WO2016082500A1 - Wireless network access method and apparatus - Google Patents

Wireless network access method and apparatus Download PDF

Info

Publication number
WO2016082500A1
WO2016082500A1 PCT/CN2015/079836 CN2015079836W WO2016082500A1 WO 2016082500 A1 WO2016082500 A1 WO 2016082500A1 CN 2015079836 W CN2015079836 W CN 2015079836W WO 2016082500 A1 WO2016082500 A1 WO 2016082500A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
wireless network
access
information
authenticated
Prior art date
Application number
PCT/CN2015/079836
Other languages
French (fr)
Chinese (zh)
Inventor
李伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016082500A1 publication Critical patent/WO2016082500A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions

Definitions

  • This paper relates to the field of network security for wireless networks, and in particular to a wireless network access method and related devices.
  • Wi-Fi access hotspots are increasing. Whether in the home or city shopping malls, restaurants, or movie theaters, Wi-Fi networks have been deployed in large numbers. This presents a problem: in the mall. In public places such as restaurants, movie theaters, and movie theaters, the wireless network is open to the public, and any user within its coverage can access it. However, in the home, network traffic often requires payment, and we may not want neighbors within the coverage of the hotspot. User access, and more importantly, a large number of external users access, exerting great pressure on limited network traffic and affecting their own network experience. However, there are many softwares and technologies for cracking wireless passwords on the market, so this situation is not easy to avoid.
  • the wireless network limits the access of unknown users (illegal users) mainly:
  • the shortcoming of the above mechanism is that some technologies can modify the MAC address of the terminal at present. Therefore, relying solely on the MAC address to limit the failure; and the secondary authentication of the application layer only increases the difficulty of cracking by adding a layer of insurance, and cannot fundamentally Restrict users.
  • An object of the present invention is to provide a wireless network access method and apparatus, which can better solve the problem of illegal users accessing a wireless network.
  • a wireless network access method includes:
  • Disconnecting or maintaining a wireless network connection of the authenticated terminal according to the access control instruction Disconnecting or maintaining a wireless network connection of the authenticated terminal according to the access control instruction.
  • the step of disconnecting or maintaining the wireless network connection of the authenticated terminal according to the access control instruction includes:
  • the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
  • the step of confirming whether to disconnect the wireless network connection of the authenticated terminal according to the access control instruction includes:
  • the access control instruction is an instruction for maintaining terminal access, maintaining a wireless network connection of the authenticated terminal, and saving the terminal information and the hold information of the authenticated terminal to an access record table.
  • the method further includes:
  • the wireless network connection of the authenticated terminal is disconnected.
  • the method further includes:
  • the terminal information of the authenticated terminal is searched in the access record table
  • a wireless network access device includes an information acquisition module, an information transceiver module, and an access control module, wherein:
  • the information acquiring module is configured to: when the authenticated terminal is accessed in the wireless network, obtain the Terminal information of the authenticated terminal;
  • the information transceiver module is configured to: report terminal information of the authenticated terminal to a user interface, and receive an access control instruction input by the user through the user interface;
  • the access control module is configured to: disconnect or maintain a wireless network connection of the authenticated terminal according to the access control instruction.
  • the access control module is configured to disconnect or maintain the wireless network connection of the authenticated terminal according to the access control instruction as follows:
  • the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
  • the access control module is configured to disconnect or maintain the wireless network connection of the authenticated terminal according to the access control instruction as follows:
  • the access control instruction is an instruction for maintaining terminal access
  • the wireless network connection of the authenticated terminal is maintained, and the terminal information and the hold information of the authenticated terminal are saved to the access record table.
  • the access control module is further configured to: disconnect the wireless network connection of the authenticated terminal.
  • the device further includes an information query module and an access determination module, where:
  • the information querying module is configured to: when the authenticated terminal is re-accessed in the wireless network, look up the terminal information of the authenticated terminal in the access record table;
  • the access determination module is configured to: disconnect the wireless network connection of the authenticated terminal according to the disconnection information corresponding to the found terminal information, or keep the already-maintained information according to the found terminal information The wireless network connection of the authentication terminal.
