitored MDNS message through nf_br_local_in HOOK to determine the device fingerprint feature of the first electronic device.

The character string corresponding to the first key field comprises equipment fingerprint characteristics. In one example, the first key field is a name field. Illustratively, the portion of the content in the monitored MDNS message from the first electronic device is as follows:

∨Multicast Domain Name System(query)

∨Queries

∨s00013130.local:type ANY,class IN,“QM”question

Name:s00013130.local

IN this case, the first module may traverse the query field IN the MDNS message through nf_br_local_in HOOK to find the name field of the query field, then parse out the character string corresponding to the name field, for example, parse out the character string as s00013130.LOCAL, and determine the parsed character string as the device fingerprint feature of the first electronic device, that is, determine that the device fingerprint feature of the first electronic device is "s00013130.LOCAL".

IN another possible case, the first electronic device accesses the router and then sends the DTLS message to the router, where the first module listens to the DTLS message through nf_inet_local_in HOOK. And then, the first module analyzes the character string corresponding to the second key field IN the DTLS message through NF_INET_LOCAL_IN HOOK to obtain the device fingerprint feature of the first electronic device. Wherein the second key field is a field associated with a device fingerprint feature. In one example, the second key field is a UDID field.

Illustratively, the part of the content in the monitored DTLS message from the first electronic device is as follows:

P...＝.192.168.6.255..device_discover.{“deviceID”:”{\”UDID\”:\”F02C4E4236FA24888\”}”,”devicename”:”HONOR 50Pro”,”type”:14,”hicomversion”:”3.2.0.0”,”mode”:1,”deviceHash”:”0”,”serviceData”:”EID:0,gId:B7,...}”

IN this case, the first module analyzes the character string corresponding to the UDID field IN the DTLS packet through nf_inet_local_in HOOK, that is, analyzes the character string corresponding to the UDID field, that is, the character string is "F02C4E4236FA24888", and then determines that the device fingerprint of the first electronic device is "F02C4E4236FA24888".

IN yet another possible scenario, the first electronic device sends a brew packet to the router after accessing the router, IN which case the first module listens to the brew packet through nf_inet_local_in HOOK. And then, the first module analyzes the character string corresponding to the third key field IN the BROWSER message through NF_INET_LOCAL_IN HOOK to obtain and determine the device fingerprint characteristics of the first electronic device. Wherein the third key field is a field associated with a device fingerprint feature.

In one example, the third key field is the response computer Name field of a message having a command of Request Announcement (0 x 02) or the Host Name field of a message having a command of Host Announcement (0 x 01).

Illustratively, the portion of the content in the monitored BROWSER message from the first electronic device is as follows:

＞Ethernet II,Src:0e:89:c1:15:fc:25(0e:89:c1:15:fc:25),Dst:Broadcast(ff:ff:ff:ff:ff:ff)

＞Internet Protocol Version 4,Src:192.168.3.13,Dst:192.168.3.255

＞User Datagram Protocol,Src Port:138,Dst Port:138

＞NetBIOSDatagram Service

∨Microsoft Windows Browser Protoclo

Command:Requst Announcement(0x02)

Unused flags:0x00

Response Computer Name:LAPTOP-NF89D0NP

IN this case, the first module analyzes the character string corresponding to the response computer name field of the message with command being Request Announcement (0 x 02) through nf_inet_local_in HOOK to obtain the character string lapton-NF 89D0NP, and the first module determines the obtained character string as the device fingerprint feature of the first electronic device, that is, determines that the device fingerprint feature of the first electronic device is lapton-NF 89D0NP.

