TW201743639A - Wireless local area network access control method and device - Google Patents

Abstract

Disclosed are a wireless local area network access control method and device. In the invention, a wireless local area network access apparatus can acquire strength of a signal received by a terminal from the wireless local area network access apparatus, and compare the strength of the received signal with a first threshold. If the strength of the received signal satisfies the first threshold, it indicates that a current distance between the terminal and the wireless local area network access apparatus is within a set trusted zone, and the terminal is allowed to access a wireless local area network without needing to perform authentication on the terminal. If the strength of the received signal does not satisfy the first threshold, authentication needs to be performed on the terminal. The invention ensures security and enables a terminal to access a wireless local area network without an access password, thereby simplifying an access operation of the terminal.

Description

Wireless area network access control method and device

The present invention relates to the field of communication technologies, and in particular, to a wireless area network access control method and apparatus.

With the development of technologies such as wireless networks and the Internet, there are wireless network access requirements from various occasions, from computing and management materials to online shopping and social applications. In order to meet the increasing demand for wireless networks, the deployment and use of wireless network access devices has become more and more popular, especially the popularity of wireless local area network access devices, which has reduced the cost of users accessing wireless networks. .

A wireless area network access device, also commonly referred to as a wireless router or wireless gateway, can be a combination of a simple AP (Access Point) and a broadband router (gateway) with wireless coverage. The router is mainly used for users to access the Internet and wireless coverage. The wireless local area network access device can be regarded as a transponder that connects to the broadband network communication interface and forwards the broadband network signal through the antenna to nearby terminals, such as personal computers, handheld devices (such as tablets, mobile phones).

Wireless LAN access devices use Wi-Fi technology to wirelessly connect terminals Ways to connect to each other or access the Internet. At present, a wireless local area network access control method is that, for a terminal within a coverage area of a wireless local area network access device, an access password is not required to provide an unconditional access, and the access control method is less secure; One is that the terminal needs to provide an access password, but for a terminal that does not have an input device such as a keyboard or a touch screen, the wireless local area network cannot be accessed because the access code cannot be input, or the terminal needs to be stored by using a mobile phone or the like. Take, the operation is complicated.

With the development of technology, more and more types of terminals, such as various smart home devices, need to access the Internet through wireless local area network access devices, so how to simplify the terminal access wireless area while taking into consideration security The operation of the network is an urgent problem to be solved.

The embodiment of the invention provides a wireless local area network access control method and device, which can be used to access a wireless local area network without verifying the terminal in consideration of security.

The wireless local area network access control method provided by the embodiment of the present invention includes: acquiring a received signal strength of a signal sent by a terminal to a wireless local area network access device; comparing the received signal strength with a first threshold requirement; And if the received signal strength meets the first threshold requirement, the terminal accesses the wireless area network; otherwise, the terminal is verified.

Optionally, the first threshold is a first set value; the receiving signal The strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value.

Optionally, the first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval.

Optionally, if it is determined that the received signal strength meets the first threshold requirement and the terminal accesses the wireless local area network, the method further includes: comparing the received signal strength with a second threshold requirement, if When the received signal strength meets the second threshold requirement, access control is performed on the terminal.

Optionally, performing access control on the terminal, including: detecting, according to a detection period, a received signal strength of a signal sent by the terminal to a wireless local area network access device, and detecting that the received signal strength does not meet the foregoing When a threshold is required, one of the following steps is performed: interrupting the wireless local area network connection of the terminal; verifying the terminal, if the verification is passed, maintaining the wireless local area network connection of the terminal, otherwise interrupting the terminal Wireless LAN connection.

Optionally, before detecting, by the detection period, the received signal strength of the signal sent by the terminal to the WLAN access device, the method further includes: determining, according to the value interval of the received signal strength, the corresponding value interval The length of the detection period; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the value range corresponding to the arrangement according to the signal strength from large to small. The length of the detection cycle.

Optionally, when detecting the received signal strength of the signal sent by the terminal to the WLAN access device according to the detection period, if the detected received signal strength meets the second threshold requirement, the method further includes: according to the current The value interval of the detected received signal strength is determined, the length of the detection period corresponding to the value interval is determined, and the length of the detection period of the terminal is updated according to the determined length of the detection period.

Optionally, when the received signal strength of the signal sent by the terminal to the WLAN access device is detected according to the detection period, if the detected received signal strength meets the first threshold requirement but does not meet the second The threshold requirement further includes: stopping detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device.

Optionally, the first threshold is a first set value, the second threshold is a second set value, and the first set value is smaller than the second set value; A threshold requirement includes: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second set value.

Optionally, the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is smaller than an upper limit of the first set interval; the received signal strength Compliance with the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is in the second setting Within the interval.

The wireless local area network access device provided by the embodiment of the present invention includes: an acquisition module, configured to acquire a received signal strength of a signal sent by the terminal to the wireless local area network access device; and a comparison module, configured to receive the The signal strength is compared with a first threshold requirement; the access control module is configured to access the wireless local area network when the received signal strength meets the first threshold requirement; otherwise, The terminal is verified.

A wireless local area network access device provided by another embodiment of the present invention includes: a transceiver for transmitting and receiving wireless signals; a memory for storing computer program instructions; and a processor coupled to the memory for reading Taking the computer program instructions stored in the memory, and in response, performing the following operations: acquiring the received signal strength of the signal sent by the terminal to the wireless local area network access device; comparing the received signal strength with the first threshold requirement And if the received signal strength meets the first threshold requirement, the terminal accesses the wireless area network; otherwise, the terminal is verified.

In the above embodiment of the present invention, the wireless local area network access device may acquire the received signal strength of the signal sent by the terminal to the wireless local area network access device, and compare the received signal strength with the first threshold requirement, if the receiving The signal strength meets the first threshold requirement, indicating that the terminal is currently within a trusted area of the set range of the wireless local area network access device. In this case, the terminal can access the wireless local area network without verifying the terminal, otherwise, the terminal is currently located outside the trusted area of the set range from the wireless local area network access device, in this case, The terminal needs to be verified, so that the security of the terminal can be accessed without authentication, which simplifies the access operation of the terminal.

The embodiment of the invention further provides a wireless local area network access control method and device, which are used to adopt different access control strategies for different situations.

The wireless local area network access control method provided by the embodiment of the present invention includes: acquiring a received signal strength of a signal sent by a terminal to a wireless local area network access device; and determining a corresponding access control policy according to the received signal strength; Performing wireless area network access control on the terminal according to the determined access control policy.

Optionally, determining a corresponding access control policy according to the signal strength, including: comparing the received signal strength with a first threshold requirement; if the received signal strength meets the first threshold requirement, The terminal accesses the wireless local area network; otherwise, the terminal is authenticated.

Optionally, the first threshold is a first set value; the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; or A threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval.

Optionally, determining a corresponding access control policy according to the received signal strength Slightly, including one of the following: if the received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the terminal accesses the wireless local area network; if the received signal strength does not meet the first threshold requirement And verifying the terminal; if the received signal strength meets the first threshold requirement and meets the second threshold requirement, the terminal accesses the wireless area network, and performs access control on the terminal.

Optionally, performing access control on the terminal, including: detecting, according to a detection period, a received signal strength of a signal sent by the terminal to a wireless local area network access device, and detecting that the received signal strength does not meet the foregoing When a threshold is required, perform one of the following steps: interrupt the wireless local area network connection of the terminal; verify the terminal, if the verification passes, maintain the wireless local area network connection of the terminal, otherwise interrupt the terminal Wireless LAN connection.

Optionally, before detecting, by the detection period, the received signal strength of the signal sent by the terminal to the WLAN access device, the method further includes: determining, according to the value interval of the received signal strength, the corresponding value interval The length of the detection period; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the corresponding value interval according to the signal strength from large to small. The length of the cycle is detected.

Optionally, detecting the terminal to the wireless local area network according to the detection period When the received signal strength of the signal sent by the device is accessed, if the detected received signal strength meets the second threshold requirement, the method further includes: determining the value according to the value interval of the currently detected received signal strength The length of the detection period corresponding to the interval; updating the length of the detection period of the terminal according to the determined length of the detection period.