  • a computer program comprising program instructions that, when executed by a computer, cause the computer to perform any of the wireless network access methods described above.
  • a carrier carrying the computer program A carrier carrying the computer program.
  • the restricted access mechanism proposed by the technical solution of the present invention can "catch out” by illegal judgment even if an illegal user accesses a hot spot, although human-computer interaction brings extra work, but when the machine is powerless, the human operation more reliable.
  • FIG. 1 is a schematic block diagram of a wireless network access method according to a first embodiment of the present invention
  • FIG. 2 is a block diagram of a wireless network access apparatus according to a first embodiment of the present invention
  • FIG. 3 is a flowchart of wireless network access according to a first embodiment of the present invention.
  • FIG. 4 is a schematic block diagram of a wireless network access method according to a second embodiment of the present invention.
  • FIG. 5 is a block diagram of a wireless network access apparatus according to a second embodiment of the present invention.
  • FIG. 6 is a flowchart of wireless network access according to a second embodiment of the present invention.
  • FIG. 7 is a flowchart of wireless network access according to a third embodiment of the present invention.
  • FIG. 8 is a schematic diagram of interaction between functional modules of a wireless network access according to a third embodiment of the present invention.
  • FIG. 1 is a schematic block diagram of a wireless network access method according to a first embodiment of the present invention. As shown in FIG. 1, the steps include:
  • Step S11 When the authenticated terminal is accessed in the wireless network, the terminal information of the authenticated terminal is obtained.
  • the terminal information of the terminal is obtained, and the terminal information includes a MAC address and a host name of the terminal.
  • Step S12 Reporting the terminal information of the authenticated terminal to the user, and waiting to receive an access control instruction from the user;
  • Step S13 Confirm whether to disconnect the wireless network connection of the authenticated terminal according to the access control instruction from the user.
  • the access control command is an instruction for restricting access by the terminal
  • confirming that the authenticated terminal performs the access restriction process that is, confirming that the wireless network connection of the authenticated terminal is disconnected
  • the terminal information of the authenticated terminal is The confirmation information used to reject the terminal access is saved to the access record table.
  • the access control command is an instruction for maintaining terminal access
  • confirming that the authenticated terminal does not perform access restriction processing that is, confirming that the wireless network connection of the authenticated terminal is maintained
  • the terminal information of the authenticated terminal is The confirmation information used to keep the terminal access is saved to the access record table.
  • step S12 When the access control instruction from the user is not received within the preset time in step S12, it is confirmed that the access restriction processing is performed on the authenticated terminal, that is, the wireless network connection of the authenticated terminal is disconnected. At this time, the terminal information of the authenticated terminal and the confirmation information for denying the terminal access may be saved to the access record table, or may not be saved.
  • the present embodiment is based on the defects and deficiencies of the current limited access terminal (ie, an illegal terminal) accessing the wireless network, and the information of the terminal accessing the wireless network is used to determine the legality of the terminal again, so that the user is protected from the traffic loss caused by the wireless network. And the experience of rate diversion brings down the problem.
  • the current limited access terminal ie, an illegal terminal
  • the information includes an information acquiring module 11, an information transceiver module 12, and an access control module 13.
  • the information obtaining module 11 is configured to acquire terminal information of the authenticated terminal when the authenticated terminal is first accessed in the wireless network, where the terminal information includes a MAC address and a host name of the terminal.
  • the information transceiver module 12 is configured to: report the terminal information of the authenticated terminal to the user, and wait to receive an access control instruction from the user.
  • the access control module 13 is configured to confirm whether to disconnect the wireless network connection of the authenticated terminal according to the access control command from the user.
  • the access control module Block 13 confirms that the authenticated terminal performs an access restriction process, that is, confirms that the wireless network connection of the authenticated terminal is disconnected, and saves the terminal information of the authenticated terminal and the confirmation information for rejecting the terminal access to the access record.