For another example, the following is part of the content in the monitored browse message from the first electronic device:

＞Internet Protocol Version 4,Src:192.168.3.13,Dst:192.168.3.255

＞User Datagram Protocol,Src Port:138,Dst Port:138

＞NetBIOS Datagram Service

∨Microsoft Windows Browser Protoclo

Command:Host Announcement(0x01)

Update Count:0

Update Periodicity:12 minutes

Host Name:LAPTOP-NF89D0NP

IN this case, the first module analyzes the character string corresponding to the Host Name field of the message Host Announcement (0 x 01) through nf_inet_local_in HOOK, and determines that the obtained character string is a lapton-NF 89D0NP, and the first module determines that the obtained character string is a device fingerprint feature of the first electronic device, that is, determines that the device fingerprint feature of the first electronic device is a lapton-NF 89D0NP.

In another possible case, the first module may also monitor two or more types of messages, where the first module may analyze each message in the monitored two or more types of messages according to the above several possible implementations, so as to obtain the device fingerprint feature carried in each message. Illustratively, the first module may monitor the MDNS message and the brew message, IN which case the first module parses the device fingerprint feature IN the MDNS message according to the first possible implementation manner described above through nf_br_local_in HOOK, and the first module parses the device fingerprint feature IN the brew message according to the third possible implementation manner described above through nf_inet_pre_forward HOOK.

It should be noted that, the foregoing description is given by taking the nf_inet_local_in HOOK monitoring DTLS message and the browse message as an example. In another example, the DTLS message and the BROWSER message may also be monitored by other hooks in the link layer, which is not limited in the embodiment of the present application.

Step 513: the first module reports the fingerprint characteristics of the device and the first MAC address information to the data control management module.

In one example, the first module reports device fingerprint features and first MAC address information of the first electronic device to the data control management module via a netlink.

Step 514: the data control management module establishes a first mapping relation based on the fingerprint characteristics of the equipment and the first MAC address information and stores the first mapping relation into a database.

In one possible case, the data control management module does not establish the first mapping relationship, and in this case, the data control management module establishes the first mapping relationship between the device fingerprint feature and the first MAC address information after receiving the device fingerprint feature and the first MAC address information reported by the first module.

As an example of the present application, in a case where a plurality of messages belonging to a target type and having different types are monitored, device fingerprint features of the first electronic device are obtained from each of the plurality of messages, and a plurality of device fingerprint features of the first electronic device are obtained. At this time, the specific implementation of establishing the first mapping relationship between the device fingerprint feature and the first MAC address information may include: and carrying out fault tolerance processing on the plurality of device fingerprint features of the first electronic device, and carrying out de-duplication processing on at least one device fingerprint feature of the first electronic device after the fault tolerance processing. And establishing a first mapping relation based on the device fingerprint characteristics of the first electronic device after the deduplication processing and the first MAC address information.

According to the foregoing description, the first module may monitor different types of messages, and after analysis, the first module may obtain a plurality of device fingerprint features of the first electronic device, and the first module reports the plurality of device fingerprint features of the first electronic device to the data control management module. In this case, the data control management module may perform deduplication processing on the plurality of device fingerprint features, that is, delete the same device fingerprint feature from the plurality of device fingerprint features, and obtain the device fingerprint feature after deduplication. Then, fault tolerance processing can be performed on the de-duplicated device fingerprint features, such as removing abnormal data. The abnormal data are non-characters and non-numbers, or data without information display, or characters with the length not matched with the length indicated in the message. After fault-tolerant processing, the data control management module establishes a first mapping relation between the finally obtained fingerprint characteristics of the equipment and the first MAC address information.

After the first mapping relation is established, the data control management module stores the first mapping relation into a database.

In another possible case, the data control management module has already established a first mapping relationship, for example, as described above, after the first electronic device accesses the router, the router obtains the first MAC address information and the device fingerprint feature of the first electronic device through the NetBIOS response message, and establishes the first mapping relationship. In this case, the data control management module may query the database for the first MAC address information and the device fingerprint feature, and then the data control management module may not repeatedly establish the first mapping relationship.