Optionally, when the received signal strength of the signal sent by the terminal to the WLAN access device is detected according to the detection period, if the detected received signal strength meets the first threshold requirement but does not meet the second threshold requirement And further comprising: stopping detecting the received signal strength of the signal sent by the terminal to the wireless area network access device.

Optionally, the first threshold is a first set value, the second threshold is a second set value, and the first set value is smaller than the second set value; A threshold requirement includes: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second set value.

Optionally, the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is smaller than an upper limit of the first set interval; the received signal strength Compliance with the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is in the second setting Within the interval.

A wireless area network access device provided by another embodiment of the present invention includes: Obtaining a module, configured to acquire a received signal strength of a signal sent by the terminal to the wireless local area network access device; and a determining module, configured to determine a corresponding access control policy according to the received signal strength; and the access control module And performing wireless area network access control on the terminal according to the determined access control policy.

A wireless local area network access device provided by another embodiment of the present invention includes: a transceiver for transmitting and receiving wireless signals; a memory for storing computer program instructions; and a processor coupled to the memory for reading Taking the computer program instructions stored in the memory, and in response, performing the following operations: acquiring the received signal strength of the signal sent by the terminal to the wireless local area network access device; determining the corresponding access control according to the received signal strength a policy; performing wireless area network access control on the terminal according to the determined access control policy.

In the foregoing embodiment of the present invention, the wireless local area network access device may acquire the received signal strength of the signal sent by the terminal to the wireless local area network access device, determine a corresponding access control policy according to the received signal strength, and determine according to the determined The access control policy is implemented, and the wireless local area network access control is performed on the terminal, thereby implementing access control on the terminal. In the foregoing solution, different application fields are distinguished according to the received signal strength of the terminal, so that corresponding wireless local area network access control policies can be adopted for different application situations. Access control.

100‧‧‧System Architecture

110‧‧‧Wireless Area Network Access Device Network

201, 202, 203, 204‧‧‧ method steps

501, 502, 503, 504, 505, 506‧‧‧ method steps

801, 802, 803, 804, 805‧‧‧ method steps

901, 902, 903‧‧‧ method steps

1001‧‧‧Getting module

1002‧‧‧Comparative Module

1003‧‧‧Access Control Module

1101‧‧‧Getting module

1102‧‧‧Determining modules

1103‧‧‧Access Control Module

1201‧‧‧ processor

1202‧‧‧ memory

1203‧‧‧ transceiver

1301‧‧‧ Processor

1302‧‧‧ memory

1303‧‧‧Transceiver

1 is a schematic diagram of a network architecture applicable to an embodiment of the present invention; FIG. 2 is a schematic diagram of a wireless local area network access control flow according to an embodiment of the present invention; FIG. 3 is a schematic diagram of a wireless local area network according to an embodiment of the present invention. FIG. 4 is a schematic diagram of wireless local area network access control according to the second embodiment of the present invention; FIG. 5 is a schematic diagram of a wireless local area network access control flow according to another embodiment of the present invention; FIG. FIG. 6B is a schematic diagram of a first threshold and a second threshold in an embodiment of the present invention; FIG. 7 is a schematic diagram of wireless local area network access control in Case 3 according to an embodiment of the present invention; FIG. 8 is another embodiment of the present invention; FIG. 9 is a schematic diagram of a wireless local area network access control flow according to another embodiment of the present invention; FIG. 10, FIG. 11, FIG. 12, and FIG. A schematic diagram of the structure of a wireless local area network access device provided by the example.

The embodiments of the present invention are described in detail below with reference to the accompanying drawings.

FIG. 1 illustrates a typical network system (environment) architecture 100 in which some embodiments of the present invention may be implemented. The system architecture 100 includes a wireless area network access device 110, a network 120, and a plurality of terminals 130a through 130n.

The wireless local area network access device 110 is coupled to the network 120 such that the wireless local area network access device 110 can cause the terminals 130a through 130n to interact with the network 120 for data. For example, wireless local area network access device 110 and network 120 can be connected via a twisted pair cable network, a coaxial cable network, a telephone network, or any suitable type of connected network. In some embodiments, the wireless local area network access device 110 and the network 120 may be connected in a wireless manner. For example, the wireless connection may include using an IEEE 802.11 wireless network or based on a wireless telephone service, such as 2G, 3G, 3.5G. , 4G, LTE (Long Term Evolution) and other networks. Communication techniques between the supported wireless area access device 110 and the network 120 may include Ethernet (as described, for example, in the IEEE 802.3 series of standards) and/or other suitable types of area network technologies. Examples of different wireless protocols in the IEEE 802.11 family of standards may include IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n, IEEE 802.11ac, IEEE 802.11af, IEEE 802.11ah, and IEEE 802.11ad.

The terminals 130a-130n can be connected to and communicate wirelessly with the wireless local area network access device 110, for example, using an IEEE 802.11 family of standards (e.g., a wireless local area network). Terminal 130a~ A wireless local area network connection technology may be employed between the 130n and the wireless local area network access device 110. The terminals 130a-130n may be any suitable computing or mobile device, such as a smart phone, tablet, notebook, personal digital assistant (PDA) or the like. Terminals 130a-130n typically include a display and may include suitable input devices (not shown for simplicity), such as a keyboard, mouse, or trackpad. The display can include a touch sensitive screen for input functions. Other examples of terminals 130a-130n include network connected cameras (or IP cameras), home sensors, and other smart home devices (eg, smart refrigerators that can be connected to the Internet). Terminals such as smart home devices may not be equipped with input devices.

It should be noted that those skilled in the art can understand that the components in FIG. 1 are only one implementation of the computer network environment in which the embodiment can be implemented, and various alternative embodiments are within the scope of the embodiments of the present invention. within. For example, the system architecture 100 may further include a wireless area network access device 110, a network 120, and a relay device between the terminals 130a-130n. For example, the relay device may include: a switch, a router, a hub, a data machine. (especially common in fiber-optic communication), wireless access point (AP), network controller (Wireless Access Point Controller) and so on. In some embodiments, network 120 includes an internetwork, a corporate intranet.

Based on the foregoing network architecture, the embodiment of the present invention provides a wireless local area network access control method, which can simplify the terminal verification operation under the premise of ensuring security, especially for a smart home that needs to access a regional network. If the device does not have an input device, you can access the wireless LAN without entering a password without any security.

The wireless local area network access control method provided by the embodiment of the present invention can be implemented on a wireless local area network access device. Specifically, the wireless local area network access device can implement the wireless access control method provided by the embodiment of the present invention in the following manner: - the factory pre-installation mode, that is, the wireless local area network storage provided by the embodiment of the present invention can be implemented The program of the control method is installed in the wireless local area network access device, such as the embedded operating system, so that the device is pre-installed in the system before leaving the factory, and further allows the user to set whether to enable the present invention through the webpage configuration mode. The access control method provided by the embodiment; - after the factory installation, after the wireless local area network access device is shipped from the factory, the installation can be implemented in the wireless local area network access device in the form of an installation package (such as a ROM package) The program of the wireless area network access control method provided by the embodiment of the invention.

2 is a schematic flowchart of a wireless area network access control process according to an embodiment of the present invention, which may be performed by a wireless area network access device. As shown, the process can include the following steps:

Step 201: Acquire a received signal strength of a signal sent by the terminal to the WLAN access device.

In this step, the wireless local area network access device may also acquire the terminal to send to the wireless local area network access device when discovering the terminal to be accessed. The received signal strength of the signal; the wireless local area network access device may also acquire the received signal strength of the signal sent by the terminal to the wireless local area network access device after receiving the wireless local area network access request sent by the terminal.