  • the access control module 13 confirms that the authenticated terminal does not perform access restriction processing, that is, confirms that the wireless network connection of the authenticated terminal is maintained, and The terminal information of the authenticated terminal and the confirmation information for maintaining the terminal access are saved to the access record table.
  • the access control module 13 It is confirmed that the access restriction processing is performed on the authenticated terminal, that is, the wireless network connection of the authenticated terminal is disconnected, and the terminal information of the authenticated terminal and the confirmation information for denying the terminal access can be saved to the access record table.
  • This embodiment is based on some characteristics of the current terminal and hotspot authentication connection process.
  • the user can be prompted to increase the human-computer interaction function, and then the user is judged whether it is a legitimate terminal, and can be fundamentally Eliminate illegal terminal network.
  • FIG. 3 is a flowchart of wireless network access according to the first embodiment of the present invention. As shown in FIG. 3, the steps include:
  • Step S21 The user turns on the hotspot, and the system is initialized.
  • the hotspot periodically sends the beacon frame for the terminal to search, and the loop waits for the terminal access event reported by the bottom layer.
  • the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure a successful connection.
  • the terminal After the terminal successfully accesses the current hotspot, the terminal obtains information about the terminal, such as a MAC address, a host name, and an assigned IP address.
  • Step S22 The terminal information is reported to the UI interface, and the user confirms whether to refuse to access the terminal.
  • the UI interface pops up a dialog box.
  • a specific prompt tone can be issued to remind the user to make a selection.
  • the option is divided into whether to allow the current connection or the rejection.
  • the user can basically confirm whether it is himself or not based on the MAC address of the access terminal and the host name. Access terminal.
  • Step S23 Waiting to receive an access control instruction from the user.
  • Step S24 It is judged whether an access control instruction is received, and if yes, step S26 is performed, otherwise step S25 is performed.
  • Step S25 determining whether it is timed out.
  • step S28 is performed; otherwise, step S23 is performed.
  • Step S26 determining whether the received access control command is used to restrict the terminal access instruction or the instruction for maintaining the terminal access. If the instruction is used to restrict the terminal access, step S28 is performed; otherwise, the step is performed. S27.
  • Step S27 When the access control instruction is an instruction for maintaining terminal access, confirming that the authenticated terminal does not perform access restriction processing, that is, confirming that the current wireless network connection of the authenticated terminal is maintained, and The terminal information and the confirmation information for maintaining the terminal access are saved.
  • Step S28 When the access control instruction is an instruction for restricting terminal access, confirming that the authenticated terminal performs an access restriction process, that is, confirming disconnection of the current wireless network connection of the authenticated terminal, and The terminal information of the authenticated terminal and the confirmation information for rejecting the terminal access are saved to the access record table.
  • FIG. 4 is a schematic block diagram of a wireless network access method according to a second embodiment of the present invention. Compared with the first embodiment shown in FIG. 1, the second embodiment provided in FIG. 4 adds the following steps:
  • Step S14 When the authenticated terminal is re-accessed in the wireless network, the terminal information of the authenticated terminal is searched in the access record table.
  • Step S15 determining to disconnect the wireless network connection of the authenticated terminal according to the acknowledgment information for restricting terminal access corresponding to the found terminal information, or to maintain the terminal access according to the found terminal information.
  • the confirmation information determines that the wireless network connection of the authenticated terminal is maintained.
  • the access record can be accessed. Find the terminal information in the table, and after finding the terminal information of the terminal, confirm whether to disconnect the wireless network according to the confirmation information corresponding to the terminal information.
  • FIG. 5 is a block diagram of a wireless network access device according to a second embodiment of the present invention. Compared with the first embodiment shown in FIG. 2, the second embodiment provided in FIG. 5 adds the following modules:
  • the information querying module 14 is configured to: when the authenticated terminal is re-accessed in the wireless network, look up the terminal information of the authenticated terminal in the access record table.
  • the access determining module 15 is configured to: determine, according to the found terminal information, the acknowledgment information for restricting the access of the terminal, disconnect the wireless network connection of the authenticated terminal, or use the corresponding terminal information according to the found terminal information.