It should be noted that, in the embodiment of the present application, only the first electronic device is connected to the router as an example. In one possible case, other electronic devices may be connected to the router in addition to the first electronic device, and as an example, as long as the router is connected to the electronic device, the router may monitor a message belonging to the target type through the first module, then analyze the device fingerprint feature and the MAC address information in the monitored message, and then report the device fingerprint feature and the MAC address information to the data control management module. The data control management module can establish a mapping relation between each group of equipment fingerprint characteristics and the MAC address information reported by the first module, and store the mapping relation into the database for management, so that the MAC address information and the equipment fingerprint characteristics of each electronic equipment of the access router are managed.

On the basis of the above embodiment, the method for device management provided in the embodiment of the present application is described in detail below in conjunction with a service authority configuration scenario. Referring to fig. 7, fig. 7 is a flowchart of a method for device management according to an exemplary embodiment, which may be applied to the router shown in fig. 4 and described above, where the router interacts with a first electronic device through a plurality of modules, the method may include some or all of the following:

Step 701: after the service configuration module is started, subscribing a target message to the data control management module, wherein the target message is used for publishing MAC update information.

As an example of the present application, please refer to fig. 6, the service configuration module starts after the router is running. The service configuration module may then subscribe to the data control management module for the target message, so that the data control management module notifies the service configuration module via the target message when it is determined that the MAC address information of any one of the electronic devices of the access router has changed.

In one example, the target message is an atp_msg_randomac_dev_on message.

In one example, the service configuration module subscribes to the target message with an address management module in the data control management module.

Step 702: the first electronic device sends service authority configuration information to the service configuration module.

After the first electronic device uses the first MAC address information to access the router, the user may perform authority configuration for a certain or certain services of the first electronic device, for example, perform authority configuration for a child internet protection service, and the configuration process may refer to an application scenario shown in fig. 1. In this case, the first electronic device may send service permission configuration information to the service configuration module, where the service permission configuration information includes the first MAC address information and the service permission of the first electronic device, so that the router locally stores the service permission configuration information, thereby facilitating a subsequent response to a service request of the first electronic device according to the service permission configuration information.

In the embodiment of the present application, the configuring of the authority of the first electronic device is taken as an example, in another example, the router may also be logged in through the second electronic device, and then the service authority of the first electronic device is configured, which is not limited in the embodiment of the present application.

Step 703: the service configuration module stores service authority configuration information.

Step 704: the service configuration module receives a service request from the first electronic equipment, wherein the service request carries first MAC address information of the first electronic equipment.

That is, when the first electronic device accesses the router and the user performs the internet surfing service through the first electronic device, the first electronic device sends a service request to the router, and the service request includes the first MAC address information. In addition, the service request may further include related description information of the service to be requested by the first electronic device, so that the router can determine what service is currently requested by the first electronic device according to the related description information.

Step 705: the service configuration module responds to the service request according to the service authority configuration information.

Because the mapping relation between the first MAC address information and the configured service authority is recorded in the service authority configuration information, when a service request from the first electronic device is received, the router determines whether the service currently requested by the first electronic device is provided with the authority according to the service authority configuration information. If the service currently requested by the first electronic device is determined to be provided with the permission according to the service permission configuration information, responding to the service request according to the set permission, for example, if the service request is a request for downloading the game application package, and downloading of the game application package is prohibited is indicated in the service permission configuration information, the service configuration module does not execute the downloading operation, and feeds back a downloading failure notification to the first electronic device. Otherwise, if it is determined according to the service authority configuration information that the service currently requested by the first electronic device does not set the authority, a corresponding internet operation is performed, for example, if the service is an application packet requesting to download the learning class and the service authority configuration information does not indicate an application packet prohibiting to download the learning class, the service request may be forwarded to a corresponding server, so as to download the application packet requested to be downloaded by the first electronic device from the server.

After the first electronic device accesses the router, when the first electronic device performs the internet service under the condition that the authority is configured for a certain service of the first electronic device, the router performs the implementation process of controlling the internet service of the first electronic device. On this basis, if the user triggers the first electronic device to forget the network and re-access the router, the first electronic device may access the router using randomly generated second MAC address information, which is different from the first MAC address information. In this case, the router performs the following operations with the first electronic device:

step 706: the first electronic device re-accesses the router using the second MAC address information.