For example, in some embodiments, the terminal may transmit a discovery signal according to a discovery mechanism according to a discovery period for detecting whether there is an accessible wireless local area network. If the discovery signal is received by the wireless local area network access device, the wireless local area network access device may return a response signal to the terminal, and further, the response signal may carry a related identifier of the wireless local area network, such as an SSID. (Service Set Identifier). After receiving the response signal, the terminal may send an access request message requesting access to the wireless local area network to the wireless local area network access device.

For another example, in other embodiments, the wireless local area network access device may broadcast a discovery message according to a set period, where the SSID of the wireless local area network may be carried. After receiving the discovery message, the terminal may send an access request message requesting access to the wireless local area network to the wireless local area network access device.

The received signal strength of the signal transmitted by the terminal to the wireless local area network access device may be expressed in decibel millivolts (or decibel milliwatts, expressed as dBm). dBm can characterize the degree of signal attenuation. For example, -40dBm is more attenuated than -30dBm.

The wireless local area network access device can obtain the received signal strength of the terminal in multiple ways. In practical applications, the data packet sent by the terminal includes signal strength related parameters, such as Rx parameters (the Rx parameter is used to describe the received signal strength of the signal sent by the terminal to the wireless local area network access device, specifically Refers to the receiver receiving the broadband received power on the channel bandwidth). This parameter can be stored in the device driver parameters of the Wi-Fi chip in the wireless local area network access device, so this parameter can be obtained from the device driver parameters of the Wi-Fi chip.

Step 202: Compare the received signal strength of the terminal with the first threshold requirement. If the received signal strength meets the first threshold requirement, go to step 203, otherwise go to step 204.

The first threshold may specifically be a set value or a set interval. Correspondingly, the first threshold requirement is different according to whether the first threshold is a set value or a set interval. For example, if the first threshold is the first set value, the received signal strength meets the first threshold requirement, and may include: receiving The signal strength is greater than or equal to the first set value; if the first threshold is the first set interval, the received signal strength meets the first threshold requirement, and may include: the received signal strength is within the first set interval. In a specific implementation, the upper limit value of the first set interval may be set according to the transmit power of the wireless local area network access device, for example, set to a value corresponding to the transmit power, such that if the received signal strength is in the first setting Within the interval, it is considered to meet the first threshold requirement.

The specific value of the first set value or the first set interval may be a value used to represent the signal strength, for example, may be a dBm value.

The first threshold requirement can be used to define a region-wide boundary centered on a wireless local area network access device, as shown in FIG. When the first threshold is the first set value, the signal attenuation level of the wireless local area network access device is not exceeded in the area defined by the first set value. The degree of attenuation indicated by the first set value; conversely, outside the area, the degree of attenuation of the signal transmitted by the wireless local area network access device exceeds the degree of attenuation indicated by the first set value. The above-mentioned area defined by the first set value may be referred to as a trusted area, so that it is possible to determine whether the terminal is located in the trusted area or outside the trusted area according to the received signal strength of the terminal, and thus different access control strategies may be employed. Perform access control.

The value of the first threshold (such as the first set value or the first set interval) may be preset, and further allows the user to set or modify as needed.

Step 203: The terminal accesses the wireless local area network.

In step 203, since the received signal strength of the terminal meets the first threshold requirement, the terminal is considered to be located in the trusted area, and the terminal can access the wireless local area network without providing the access password.

Step 204: Verify the terminal. For example, access control is performed in accordance with an existing method, and specifically, access control is performed based on an access password. More specifically, the wireless local area network access device requests the terminal to send a wireless local area network access password; the terminal acquires an access password according to the request (such as obtaining an access password input by the user through the input device), and sends the password to the a wireless local area network access device; the wireless local area network access device verifies the wireless local area network access password sent by the terminal, and if the verification passes, the terminal accesses the wireless local area network, otherwise the network device refuses to The terminal accesses the wireless local area network.

As can be seen from the above description, the wireless local area network access device can transmit the received signal strength of the signal transmitted by the terminal to the wireless local area network access device. Comparing with the first threshold requirement, if the received signal strength of the terminal meets the first threshold requirement, it indicates that the terminal is currently within a trusted range of the wireless local area network access device, in which case the The terminal accesses the wireless local area network without verifying the terminal (such as verifying the access password and the like provided by the terminal), so that the terminal can access the wireless area without authentication without considering the security. The network simplifies the access operation of the terminal.

For example, the coverage area of the wireless local area network access device is a circular area centered on the wireless local area network access device, and has a radius of 100 meters. The wireless local area network access device is used in a room of 100 m ² , and the terminals that need to be accessed include smart home devices, mobile phones, and notebook computers. In this case, an area with a radius of 30 meters centered on the wireless local area network access device can be regarded as a trusted area, and the signal transmission power and signal attenuation law of the wireless local area network access device are calculated according to the radius. Get the corresponding first threshold. According to the above embodiment, the smart home device in the room or the mobile phone carried by the user in the room is located in the trusted area, and the received signal strength is usually greater than the first threshold, so the password can be accessed without accessing the password. The wireless local area network access device accesses the network. If the terminal outside the trusted area is regarded as an uncontrollable terminal, an access password is required to access the network through the wireless local area network. It can be seen that the terminals in the trusted area, such as the smart home device, the mobile phone of the family member, the mobile phone of the visitor, etc., simplify the complexity of the operation of the access area network, especially the smart home device without the input device. In this case, it facilitates the access operation of smart home devices.

Further, in some embodiments, the trusted area may be further subdivided into an absolutely trusted area (ie, an unconditional trusted area) and a conditional trusted area, as shown in FIG. The outer boundary of the conditionally trusted region may be defined by a first threshold, and the boundary of the absolute trusted region may be defined by a second threshold. The second threshold may specifically be a set value or a set interval. Correspondingly, the second threshold requirement is different depending on whether the second threshold is a set value or a set interval.

For example, the coverage area of the wireless local area network access device is a circular area centered on the wireless local area network access device, and has a radius of 100 meters. The wireless local area network access device is used in a room of 100 m ² , and the terminals that need to be accessed include smart home devices, mobile phones, and notebook computers. In this case, an area with a radius of 30 meters centered on the wireless local area network access device can be regarded as a trusted area, according to the radius, the signal transmission power of the wireless local area network access device, and the signal attenuation algorithm. The formula can calculate the corresponding first threshold, and treat the area with a radius of 10 meters centered on the wireless local area network access device as a trusted area, according to which the signal transmission power of the wireless local area network access device And the signal attenuation law is calculated to obtain a corresponding second threshold.

Optionally, the values of the first threshold (such as the first set value or the first set interval) and the second threshold (such as the second set value or the second set interval) may be preset, and further allow the user Make settings or modifications as needed.

Based on this, FIG. 5 shows an access control procedure provided by an embodiment of the present invention, which may be performed by a wireless area network access device, and the process includes The following steps:

Step 501: Acquire a received signal strength of a signal sent by the terminal to the WLAN access device. The specific implementation process of this step is the same as step 201 in FIG. 2, and is not repeated here.

Step 502: Compare the received signal strength of the terminal with the first threshold requirement. If the signal strength meets the first threshold requirement, proceed to step 503.

Step 503: The terminal accesses the wireless local area network, and proceeds to step 504.

In this step, if the received signal strength of the terminal meets the first threshold requirement, the terminal is located in the trusted area, and the terminal can access the wireless local area network without providing the access password.

Step 504: Compare the received signal strength of the terminal acquired in step 501 with the second threshold requirement. If the received signal strength meets the second threshold requirement, proceed to step 505, otherwise the network access of the terminal may be maintained. Status, end this process.

As described above, the first threshold and the second threshold may be set values or set intervals, respectively. Accordingly, step 504 may include the following typical cases:

Case 1: The first threshold is the first set value, the second threshold is the second set value, and the first set value is less than the second set value. In this case, if the received signal strength is greater than or equal to the first set value, the received signal strength is considered to meet the first threshold requirement; if the received signal strength is less than the second set value, the received signal strength is considered to meet the second threshold requirement.