  • the acknowledgment information of the terminal access is maintained, and it is determined that the wireless network connection of the authenticated terminal is maintained.
  • the information querying module 14 finds the terminal information of the authenticated terminal in the access record table, and the access determining module 14 is configured to: follow the terminal information.
  • Corresponding confirmation information determines whether or not the access restriction process is performed on the authenticated terminal, that is, whether the wireless network connection of the authenticated terminal is disconnected.
  • FIG. 6 is a flowchart of wireless network access according to a second embodiment of the present invention. As shown in FIG. 6, the steps include:
  • Step S31 The user turns on the hotspot, and the system initialization is completed.
  • the hotspot periodically sends a beacon frame for the terminal to search for, while waiting for the terminal access event reported by the bottom layer.
  • the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure a successful connection.
  • the terminal After the terminal successfully accesses the current hotspot, the terminal obtains information about the terminal, such as a MAC address, a host name, and an assigned IP address.
  • Step S32 Find the terminal information in the access record table.
  • Step S33 determining whether the terminal information is found in the access record table, that is, determining whether the terminal information has been saved, if it is saved in the access record table, executing step S34, otherwise performing the steps of the embodiment shown in FIG. S22.
  • Step S34 Acquire the confirmation information corresponding to the saved terminal information, and determine whether the confirmation information is confirmation information for rejecting the terminal access. If yes, execute step S36; otherwise, execute step S35.
  • Step S35 Maintain the current connection.
  • Step S36 Disconnect the current connection.
  • FIG. 7 is a flowchart of wireless network access according to a third embodiment of the present invention. As shown in FIG. 7, the steps include:
  • Step S201 The user turns on the hotspot, and the system initialization is completed.
  • Step S202 The hotspot periodically broadcasts the beacon frame for the terminal to search for, while waiting for the event reported by the bottom layer.
  • Step S203 When a terminal requests access, the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure successful connection.
  • Step S204 After the terminal successfully accesses the current hotspot, obtain the connection information (ie, terminal information) of the terminal, such as a MAC address, a host name, an assigned IP, and the like, and save the information.
  • connection information ie, terminal information
  • Step S205 The information is reported to the UI interface, and the user determines whether to refuse to access the terminal.
  • the UI interface may be set on the hotspot, or may be set on the legal terminal, or may be set independently.
  • an audible and/or optical alarm may also be performed.
  • Step S206 The UI interface pops up a dialog box, and in actuality, a specific prompt tone may be issued to remind the user to make a selection; the option is divided into whether to allow the current connection or the rejection, and the user can basically judge according to the MAC address of the access terminal and the host name. Whether it is a terminal that is accessed by itself, if not, it selects rejection, and step S207 is performed. If the user does not have any operation within 1 minute, the default selection is rejected, and step S207 is performed.
  • Step S207 The information of the rejected terminal is saved, including terminal information and confirmation information for denying terminal access.
  • Step S208 After making a selection, triggering to enter a judgment flow for the current access terminal. If the current access terminal is rejected by the user or rejected by default, a disconnection instruction is issued, that is, an access control instruction for restricting the terminal access, otherwise, A hold command is issued, that is, an access control command that maintains terminal access.
  • Step S209 After receiving the disconnection instruction, the specific connected terminal can be kicked out and disconnected by a specific command provided by the chip manufacturer during the specific implementation.
  • Step S210 After receiving the hold command, the current connection is maintained.
  • the features of the embodiment are: 1.
  • the user participates in judging a legal or illegal terminal; 2.
  • the access just leaks its own terminal.
  • the information when kicked out of the network by this embodiment, can also effectively prevent the terminal from being accessed again by using the terminal information.
  • FIG. 8 is a schematic diagram of interaction between functional modules of a wireless network access according to a third embodiment of the present invention. As shown in FIG. 8, the method includes: a Wi-Fi authentication connection module 21, a Wi-Fi monitoring module 22, and a human machine.
  • the interactive interface 23, the restricted terminal information saving module 24, the terminal information determining module 25, and the disconnected terminal module 26 implement the functions of the modules of FIGS. 2 and 5.