The second MAC address information is randomly generated.

In one possible scenario, as shown in fig. 2, in the case where the first electronic device uses the first MAC address information to access the router, the user may trigger the first electronic device to forget about the network in the first electronic device, and then trigger the first electronic device to re-access the router. Accordingly, the first electronic device may generate random MAC address information (i.e., second MAC address information) and then request the access router using the second MAC address information. The router establishes a link with the first electronic equipment, and distributes IP address information through the equipment access management module, so that the first electronic equipment is re-accessed to the router, and the first electronic equipment is connected with the WiFi network, so that the first electronic equipment can continuously surf the Internet through the router.

Step 707: after the first electronic equipment uses the second MAC address information to access the router, the equipment access management module sends an access message to the data control management module, wherein the access message carries access information when the first electronic equipment is accessed again.

The access information at the time of re-access includes second MAC address information and re-allocated IP address information.

Step 708: the data control management module sends access information to the second module.

A specific implementation thereof may be seen in step 503 in the embodiment shown in fig. 5.

Step 709: the second module obtains device fingerprint features and second MAC address information of the first electronic device based on the access information.

The specific implementation thereof can be seen in steps 504 to 507 in the embodiment shown in fig. 5.

Step 710: the second module sends the device fingerprint feature and the second MAC address information to the data control management module.

A specific implementation thereof may be referred to as step 508 in the embodiment shown in fig. 5.

After receiving the device fingerprint feature and the second MAC address information reported by the second module, the data control management module proceeds to operation in step 713 as follows.

It should be noted that steps 707 to 710 are optional operations.

Step 711: and under the condition that the first module monitors the message of the target type, analyzing the device fingerprint characteristics of the first electronic device from the monitored message.

As described above, in the case where the router has access to the electronic device, the first module starts to monitor the message of the target type, so when the first electronic device sends the message of the target type to the router, the first module can monitor the message. And then, the device fingerprint characteristics of the first electronic device can be analyzed from the monitored message. In addition, the second MAC address information may also be resolved.

The first module listens for messages belonging to the target type and the parsing process for messages of different types can be seen from steps 511 to 512 in the embodiment shown in fig. 5.

Step 712: the first module sends the device fingerprint feature and the second MAC address information to the data control management module.

Step 713: the data control management module queries first MAC address information from the first mapping relation based on the fingerprint characteristics of the device.

Because the first mapping relation records the first MAC address information and the device fingerprint characteristics of the first electronic device, the data control management module can query the corresponding first MAC address information from the first mapping relation according to the device fingerprint characteristics reported by the first module.

Step 714: and the data control management module sends a target message to the service configuration module under the condition that the first MAC address information is determined to be different from the second MAC address information.

Because the service configuration module subscribes to the target message, the data control management module sends the target message to the service configuration module when the first MAC address information is determined to be different from the second MAC address information, and in one example, the target message carries the first MAC address information and the second MAC address information and is used for indicating that the first MAC address information of the service configuration management module has been changed to the second MAC address information.

In one example, the data control management module sends the target message to the service configuration module through the address management module.

In addition, the data control management module modifies the first MAC address information in the first mapping relation into the second MAC address information, so that when the subsequent first electronic equipment uses the third MAC address information to access the router, the router can still modify the second MAC address information into the third MAC address information according to the first mapping relation.

Step 715: the service configuration module modifies the first MAC address information in the service authority configuration information into second MAC address information.

Because the second MAC address information in the service authority configuration information is matched with the MAC address information used by the current access router of the first electronic equipment, the configured service authority configuration information is still effective, so that when the subsequent second electronic equipment uses the second MAC address information to carry out service request, the router can correctly respond to the service request, and the effectiveness of internet service control is further ensured.