As shown in FIG. 6A, if the received signal strength falls within the interval A, then In order to meet the first threshold requirement, that is, the terminal is located in the trusted area (possibly located in the conditionally trusted area or in the absolute trusted area). In this case, the terminal may not be authenticated when accessing; if receiving If the signal strength falls within the interval B, it is considered that the second threshold is met, and the terminal is located in the conditionally trusted area in the trusted area. In this case, the terminal may not be authenticated during access, but the terminal may be subsequently Perform access control.

Case 2: The first threshold is the first setting interval, the second threshold is the second setting interval, and the upper limit of the second setting interval is smaller than the upper limit of the first setting interval. In this case, if the received signal strength is within the first set interval, the received signal strength is considered to meet the first threshold requirement; if the received signal strength is within the second set interval, the received signal strength is considered to meet the second threshold requirement.

As shown in FIG. 6B, if the received signal strength falls within the first set interval, it is considered to meet the first threshold requirement, that is, the terminal is located in the trusted area (possibly located in the conditionally trusted area, and may also be located in the absolute trusted area). In this case, the terminal may not be verified when accessing; if the received signal strength falls within the second set interval, it is considered that the second threshold is met, and the terminal is located in the conditionally trusted area in the trusted area. In this case, the terminal may not be authenticated during access, but subsequent access control may be performed on the terminal.

Of course, the above situation only gives a typical situation in practical applications. In other cases, the processing manner can be implemented by referring to the above principle, and will not be enumerated here.

Step 505: Perform access control on the terminal.

Optionally, in step 505, the terminal may be accessed and controlled by: detecting, according to the detection period, a received signal strength of the signal sent by the terminal to the wireless area network access device, and detecting that the signal strength does not meet the A threshold requirement (if less than the first set value, indicating that the terminal is in an untrusted area), performing one of the following operations: operation 1: interrupting the wireless local area network connection of the terminal; operation 2: verifying the terminal, if If the verification is passed, the wireless local area network connection of the terminal is maintained, otherwise the wireless local area network connection of the terminal is interrupted. More specifically, the terminal may be requested to send a wireless local area network to enter an account, and the terminal is verified according to the account.

In the above process, by comparing the received signal strength of the terminal with the second threshold requirement, it can be determined whether the terminal is currently in an absolute trusted area or in a conditionally trusted area. If the received signal strength of the terminal meets the second threshold requirement, it indicates that the terminal is located in the conditionally trusted area. In order to improve security, the received signal strength of the terminal may be detected according to the set detection period, and the received signal of the terminal is detected once the terminal is detected. If the strength does not meet the first threshold requirement, it indicates that the terminal has been removed from the trusted area. In this case, to improve security, the wireless area network connection of the terminal may be disconnected, or the terminal may be verified, and only the verification is passed. In this case, the terminal is allowed to access the network through the wireless local area network access device.

Optionally, in some embodiments, if the wireless local area network access device detects the received signal strength of the terminal according to the detection period in step 505, if the received signal strength is detected to meet the first threshold requirement, the data does not match. The second threshold requirement (such as interval C in Figure 6A, or in Figure 6B) The interval corresponding to the absolute trusted area indicates that the terminal is in an absolute trusted area at this time. In this case, the received signal strength of the signal sent by the terminal to the wireless local area network access device may be stopped.

Further, if the access signal strength of the terminal is compared with the first threshold requirement in step 502, the received signal strength of the terminal does not meet the first threshold requirement, indicating that the terminal is located in the untrusted area, and the step may be transferred to the step. 506: Verify the terminal, for example, access control based on the access password. Specifically, the wireless local area network access device requests the terminal to send a wireless local area network access password; the terminal acquires an access password according to the request (such as acquiring an access password input by the user through the input device), and sends the wireless password to the wireless device. a regional network access device; the wireless local area network access device verifies the wireless local area network access password sent by the terminal, and if the verification passes, the terminal accesses the wireless local area network, otherwise the terminal is rejected. Access wireless local area network.

As can be seen from the above description, the wireless local area network access device can compare the received signal strength of the signal sent by the terminal to the wireless local area network access device with the first threshold requirement, if the received signal strength of the terminal meets the first threshold. The request indicates that the terminal is currently within a set range of trusted area from the wireless local area network access device. In this case, the terminal can access the wireless local area network without verifying the terminal, thereby In the case of security, the terminal can access the wireless local area network without verifying the terminal, which simplifies the access operation of the terminal. Further, the trusted area can be divided into an absolute trusted area and a conditionally trusted area, and the terminal in the absolutely trusted area is not accessed after accessing the wireless local area network. For the terminal in the conditional trusted area, the received signal strength can be detected after accessing the wireless local area network, and if it is detected to be removed from the trusted area, it is accessed for security reasons. Control, such as accessing password-based network access control.

Further, in some embodiments, the conditional trusted area may be further subdivided into multiple areas of different trusted levels. For convenience of description, the following may be performed according to the signal sending direction of the wireless local area network access device. The letter area is divided into: an absolute trusted area, a first-level trusted area, a second-level trusted area, and so on, and in this order, the credibility is sequentially reduced.

As shown in FIG. 7, the first threshold and the second threshold are used as values for characterizing the signal strength (for example, a dBm value), wherein the outermost boundary of the conditionally trusted region can be defined by the first threshold. The boundary of the absolute trusted area may be defined by a second threshold, the second threshold being greater than the first threshold, and the signal strength between the second threshold and the first threshold is divided into N value intervals, and N is an integer greater than 1. One value interval corresponds to a level of trusted area, and a level of trusted area (ie, an value interval) corresponds to a detection period length, and the previous value interval is arranged according to the order of signal strength from large to small. The length of the corresponding detection period is greater than the length of the detection period corresponding to the subsequent value interval. If the first threshold and the second threshold are the first set interval and the second set interval respectively (as shown in FIG. 6B), the second set interval may be divided into N value intervals.

For example, the coverage area of the wireless local area network access device is a circular area centered on the wireless local area network access device, and has a radius of 100 meters. The wireless local area network access device is used in a room of 100 m ² , and the terminals that need to be accessed include smart home devices, mobile phones, and notebook computers. In this case, as shown in FIG. 6, an area having a radius of 10 meters centered on the wireless local area network access device can be regarded as an absolutely trusted area, and the signal of the wireless local area network access device is used according to the radius. The transmit power and the signal attenuation law are calculated to obtain a corresponding second threshold; the regions with a radius of 30 and 50 meters centered on the wireless local area network access device are regarded as different levels of conditional trusted regions, according to these radii, The signal transmission power and signal attenuation algorithm formula of the wireless local area network access device can calculate a corresponding first threshold (defined by a radius of 50 meters) and a threshold corresponding to a boundary of a conditional trusted area of different levels.

Optionally, the value of the received signal strength threshold corresponding to the boundary of the first threshold and the second threshold and the trusted area of each level may be preset, and further may allow the user to perform setting or modification as needed.

Based on this, FIG. 8 shows an access control procedure provided by an embodiment of the present invention, which may be performed by a wireless area network access device, and the process includes the following steps:

Step 801: Acquire a received signal strength of a signal sent by the terminal to the WLAN access device. The specific implementation process of this step is the same as step 201 in FIG. 2, and is not repeated here.

Step 802: Compare the received signal strength of the terminal with the first threshold requirement and the second threshold requirement. If the received signal strength meets the first threshold requirement, indicating that the terminal is located in the trusted area, proceed to step 803; if the received signal The strength meets the second threshold requirement, indicating that the terminal is located in the trusted area If there is a conditional trusted area, then go to step 804. Further, if the received signal strength does not meet the first threshold requirement, indicating that the terminal is located in the untrusted area, then proceeds to step 805;

Step 803: The terminal accesses the wireless local area network.

In this step, if the received signal strength of the terminal meets the first threshold requirement, the terminal is located in the trusted area, and the terminal can access the wireless local area network without verifying the terminal.

Step 804: After accessing the wireless local area network, the terminal performs access control on the terminal.

Specifically, the length of the detection period corresponding to the value interval is determined according to the value interval of the received signal strength of the terminal, and the terminal accesses the wireless area network, and detects the terminal to the wireless area network according to the determined detection period. The received signal strength of the signal transmitted by the road access device is subjected to corresponding control processing according to the detection result.