  • the Wi-Fi authentication connection module 21 mainly processes the Wi-Fi connection request, processes the basic authentication process, and finally completes the connection, and mainly records the MAC address of the current access terminal, and parses out the host name and other information of the terminal.
  • the Wi-Fi monitoring module 22 monitors different states of the Wi-Fi, and reports the information accessed by the client to the human-machine interaction interface 23 when a client access is detected.
  • the human-computer interaction interface 23 mainly implements a pop-up dialog box for the user to select whether to allow or deny the connection when receiving the information of the client access, and implements an automatic mechanism.
  • the user refuses the connection by default after a period of no operation.
  • the restriction terminal information saving module 24 saves the rejected terminal information into a specific restriction file after the user selects the rejection terminal to maintain the connection through the user interaction interface.
  • the terminal information judging module 25 compares the currently accessed terminal information with the terminal information read from the restriction file. If the currently accessed terminal information is found in the restriction file, the command to actively kick off the terminal is immediately sent.
  • the disconnected terminal module 26 After disconnecting the terminal module 26 to receive the command to kick off the terminal, the disconnected terminal module 26 actively disconnects the current connection.
  • the information when there is a terminal access, the information needs to be fed back to the upper layer, so that the user selects permission or rejection.
  • information such as the MAC address and the host name of the terminal needs to be marked to prevent the terminal from being accessed again after the user refuses to access the terminal. Trouble.
  • the embodiment of the invention also discloses a computer program, comprising program instructions, which when executed by a computer, enable the computer to perform any of the above wireless network access methods.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the terminal information can be reported to the user interaction interface, and even a prompt tone is issued, and the button is selected to maintain or reject the terminal access, which is fast and convenient;
  • the marking function of the terminal information such as the MAC address and the host name causes the unknown terminal (illegal terminal) to expose the identity and is difficult to access again.
  • the restricted access mechanism proposed by the technical solution of the present invention can "catch out” by illegal judgment even if an illegal user accesses a hot spot, although human-computer interaction brings extra work, but when the machine is powerless, the human operation more reliable. Therefore, the present invention has strong industrial applicability.

Abstract

A wireless network access method and apparatus, which relate to the field of wireless networks. The method comprises: when an authenticated terminal accesses a wireless network, acquiring terminal information of the authenticated terminal; reporting the terminal information of the authenticated terminal to a user, and waiting to receive an access control instruction from the user; and determining whether to break the wireless network connection of the authenticated terminal according to the access control instruction from the user. The technical scheme of the present invention can effectively prevent an unauthenticated terminal from accessing a wireless network.

Description

一种无线网络接入方法及装置Wireless network access method and device 技术领域Technical field
本文涉及无线网络的网络安全领域,特别涉及一种无线网络接入方法及相关的装置。This paper relates to the field of network security for wireless networks, and in particular to a wireless network access method and related devices.
背景技术Background technique
随着无线网络技术的发展,Wi-Fi接入热点越来越多,无论是在家庭还是城市的商场、餐饮店或电影院等都已大量布局Wi-Fi网络,这就出现一个问题:在商场、餐饮店或电影院等大众场合,无线网络对外开放,任何在其覆盖范围内的用户都可以接入使用,但是在家庭中,往往网络流量需要付费,我们可能不希望在热点覆盖范围内的邻居用户接入,更重要的,大量的外来用户接入,对有限的网络流量造成很大压力,影响自己的网络体验。但是市面上破解无线密码的软件和技术较多,所以这种情况并不容易避免。With the development of wireless network technology, Wi-Fi access hotspots are increasing. Whether in the home or city shopping malls, restaurants, or movie theaters, Wi-Fi networks have been deployed in large numbers. This presents a problem: in the mall. In public places such as restaurants, movie theaters, and movie theaters, the wireless network is open to the public, and any user within its coverage can access it. However, in the home, network traffic often requires payment, and we may not want neighbors within the coverage of the hotspot. User access, and more importantly, a large number of external users access, exerting great pressure on limited network traffic and affecting their own network experience. However, there are many softwares and technologies for cracking wireless passwords on the market, so this situation is not easy to avoid.