In the embodiment of the application, under the condition of receiving the service request of the first electronic device, responding to the service request according to the service authority configuration information, wherein the service authority configuration information is used for indicating the mapping relationship between the service authority of the first electronic device and the first Media Access Control (MAC) address information currently used. Under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, the first MAC address information in the service authority configuration information is modified into the second MAC address information according to a first mapping relation, and the first mapping relation is used for recording the mapping relation between the equipment fingerprint characteristics of the first electronic equipment and the MAC address information. Therefore, the MAC address information in the service authority configuration information is matched with the MAC address information used when the first electronic equipment is accessed to the router, namely the service authority configuration information is enabled to be effective all the time, and therefore effective control of the service authority of the first electronic equipment is ensured.

The electronic device according to the embodiment of the present application will be briefly described below. Referring to fig. 8, fig. 8 is a schematic diagram illustrating a structure of an electronic device according to an exemplary embodiment. The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the structure illustrated in the embodiments of the present application does not constitute a specific limitation on the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

The controller may be a neural hub and a command center of the electronic device 100, among others. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.

In some embodiments, the processor 110 may include one or more interfaces, such as may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose input/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.

It should be understood that the interfacing relationship between the modules illustrated in the embodiments of the present application is only illustrative, and does not limit the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also use different interfacing manners, or a combination of multiple interfacing manners in the foregoing embodiments.

The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130. In some wireless charging embodiments, the charge management module 140 may receive wireless charging input through a wireless charging coil of the electronic device 100. The charging management module 140 may also supply power to the electronic device 100 through the power management module 141 while charging the battery 142.

The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 to power the processor 110, the internal memory 121, the external memory, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance) and other parameters. In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. Such as: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied to the electronic device 100.

The electronic device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.

The display screen 194 is used to display images, videos, and the like. The display 194 includes a display panel. The display panel may employ a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), an active-matrix organic light emitting diode (AMOLED), a flexible light-emitting diode (flex), a mini, a Micro-OLED, a quantum dot light-emitting diode (quantum dot light emitting diodes, QLED), or the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, N being an integer greater than 1.

The electronic device 100 may implement photographing functions through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to enable expansion of the memory capabilities of the electronic device 100. The external memory card communicates with the processor 110 through an external memory interface 120 to implement data storage functions. Such as storing files of music, video, etc. in an external memory card.

The internal memory 121 may be used to store computer-executable program code that includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data (e.g., audio data, phonebook, etc.) created by the electronic device 100 during use, and so forth. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like.

The electronic device 100 may implement audio functions such as music playing, recording, etc. through the audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone interface 170D, and application processor, etc.

The keys 190 include a power-on key, a volume key, etc. The keys 190 may be mechanical keys or touch keys. The electronic device 100 may receive key inputs, generating key signal inputs related to user settings and function controls of the electronic device 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration alerting as well as for touch vibration feedback. The indicator 192 may be an indicator light, may be used to indicate a state of charge, a change in charge, a message indicating a missed call, a notification, etc.

The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In this embodiment, taking an Android (Android) system with a hierarchical architecture as an example, a software system of the electronic device 100 is illustrated.

Fig. 9 is a block diagram of a software system of the electronic device 100 according to an embodiment of the present application. Referring to fig. 9, the hierarchical architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun row (Android run time) and system layer, and a kernel layer, respectively.

The application layer may include a series of application packages. As shown in fig. 9, the application package may include applications for cameras, gallery, calendar, phone calls, maps, navigation, WLAN, bluetooth, music, video, short messages, etc.