When it is detected that the received signal strength does not meet the first threshold requirement, the wireless local area network connection of the terminal is interrupted. Or, when it is detected that the received signal strength does not meet the first threshold requirement, indicating that the terminal is currently located in the untrusted area, the terminal is authenticated (for example, requesting the terminal to send a wireless local area network access password, and sending the terminal to the terminal The wireless local area network access password is verified. If the verification is passed, the wireless local area network connection of the terminal is maintained, otherwise the wireless local area network connection of the terminal is interrupted.

Further, when detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the table The terminal is moved into the absolute trusted area. In this case, the wireless local area network access device can stop detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device.

Step 805: Verify the terminal.

Specifically, the terminal may be requested to send a wireless local area network access password, and verify the wireless local area network access password sent by the terminal. Further, if the verification is passed, the terminal accesses the wireless local area network, otherwise the terminal is denied access to the wireless local area network.

Further, in the embodiment of the present invention, optionally, the received signal strength of the signal sent by the terminal to the wireless local area network access device is detected according to the detection period. If the detected received signal strength meets the second threshold requirement, the length of the detection period corresponding to the value interval may be determined according to the value interval of the currently detected received signal strength, and according to the determined detection period. The length updates the detection cycle length of the terminal. In this way, the detection period of the terminal can be adjusted according to the trusted level of the trusted area where the terminal is currently located, and then the access control policy for the terminal is adjusted.

For example, in the case shown in FIG. 7, the first threshold is -80 dBm, and the second threshold is -30 dBm. The threshold corresponding to the boundary of the first-level conditional trusted region and the second-level conditional trusted region is -40 dBm.

If the received signal strength of the terminal is S>=-30dBm, the terminal is allowed to access the wireless local area network without providing the access password; if the received signal strength S of the terminal is -30dBm<S=<- 40dBm, the terminal is accessed without providing the access password for the terminal. The wireless local area network detects the received signal strength of the terminal according to the detection period T=8 hours, and performs corresponding access control according to the detection result; if the received signal strength S of the terminal is: -40 dBm<S =<-80dBm, the terminal is not required to provide an access password, the terminal accesses the wireless local area network, and according to the detection period T=1 hours, the received signal strength of the terminal is detected, and correspondingly according to the detection result Access control; if the received signal strength of the terminal is S<-80dBm, the terminal needs to provide an access password, and the terminal accesses the wireless local area network based on the verification of the access password.

As can be seen from the above description, the wireless local area network access device can compare the received signal strength of the signal sent by the terminal to the wireless local area network access device with the first threshold requirement, if the received signal strength of the terminal meets the first threshold. The request indicates that the terminal is currently within a set range of trusted area from the wireless local area network access device. In this case, the terminal can access the wireless local area network without verifying the terminal, thereby In the case of security, the terminal can access the wireless local area network without verifying the terminal, which simplifies the access operation of the terminal. Further, the trusted area may be divided into an absolute trusted area and a conditionally trusted area. For the terminal in the absolute trusted area, access to the wireless local area network is not performed, and the access control is performed. The terminal in the trusted area periodically checks the received signal strength after accessing the wireless local area network. Once it is detected to move out of the trusted area, it is checked for security reasons. The card determines whether the terminal is allowed to maintain a wireless local area network connection.

FIG. 9 is a flowchart of a wireless area network access control process according to another embodiment of the present invention. The process may be performed by a wireless area network access device, and the process may include the following steps:

Step 901: Acquire a received signal strength of a signal sent by the terminal to the WLAN access device. The specific implementation process of this step is the same as step 201 in FIG. 2, and is not repeated here.

Step 902: Determine a corresponding access control policy according to the received signal strength.

Step 903: Perform wireless area network access control on the terminal according to the determined access control policy.

Optionally, in step 902 in the foregoing process, the wireless area network access device may compare the received signal strength of the terminal with the first threshold requirement; if the received signal strength meets the first threshold requirement, the terminal saves the terminal. Take the wireless LAN; otherwise, verify the terminal. Specifically, the terminal may be requested to send a wireless local area network access password, and verify the wireless local area network access password sent by the terminal. If the verification is passed, the terminal accesses the wireless local area network, otherwise the network is refused. The terminal accesses the wireless local area network. The specific implementation process of the process can be seen in the process shown in FIG. 2.

Optionally, in step 902 in the foregoing process, the wireless area network access device may compare the received signal strength of the terminal with the first threshold requirement and the second threshold requirement, and perform one of the following steps according to the comparison result: If the received signal strength meets the first threshold requirement but does not meet the second threshold If required, the terminal accesses the wireless local area network; if the received signal strength does not meet the first threshold requirement, the terminal is verified, for example, the wireless local area network access password sent by the terminal may be verified, if If the verification is passed, the terminal accesses the wireless local area network, otherwise the terminal is denied access to the wireless local area network; if the received signal strength meets the first threshold requirement and meets the second threshold requirement, the terminal accesses the wireless area. The network and access control of the terminal. Optionally, the process of performing access control on the terminal may include: detecting, according to the detection period, a received signal strength of the signal sent by the terminal to the wireless local area network access device, and detecting that the received signal strength does not meet the first threshold requirement. And performing a first processing process or a second processing process, where the first processing procedure includes: interrupting a wireless local area network connection of the terminal; and the second processing process includes: verifying the terminal, if the verification Passing, maintaining the wireless local area network connection of the terminal, otherwise interrupting the wireless local area network connection of the terminal, specifically, requesting the terminal to send a wireless local area network access password, and the wireless area network sent by the terminal The access password is verified, and if the verification is passed, the wireless local area network connection of the terminal is maintained, otherwise the wireless local area network connection of the terminal is interrupted. The specific implementation process of the above process can be seen in FIG. 5 or FIG. 8.

Further, the wireless local area network access device may determine the value according to the value range of the received signal strength of the terminal before detecting the received signal strength of the signal sent by the wireless local area network access device according to the detection period. The length of the detection period corresponding to the interval is such that the received signal strength is detected according to the length of the detection period.

Further, when the wireless local area network access device detects the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected received signal strength meets the second threshold requirement, the current local area network access device may The value interval of the received received signal strength is determined, the length of the detection period corresponding to the value interval is determined, and the length of the detection period of the terminal is updated according to the determined length of the detection period.

Further, when the wireless local area network access device detects the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected received signal strength meets the first threshold requirement but does not comply with the second The threshold requirement may stop detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device.

For the specific definitions of the first threshold, the second threshold, and the first threshold requirement and the second threshold requirement, refer to the foregoing embodiment, which is not repeated here.

As can be seen from the above description, the wireless local area network access device can receive the wireless local area network access request sent by the terminal, and determine the corresponding signal strength according to the signal strength when the wireless local area network access device sends the signal to the terminal. Accessing the control policy, and processing the wireless local area network access request sent by the terminal according to the determined access control policy, thereby implementing access control on the terminal. In the foregoing solution, according to the signal strength when the signal sent by the wireless area network access device reaches the terminal, different application scenarios are distinguished, so that corresponding wireless local area network access control policies can be used for different application scenarios. Take control.

In the above embodiments of the present invention, the user may be allowed to set the relevant threshold. Taking the situation shown in Figure 7 as an example, a wireless local area network access device The configuration interface can be provided to the user as follows: Option 1: Room is more than 60 square meters, less than 100 square meters; Option 2: Room is more than 100 square meters, less than 300 square meters.

If the user selects option 2, the wireless local area network access device may determine that the second level conditional trusted area boundary r1=50, the corresponding threshold is -80 dBm; the first level conditional trusted area boundary r1=30 The corresponding threshold is -40dBm; the absolute trusted region boundary is r1=10, and the corresponding threshold is -30dBm.