目前无线网络限制不明用户(非法用户)接入的方法主要有:At present, the wireless network limits the access of unknown users (illegal users) mainly:
1、使用黑白名单功能,把自己终端的MAC地址放进白名单,将不明终端(非法终端)的MAC地址拉进黑名单,从而在预先身份认证阶段将不明终端隔离;1. Using the black and white list function, put the MAC address of the terminal into the whitelist, and pull the MAC address of the unknown terminal (illegal terminal) into the blacklist, thereby isolating the unknown terminal in the pre-authentication phase;
2、在应用层利用账号密码功能进行二次认证,以增强安全性;2. Use the account password function for secondary authentication at the application layer to enhance security;
以上机制的缺陷在于:目前一些技术可以修改终端的MAC地址,因此,单纯依靠MAC地址来限制会失效;而应用层的二次认证只是通过增加一层保险,增加破解难度,并不能从根本上限制不明用户。The shortcoming of the above mechanism is that some technologies can modify the MAC address of the terminal at present. Therefore, relying solely on the MAC address to limit the failure; and the secondary authentication of the application layer only increases the difficulty of cracking by adding a layer of insurance, and cannot fundamentally Restrict users.
发明内容Summary of the invention
本发明的目的在于提供一种无线网络接入方法及装置,能更好地解决非法用户接入无线网络的问题。An object of the present invention is to provide a wireless network access method and apparatus, which can better solve the problem of illegal users accessing a wireless network.
为解决上述技术问题,采用如下技术方案:In order to solve the above technical problems, the following technical solutions are adopted:
一种无线网络接入方法,包括: A wireless network access method includes:
当无线网络中接入已认证终端时,获取所述已认证终端的终端信息;Obtaining terminal information of the authenticated terminal when accessing the authenticated terminal in the wireless network;
将所述已认证终端的终端信息上报至用户接口,并接收用户通过该用户接口输入的接入控制指令;And uploading the terminal information of the authenticated terminal to the user interface, and receiving an access control instruction input by the user through the user interface;
根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接。Disconnecting or maintaining a wireless network connection of the authenticated terminal according to the access control instruction.
可选地,所述根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接的步骤包括:Optionally, the step of disconnecting or maintaining the wireless network connection of the authenticated terminal according to the access control instruction includes:
当所述接入控制指令是用来限制终端接入的指令时,断开所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和断开信息保存至接入记录表。When the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
可选地,所述根据所述接入控制指令,确认是否断开所述已认证终端的无线网络连接的步骤包括:Optionally, the step of confirming whether to disconnect the wireless network connection of the authenticated terminal according to the access control instruction includes:
当所述接入控制指令是用来保持终端接入的指令时,保持所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和保持信息保存至接入记录表。And when the access control instruction is an instruction for maintaining terminal access, maintaining a wireless network connection of the authenticated terminal, and saving the terminal information and the hold information of the authenticated terminal to an access record table.
可选地,该方法还包括:Optionally, the method further includes:
若在预设时间内未收到来自用户的接入控制指令,则断开所述已认证终端的无线网络连接。If the access control command from the user is not received within the preset time, the wireless network connection of the authenticated terminal is disconnected.
可选地,该方法还包括:Optionally, the method further includes:
当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息;When the authenticated terminal is re-accessed in the wireless network, the terminal information of the authenticated terminal is searched in the access record table;
按照所找到的终端信息对应的断开信息,断开所述已认证终端的无线网络连接,或者按照所找到的终端信息对应的保持信息,保持所述已认证终端的无线网络连接。And disconnecting the wireless network connection of the authenticated terminal according to the disconnected information corresponding to the found terminal information, or maintaining the wireless network connection of the authenticated terminal according to the retained information corresponding to the found terminal information.