The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions. As shown in fig. 9, the application framework layer may include a window manager, a content provider, a view system, a phone manager, a resource manager, a notification manager, and the like. The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like. The content provider is used to store and retrieve data, which may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc., and make such data accessible to the application. The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to construct a display interface for an application, which may be comprised of one or more views, such as a view that includes displaying a text notification icon, a view that includes displaying text, and a view that includes displaying a picture. The telephony manager is used to provide communication functions of the electronic device 100, such as management of call status (including on, off, etc.). The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like. The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. For example, a notification manager is used to inform that the download is complete, a message alert, etc. The notification manager may also be a notification that appears in the system top status bar in the form of a chart or a scroll bar text, such as a notification of a background running application. The notification manager may also be a notification that appears on the screen in the form of a dialog window, such as a text message being prompted in a status bar, a notification sound being emitted, the electronic device vibrating, a flashing indicator light, etc.

Android run time includes a core library and virtual machines. Android run time is responsible for scheduling and management of the Android system. The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android. The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.

The system library may include a plurality of functional modules, such as: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc. The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio and video encoding formats, such as: MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc. The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like. The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The workflow of the electronic device 100 software and hardware is illustrated below in connection with capturing a photo scene.

When touch sensor 180K receives a touch operation, a corresponding hardware interrupt is issued to the kernel layer. The kernel layer processes the touch operation into the original input event (including information such as touch coordinates, time stamp of touch operation, etc.). The original input event is stored at the kernel layer. The application framework layer acquires an original input event from the kernel layer, and identifies a control corresponding to the original input event. Taking the touch operation as a click operation, the control corresponding to the click operation is a control of a camera application icon as an example, the camera application calls an interface of an application program framework layer, starts the camera application, calls a kernel layer to start a camera driver, and captures a still image or video through a camera 193.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a router, produces, in whole or in part, the processes or functions described in accordance with embodiments of the present application. The computer instructions may be stored in or transmitted from one computer readable storage medium to another, such as from one website, router, server, or data center by wired (e.g., coaxial cable, fiber optic, data subscriber line (Digital Subscriber Line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be accessed by a router or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium such as a floppy Disk, a hard Disk, a magnetic tape, an optical medium such as a digital versatile Disk (Digital Versatile Disc, DVD), or a semiconductor medium such as a Solid State Disk (SSD).

The above embodiments are not intended to limit the present application, and any modifications, equivalent substitutions, improvements, etc. within the technical scope of the present disclosure should be included in the protection scope of the present application.

Claims

1. A method of device management, for use in a router, the method comprising:

2. The method of claim 1, wherein the modifying the first MAC address information in the service authority configuration information to the second MAC address information according to a first mapping relationship in the case that the first electronic device re-accesses the router using the second MAC address information comprises:

3. The method of claim 2, wherein the method further comprises:

4. The method as claimed in claim 2 or 3, wherein, in the case that the first electronic device re-accesses the router using the second MAC address information, the step of obtaining the device fingerprint feature according to a packet interacted between the first electronic device and the router includes:

5. The method of claim 4, wherein listening for a message of a destination type if the first electronic device re-accesses the router using the second MAC address information, comprises:

6. The method of claim 5, wherein the obtaining the device fingerprint feature from the monitored message if the message of the target type is monitored comprises:

7. The method of claim 6, wherein the first key field is a Name field, the second key field is a UDID field, and the third key field is a response computer Name field of a message having a command of Request Announcement (0 x 02) or a Host Name field of a message having a command of Host Announcement (0 x 01).

8. The method of any of claims 5-7, wherein the first HOOK is nf_br_local_in HOOK and the second HOOK is nf_inet_local_in HOOK.

9. The method of any one of claims 5-8, wherein the method further comprises:

10. The method of claim 9, wherein the obtaining the device fingerprint feature from the monitored message if the message of the target type is monitored comprises:

11. The method of any of claims 2-10, wherein the router comprises a data acquisition module, a data control management module, and a traffic configuration module:

under the condition that the first electronic equipment re-accesses the router by using the second MAC address information, acquiring the equipment fingerprint feature according to the message interacted between the first electronic equipment and the router, including:

12. A router comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method according to any one of claims 1-11 when executing the computer program.

13. A computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of any of claims 1-11.