If the user selects option 2, the wireless local area network access device may determine that the second level conditional trusted area boundary r1=70, the corresponding threshold is -100 dBm; the first level conditional trusted area boundary r1=50 The corresponding threshold is -80dBm; the absolute trusted region boundary is r1=20, and the corresponding threshold is -25dBm.

Of course, the above setting method is only an example, and the invention also allows other setting methods to be adopted, for example, allowing the user to input: r1=50 meters, r2=30 meters, if=10 meters, correspondingly, the wireless local area network access device According to the above parameters input by the user, the second level conditional trusted area boundary r1=50, the corresponding threshold is -80dBm; the first level conditional trusted area boundary r1=30, the corresponding threshold is -40dBm; absolute trusted region boundary r1=10, corresponding threshold is -30dBm.

Based on the same technical concept, an embodiment of the present invention provides a wireless area network access device.

FIG. 10 is a schematic structural diagram of a wireless area network access device according to an embodiment of the present invention. The device can implement the process described in the foregoing embodiment.

As shown in the figure, the device may include: an acquisition module 1001, a comparison module 1002, and an access control module 1003, wherein: the acquisition module 1001 is configured to acquire a signal sent by the terminal to the wireless local area network access device. Receiving a signal strength; a comparison module 1002, configured to compare the received signal strength with a first threshold requirement; and an access control module 1003, configured to: when the received signal strength meets the first threshold requirement And accessing the wireless local area network; otherwise, verifying the terminal.

Optionally, the first threshold is a first set value; and the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value.

Optionally, the first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval.

Optionally, the access control module 1003 is further configured to: determine that the received signal strength meets the first threshold requirement and access the terminal to the wireless After the regional network, the received signal strength is compared with a second threshold requirement; if the received signal strength meets the second threshold requirement, access control is performed on the terminal.

Optionally, the access control module 1003 is specifically configured to: detect, according to the detection period, a received signal strength of the signal sent by the terminal to the wireless local area network access device, and when detecting that the received signal strength does not meet the foregoing When a threshold is required, one of the following steps is performed: interrupting the wireless local area network connection of the terminal; verifying the terminal, if the verification is passed, maintaining the wireless local area network connection of the terminal, otherwise interrupting the terminal Wireless LAN connection.

Optionally, the access control module 1003 is further configured to: before detecting the received signal strength of the signal sent by the wireless local area network access device by the terminal according to the detection period, according to the value interval of the received signal strength Determining the length of the detection period corresponding to the value interval; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the arrangement according to the order of the signal strength from large to small The length of the detection period corresponding to the subsequent value interval.

Optionally, the access control module 1003 is further configured to: when detecting, according to the detection period, the received signal strength of the signal sent by the terminal to the WLAN access device, if the detected received signal strength meets the The second threshold is required to determine the length of the detection period corresponding to the value interval according to the value interval of the currently detected received signal strength, and update the detection period length of the terminal according to the determined length of the detection period.

Optionally, the access control module 1003 is further configured to: when detecting, according to the detection period, the received signal strength of the signal sent by the terminal to the WLAN access device, if the detected received signal strength meets the If the first threshold requirement but does not meet the second threshold requirement, the detection of the received signal strength of the signal sent by the terminal to the wireless local area network access device is stopped.

Optionally, the first threshold is a first set value, the second threshold is a second set value, and the first set value is smaller than the second set value; A threshold requirement includes: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second set value.

Optionally, the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is smaller than an upper limit of the first set interval; the received signal strength Compliance with the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is in the second setting Within the interval.

Based on the same technical concept, an embodiment of the present invention further provides a wireless area network access device.

FIG. 11 is a schematic structural diagram of a wireless area network access device according to an embodiment of the present invention. The device can implement the process described in the foregoing embodiment.

As shown in the figure, the device may include: an obtaining module 1101, a determining module 1102, and an access control module 1103, wherein: The acquiring module 1101 is configured to acquire a received signal strength of a signal sent by the terminal to the wireless local area network access device, and the determining module 1102 is configured to determine a corresponding access control policy according to the received signal strength; and access control The module 1103 is configured to perform wireless area network access control on the terminal according to the determined access control policy.

Optionally, the determining module 1102 is specifically configured to: compare the received signal strength with a first threshold requirement, and if the received signal strength meets the first threshold requirement, access the wireless area by using the terminal. Network, otherwise, verify the terminal.

Optionally, the first threshold is a first set value; and the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value. Or the first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval.

Optionally, the determining module 1102 is specifically configured to perform one of the following operations: if the received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the terminal is accessed by using the wireless local area network; If the received signal strength does not meet the first threshold requirement, the terminal is verified; if the received signal strength meets the first threshold requirement and meets the second threshold requirement, the terminal accesses the wireless local area network, And performing access control on the terminal.

Optionally, the access control module 1103 is specifically configured to: detect, according to the detection period, a received signal strength of the signal sent by the terminal to the WLAN access device, and when detecting that the received signal strength does not meet the foregoing When a threshold is required, perform one of the following steps: interrupt the wireless local area network connection of the terminal; verify the terminal, if the verification passes, maintain the wireless local area network connection of the terminal, otherwise interrupt the terminal Wireless LAN connection.

Optionally, the access control module 1103 is further configured to: before detecting, according to the detection period, the value of the received signal strength of the signal sent by the wireless local area network access device, according to the value interval of the received signal strength, Determining the length of the detection period corresponding to the value interval; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the arrangement according to the signal strength from the largest to the smallest The length of the detection period corresponding to the value interval.

Optionally, the access control module 1103 is further configured to: when detecting, according to the detection period, the received signal strength of the signal sent by the terminal to the WLAN access device, if the detected received signal strength meets the The first threshold is required to meet the second threshold requirement, and the length of the detection period corresponding to the value interval is determined according to the value interval of the currently detected received signal strength, and the length of the detection period is updated according to the determined detection period length. The length of the detection cycle of the terminal.

Optionally, the access control module 1103 is further configured to: detect, according to the detection period, the connection of the signal sent by the terminal to the wireless local area network access device. Receiving a signal strength, if the detected received signal strength meets the first threshold requirement but does not meet the second threshold requirement, stopping detecting the received signal of the signal sent by the terminal to the wireless local area network access device strength.

Optionally, the first threshold is a first set value, the second threshold is a second set value, and the first set value is smaller than the second set value; A threshold requirement includes: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second set value.

Optionally, the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is smaller than an upper limit of the first set interval; the received signal strength Compliance with the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is in the second setting Within the interval.

Based on the same technical concept, an embodiment of the present invention provides a wireless area network access device.

FIG. 12 is a schematic structural diagram of a wireless area network access device according to an embodiment of the present invention. The device can implement the process described in the foregoing embodiment.

As shown, the device can include a processor 1201, a memory 1202, and a transceiver 1203.

The processor 1201 may be a general-purpose processor (such as a microprocessor or any conventional processor, etc.), a digital signal processor, and a dedicated product. Body circuits, field programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The memory 1202 may specifically include an internal memory and/or an external memory, such as a random memory, a flash memory, a read-only memory, a programmable read-only memory, or an electrically readable and writable programmable memory, a register. Such as the mature storage media in this field. The transceiver 1203 is configured to implement a wireless signal transceiving function.

There is a data communication connection between the processor 1201 and other modules, for example, data communication can be performed based on the bus bar architecture. The busbar architecture can include any number of interconnected busbars and bridges, specifically linked by one or more processors represented by processor 1201 and various circuits of memory represented by memory 1202. The busbar architecture can also couple various other circuits, such as peripherals, voltage regulators, and power management circuits, as is well known in the art, and therefore, will not be further described herein. The bus interface provides an interface. The processor 1201 is responsible for managing the bus bar architecture and the usual processing, and the memory 1202 can store the data used by the processor 1201 when performing operations.

The flow disclosed in the embodiment of the present invention may be applied to the processor 1201 or implemented by the processor 1201. In the implementation process, the steps of the process described in the foregoing embodiment may be completed by using hardware integrated logic in the processor 1201 or in the form of software. The methods, steps, and logical block diagrams disclosed in the embodiments of the present invention may be implemented or executed. The steps of the method disclosed in the embodiment of the present invention may be directly implemented as a hardware processor, or a hardware and software module group in the processor. The execution is completed. The software module can be located in a random storage medium, a flash memory, a read-only memory, a programmable read-only memory, or an electrically readable and writable programmable memory, a register, and the like.