一种无线网络接入装置,包括信息获取模块、信息收发模块和接入控制模块,其中:A wireless network access device includes an information acquisition module, an information transceiver module, and an access control module, wherein:
所述信息获取模块设置成:当无线网络中接入已认证终端时,获取所述 已认证终端的终端信息;The information acquiring module is configured to: when the authenticated terminal is accessed in the wireless network, obtain the Terminal information of the authenticated terminal;
所述信息收发模块设置成:将所述已认证终端的终端信息上报至用户接口,并接收用户通过用户接口输入的接入控制指令;The information transceiver module is configured to: report terminal information of the authenticated terminal to a user interface, and receive an access control instruction input by the user through the user interface;
所述接入控制模块设置成:根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接。The access control module is configured to: disconnect or maintain a wireless network connection of the authenticated terminal according to the access control instruction.
可选地,所述接入控制模块设置成按照如下方式根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接:Optionally, the access control module is configured to disconnect or maintain the wireless network connection of the authenticated terminal according to the access control instruction as follows:
在所述接入控制指令是用来限制终端接入的指令时,断开所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和断开信息保存至接入记录表。When the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
可选地,所述接入控制模块设置成按照如下方式根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接:Optionally, the access control module is configured to disconnect or maintain the wireless network connection of the authenticated terminal according to the access control instruction as follows:
在所述接入控制指令是用来保持终端接入的指令时,保持所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和保持信息保存至接入记录表。When the access control instruction is an instruction for maintaining terminal access, the wireless network connection of the authenticated terminal is maintained, and the terminal information and the hold information of the authenticated terminal are saved to the access record table.
可选地,所述信息收发模块在预设时间内未收到来自用户的接入控制指令时,所述接入控制模块还设置成:断开所述已认证终端的无线网络连接。Optionally, when the information transceiver module does not receive an access control command from the user within a preset time, the access control module is further configured to: disconnect the wireless network connection of the authenticated terminal.
可选地,该装置还包括信息查询模块和接入判定模块,其中:Optionally, the device further includes an information query module and an access determination module, where:
所述信息查询模块设置成:当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息;The information querying module is configured to: when the authenticated terminal is re-accessed in the wireless network, look up the terminal information of the authenticated terminal in the access record table;
所述接入判定模块设置成:按照所找到的终端信息对应的断开信息,断开所述已认证终端的无线网络连接,或者,按照所找到的终端信息对应的保持信息,保持所述已认证终端的无线网络连接。The access determination module is configured to: disconnect the wireless network connection of the authenticated terminal according to the disconnection information corresponding to the found terminal information, or keep the already-maintained information according to the found terminal information The wireless network connection of the authentication terminal.
一种计算机程序,包括程序指令,当该程序指令被计算机执行时,使得该计算机可执行上述任意的无线网络接入方法。 A computer program comprising program instructions that, when executed by a computer, cause the computer to perform any of the wireless network access methods described above.
一种载有所述计算机程序的载体。A carrier carrying the computer program.
与相关技术相比较,本发明的有益效果在于:Compared with the related art, the beneficial effects of the present invention are:
本发明技术方案提出的限制接入机制,即使非法用户接入热点,仍可以通过人为判断将其“赶出去”,虽然人机交互带来了额外的工作,但是当机器无能为力时,人为的操作更可靠。The restricted access mechanism proposed by the technical solution of the present invention can "catch out" by illegal judgment even if an illegal user accesses a hot spot, although human-computer interaction brings extra work, but when the machine is powerless, the human operation more reliable.
附图概述BRIEF abstract
图1是本发明第一实施例提供的无线网络接入方法原理框图;1 is a schematic block diagram of a wireless network access method according to a first embodiment of the present invention;
图2是本发明第一实施例提供的无线网络接入装置框图;2 is a block diagram of a wireless network access apparatus according to a first embodiment of the present invention;
图3是本发明第一实施例提供的无线网络接入流程图;3 is a flowchart of wireless network access according to a first embodiment of the present invention;
图4是本发明第二实施例提供的无线网络接入方法原理框图;4 is a schematic block diagram of a wireless network access method according to a second embodiment of the present invention;
图5是本发明第二实施例提供的无线网络接入装置框图;FIG. 5 is a block diagram of a wireless network access apparatus according to a second embodiment of the present invention; FIG.