Specifically, the processor 1201 is coupled to the memory 1202 for reading the computer program instructions stored in the memory 1202, and in response, performs the following operations: acquiring the receiving signal of the signal sent by the terminal to the wireless local area network access device. Intensity; compares the received signal strength with the first threshold requirement; if the received signal strength meets the first threshold requirement, the terminal accesses the wireless local area network; otherwise, the terminal is verified.

For the specific implementation process of the foregoing process, refer to the description of the foregoing embodiment, which is not repeated here.

Based on the same technical concept, an embodiment of the present invention further provides a wireless area network access device.

FIG. 13 is a schematic structural diagram of a wireless area network access device according to an embodiment of the present invention. The device can implement the process described in the foregoing embodiment.

As shown, the device can include a processor 1301, a memory 1302, and a transceiver 1303.

The processor 1301 may be a general purpose processor (such as a microprocessor or any conventional processor, etc.), a digital signal processor, a dedicated integrated circuit, a field programmable gate array or other programmable logic device, and a discrete gate. Or transistor logic devices, discrete hardware components. memory The body 1302 may specifically include an internal memory and/or an external memory, such as a random memory, a flash memory, a read-only memory, a programmable read-only memory, or an electrically readable and writable programmable memory, a register, or the like. A mature storage medium in the field. The transceiver 1303 is configured to implement a wireless signal transceiving function.

There is a data communication connection between the processor 1301 and other modules, for example, data communication can be performed based on the bus bar architecture. The busbar architecture may include any number of interconnected busbars and bridges, specifically linked by one or more processors represented by processor 1301 and various circuits of memory represented by memory 1302. The busbar architecture can also couple various other circuits, such as peripherals, voltage regulators, and power management circuits, as is well known in the art, and therefore, will not be further described herein. The bus interface provides an interface. The processor 1301 is responsible for managing the bus bar architecture and the usual processing, and the memory 1302 can store the data used by the processor 1301 when performing operations.

The flow disclosed in the embodiment of the present invention may be applied to the processor 1301 or implemented by the processor 1301. In the implementation process, the steps of the process described in the foregoing embodiment may be completed by using hardware integrated logic circuits or instructions in software form in the processor 1301. The methods, steps, and logical block diagrams disclosed in the embodiments of the present invention may be implemented or executed. The steps of the method disclosed in the embodiments of the present invention may be directly implemented as a hardware processor, or may be performed by a combination of a hardware and a software module in a processor. The software module can be located in random memory, flash memory, read-only memory, programmable read-only memory or electrically readable and writable. Programming memory, registers, etc. are well-established in storage media.

Specifically, the processor 1301 is coupled to the memory 1302, and is configured to read the computer program instructions stored in the memory 1302, and in response, perform the following operations: acquiring the receiving signal of the signal sent by the terminal to the wireless local area network access device. Intensity; determining a corresponding access control policy according to the received signal strength; and performing wireless area network access control on the terminal according to the determined access control policy.

For the specific implementation process of the foregoing process, refer to the description of the foregoing embodiment, which is not repeated here.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of a method, apparatus (system), and computer program product according to embodiments of the invention. It will be understood that each flow and/or block of the flowcharts and/or <RTIgt; These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine that executes instructions executed by a processor of a computer or other programmable data processing device Means are generated for implementing the functions specified in one or more flows of the flowchart or in a block or blocks of the block diagram.

The computer program instructions can also be stored in a computer readable memory that can boot a computer or other programmable data processing device to operate in a particular manner, such that instructions stored in the computer readable memory include instructions. An article of manufacture of a device that implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device to perform a series of operational steps on a computer or other programmable device to produce computer-implemented processing on a computer or other programmable device. The instructions executed on the steps provide steps for implementing the functions specified in one or more flows of the flowchart or in a block or blocks of the flowchart.

Although the preferred embodiment of the invention has been described, it will be apparent to those skilled in Therefore, the scope of the appended claims is intended to be construed as a

It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (39)

A wireless local area network access control method, comprising: acquiring a received signal strength of a signal sent by a terminal to a wireless local area network access device; comparing the received signal strength with a first threshold requirement; and if If the received signal strength meets the first threshold requirement, the terminal accesses the wireless local area network, otherwise, the terminal is verified. The method of claim 1, wherein the first threshold is a first set value; and the received signal strength meets the first threshold requirement, comprising: the received signal strength is greater than or equal to the first set value. The method of claim 1, wherein the first threshold is a first set interval; and the received signal strength meets the first threshold requirement, comprising: the received signal strength is within the first set interval. The method of claim 1, wherein, after determining that the received signal strength meets the first threshold requirement and the terminal accesses the wireless local area network, the method further includes: performing the received signal strength and the second threshold requirement Comparing; and if the received signal strength meets the second threshold requirement, access control is performed on the terminal. The method of claim 4, wherein the access control of the terminal comprises: Detecting, according to the detection period, the received signal strength of the signal sent by the terminal to the wireless local area network access device, and when detecting that the received signal strength does not meet the first threshold requirement, performing one of the following steps: interrupting the wireless area of the terminal The network connection; and verifying the terminal, if the verification is passed, the wireless local area network connection of the terminal is maintained, otherwise the wireless local area network connection of the terminal is interrupted. The method of claim 5, wherein, before detecting the received signal strength of the signal sent by the terminal to the wireless area network access device according to the detection period, the method further includes: determining, according to the value interval of the received signal strength, The length of the detection period corresponding to the value interval; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the arrangement according to the order of the signal strength from large to small. The length of the detection period corresponding to the value interval. The method of claim 6, wherein when the received signal strength of the signal transmitted by the terminal to the wireless local area network access device is detected according to the detection period, if the detected received signal strength meets the second threshold requirement, The method further includes: determining a length of the detection period corresponding to the value interval according to the value interval of the currently detected received signal strength; and updating the detection period length of the terminal according to the determined length of the detection period. For example, the method of claim 5, wherein When the received signal strength of the signal sent by the wireless local area network access device is periodically detected, if the detected received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the method further includes: stopping detecting The received signal strength of the signal transmitted by the terminal to the wireless local area network access device. The method of any one of claims 4 to 8, wherein the first threshold is a first set value, the second threshold is a second set value, and the first set value is less than the second set value The received signal strength meets the first threshold requirement, including: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second setting value. The method of any one of claims 4 to 8, wherein the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is smaller than the first Setting an upper limit of the interval; the received signal strength meets the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is Within the second setting interval. A wireless local area network access control method, comprising: acquiring a received signal strength of a signal sent by a terminal to a wireless local area network access device; Determining a corresponding access control policy according to the received signal strength; and performing wireless area network access control on the terminal according to the determined access control policy. The method of claim 11, wherein determining a corresponding access control policy according to the signal strength comprises: comparing the received signal strength with a first threshold requirement; and if the received signal strength meets the first If the threshold is required, the terminal accesses the wireless local area network; otherwise, the terminal is verified. The method of claim 12, wherein the first threshold is a first set value; the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; or The first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval. The method of claim 11, wherein the corresponding access control policy is determined according to the received signal strength, including one of the following: if the received signal strength meets the first threshold requirement but does not meet the second threshold requirement, The terminal accesses the wireless local area network; if the received signal strength does not meet the first threshold requirement, the terminal is verified; and if the received signal strength meets the first threshold requirement and meets the second threshold If required, the terminal accesses the wireless local area network and performs access control on the terminal. The method of claim 14, wherein the access control of the terminal comprises: detecting, according to the detection period, a received signal strength of the signal sent by the terminal to the wireless local area network access device, and detecting the received signal If the strength does not meet the first threshold requirement, perform one of the following steps: interrupt the wireless local area network connection of the terminal; and verify the terminal, if the verification is passed, maintain the wireless local area network connection of the terminal, otherwise interrupt The wireless local area network connection of the terminal. The method of claim 15, wherein, before detecting the received signal strength of the signal sent by the terminal to the wireless area network access device according to the detection period, the method further comprises: determining, according to the value interval of the received signal strength, The length of the detection period corresponding to the value interval; wherein, one value interval corresponds to a detection period length, and the length of the detection period corresponding to the previous value interval is greater than the arrangement according to the order of the signal strength from large to small. The length of the detection period corresponding to the value interval. The method of claim 16, wherein when the received signal strength of the signal transmitted by the terminal to the wireless local area network access device is detected according to the detection period, if the detected received signal strength meets the second threshold requirement, Then, it includes: according to the value range of the currently detected received signal strength, Determining a length of the detection period corresponding to the value interval; and updating the length of the detection period of the terminal according to the determined length of the detection period. The method of claim 15, wherein when the received signal strength of the signal transmitted by the terminal to the wireless local area network access device is detected according to the detection period, if the detected received signal strength meets the first threshold requirement, Compliance with the second threshold requirement further includes: stopping detecting the received signal strength of the signal sent by the terminal to the WLAN access device. The method of any one of claims 14 to 18, wherein the first threshold is a first set value, the second threshold is a second set value, and the first set value is less than the second set value The received signal strength meets the first threshold requirement, including: the received signal strength is greater than or equal to the first set value; and the received signal strength meets the second threshold requirement, including: the received signal strength is less than the second setting value. The method of any one of claims 14 to 18, wherein the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is less than the first Setting an upper limit of the interval; the received signal strength meets the first threshold requirement, including: the received signal strength is within the first set interval; and the received signal strength meets the second threshold requirement, including: the received signal strength is Within the second setting interval. A wireless local area network access device, comprising: an acquisition module, configured to acquire a received signal strength of a signal sent by a terminal to a wireless local area network access device; and a comparison module, configured to compare the received signal strength with the A threshold is required for comparison; and an access control module is configured to access the wireless local area network if the received signal strength meets the first threshold requirement; otherwise, verify the terminal. The device of claim 21, wherein the first threshold is a first set value; the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; or The first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval. The device of claim 21, wherein the access control module is further configured to: determine the received signal strength after the received signal strength meets the first threshold requirement and the terminal accesses the wireless local area network Comparing with the second threshold requirement; if the received signal strength meets the second threshold requirement, access control is performed on the terminal. The device of claim 23, wherein the access control module is configured to: detect, according to a detection period, a received signal strength of a signal sent by the terminal to a wireless area network access device, and when detected When the received signal strength does not meet the first threshold requirement, perform one of the following steps: interrupt the wireless local area network connection of the terminal; and verify the terminal, if the verification is passed, maintain the wireless local area network connection of the terminal, Otherwise, the wireless LAN connection of the terminal is interrupted. The device of claim 24, wherein the access control module is further configured to: before detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, according to the received signal strength The value interval is determined, and the length of the detection period corresponding to the value interval is determined; wherein, one value interval corresponds to a detection period length, and the detection corresponding to the previous value interval is performed according to the order of the signal strength from large to small. The period length is greater than the length of the detection period corresponding to the subsequent value interval. The device of claim 25, wherein the access control module is further configured to: when detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected signal strength is detected The received signal strength meets the second threshold requirement, and the length of the detection period corresponding to the value interval is determined according to the value interval of the currently detected received signal strength, and the detection period of the terminal is updated according to the determined length of the detection period. length. The device of claim 24, wherein the access control module is further configured to: When detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the detection is stopped. The received signal strength of the signal transmitted by the terminal to the wireless local area network access device. The device of any one of claims 23 to 27, wherein the first threshold is a first set value, the second threshold is a second set value, and the first set value is less than the second set value The received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; the received signal strength meets the second threshold requirement, and the received signal strength is less than the second set value. Or the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is less than an upper limit of the first set interval; the received signal strength meets the first threshold requirement The method includes: the received signal strength is in the first set interval; the received signal strength meets the second threshold requirement, and the received signal strength is in the second set interval. A wireless local area network access device, comprising: an acquisition module, configured to acquire a received signal strength of a signal sent by a terminal to a wireless local area network access device; and a determining module configured to use the received signal strength , determine the corresponding deposit Taking a control strategy; and an access control module for performing wireless area network access control on the terminal according to the determined access control policy. The device of claim 29, wherein the determining module is specifically configured to: compare the received signal strength with a first threshold requirement; and if the received signal strength meets the first threshold requirement, the terminal is Access the wireless LAN, otherwise verify the terminal. The device of claim 30, wherein the first threshold is a first set value; the received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; or The first threshold is a first set interval; the received signal strength meets the first threshold requirement, and the received signal strength is within the first set interval. The device of claim 29, wherein the determining module is specifically configured to perform one of the following operations: if the received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the terminal accesses the wireless a local area network; if the received signal strength does not meet the first threshold requirement, the terminal is verified; and if the received signal strength meets the first threshold requirement and meets the second threshold requirement, the terminal accesses the wireless area network Road and save the terminal Take control. The device of claim 32, wherein the access control module is configured to: detect, according to a detection period, a received signal strength of a signal sent by the terminal to the wireless area network access device, and when the received signal is detected If the strength does not meet the first threshold requirement, perform one of the following steps: interrupt the wireless local area network connection of the terminal; and verify the terminal, if the verification is passed, maintain the wireless local area network connection of the terminal, otherwise interrupt The wireless local area network connection of the terminal. The device of claim 33, wherein the access control module is further configured to: before detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, according to the received signal strength The value interval is determined, and the length of the detection period corresponding to the value interval is determined; wherein, one value interval corresponds to a detection period length, and the detection corresponding to the previous value interval is performed according to the order of the signal strength from large to small. The period length is greater than the length of the detection period corresponding to the subsequent value interval. The device of claim 34, wherein the access control module is further configured to: when detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected signal strength is detected The received signal strength meets the first threshold requirement and meets the second threshold requirement, and the value interval is determined according to the value interval of the currently detected received signal strength. Corresponding detection cycle length, and updating the detection cycle length of the terminal according to the determined detection cycle length. The device of claim 33, wherein the access control module is further configured to: when detecting the received signal strength of the signal sent by the terminal to the wireless local area network access device according to the detection period, if the detected signal strength is detected If the received signal strength meets the first threshold requirement but does not meet the second threshold requirement, the detection of the received signal strength of the signal sent by the terminal to the WLAN access device is stopped. The device of any one of claims 32 to 36, wherein the first threshold is a first set value, the second threshold is a second set value, and the first set value is less than the second set value The received signal strength meets the first threshold requirement, and the received signal strength is greater than or equal to the first set value; the received signal strength meets the second threshold requirement, and the received signal strength is less than the second set value. Or the first threshold is a first set interval, the second threshold is a second set interval, and an upper limit of the second set interval is less than an upper limit of the first set interval; the received signal strength meets the first threshold requirement The method includes: the received signal strength is in the first set interval; the received signal strength meets the second threshold requirement, and the received signal strength is in the second set interval. Wireless area network access device, characterized in that The transceiver is configured to send and receive wireless signals; the memory is configured to store computer program instructions; the processor is coupled to the memory for reading computer program instructions stored in the memory, and in response, performing the following operations Obtaining a received signal strength of a signal sent by the terminal to the wireless local area network access device; comparing the received signal strength with a first threshold requirement; and if the received signal strength meets the first threshold requirement, storing the terminal Take the wireless LAN; otherwise, verify the terminal. A wireless local area network access device, comprising: a transceiver for transmitting and receiving wireless signals; a memory for storing computer program instructions; and a processor coupled to the memory for reading the memory The stored computer program instructions, and in response, perform the following operations: obtaining the received signal strength of the signal sent by the terminal to the wireless local area network access device; determining the corresponding access control policy according to the received signal strength; The access control policy is performed, and the wireless local area network access control is performed on the terminal.