图6是本发明第二实施例提供的无线网络接入流程图;6 is a flowchart of wireless network access according to a second embodiment of the present invention;
图7是本发明第三实施例提供的无线网络接入流程图;7 is a flowchart of wireless network access according to a third embodiment of the present invention;
图8是本发明第三实施例提供的无线网络接入的各功能模块之间的交互示意图。FIG. 8 is a schematic diagram of interaction between functional modules of a wireless network access according to a third embodiment of the present invention.
本发明的较佳实施方式Preferred embodiment of the invention
以下结合附图对本发明的优选实施例进行详细说明,应当理解,以下所说明的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings.
第一实施例First embodiment
图1是本发明第一实施例提供的无线网络接入方法原理框图,如图1所示,步骤包括:1 is a schematic block diagram of a wireless network access method according to a first embodiment of the present invention. As shown in FIG. 1, the steps include:
步骤S11:当无线网络中接入已认证终端时,获取已认证终端的终端信息。 Step S11: When the authenticated terminal is accessed in the wireless network, the terminal information of the authenticated terminal is obtained.
当终端通过身份认证和/或密码认证接入无线网络时,索取该终端的终端信息,所述终端信息包括终端的MAC地址和主机名等。When the terminal accesses the wireless network through identity authentication and/or password authentication, the terminal information of the terminal is obtained, and the terminal information includes a MAC address and a host name of the terminal.
步骤S12:将已认证终端的终端信息上报至用户,并等待接收来自用户的接入控制指令;Step S12: Reporting the terminal information of the authenticated terminal to the user, and waiting to receive an access control instruction from the user;
步骤S13:根据所述来自用户的接入控制指令,确认是否断开所述已认证终端的无线网络连接。Step S13: Confirm whether to disconnect the wireless network connection of the authenticated terminal according to the access control instruction from the user.
当接入控制指令是用来限制终端接入的指令时,确认对已认证终端进行接入限制处理,即确认断开所述已认证终端的无线网络连接,并将已认证终端的终端信息和用来拒绝终端接入的确认信息保存至接入记录表。When the access control command is an instruction for restricting access by the terminal, confirming that the authenticated terminal performs the access restriction process, that is, confirming that the wireless network connection of the authenticated terminal is disconnected, and the terminal information of the authenticated terminal is The confirmation information used to reject the terminal access is saved to the access record table.
当接入控制指令是用来保持终端接入的指令时,确认对已认证终端不进行接入限制处理,即确认保持所述已认证终端的无线网络连接,并将已认证终端的终端信息和用来保持终端接入的确认信息保存至接入记录表。When the access control command is an instruction for maintaining terminal access, confirming that the authenticated terminal does not perform access restriction processing, that is, confirming that the wireless network connection of the authenticated terminal is maintained, and the terminal information of the authenticated terminal is The confirmation information used to keep the terminal access is saved to the access record table.
当步骤S12中在预设时间内未收到来自用户的接入控制指令时,确认对已认证终端进行接入限制处理,即确认断开所述已认证终端的无线网络连接。此时,可以将已认证终端的终端信息和用来拒绝终端接入的确认信息保存至接入记录表,也可以不保存。When the access control instruction from the user is not received within the preset time in step S12, it is confirmed that the access restriction processing is performed on the authenticated terminal, that is, the wireless network connection of the authenticated terminal is disconnected. At this time, the terminal information of the authenticated terminal and the confirmation information for denying the terminal access may be saved to the access record table, or may not be saved.
本实施例基于目前限制不明终端(即非法终端)接入无线网络的缺陷和不足,通过接入无线网络的终端的信息,再次判定终端的合法性,使用户免受蹭网带来的流量损失和速率分流带来的体验下降问题。The present embodiment is based on the defects and deficiencies of the current limited access terminal (ie, an illegal terminal) accessing the wireless network, and the information of the terminal accessing the wireless network is used to determine the legality of the terminal again, so that the user is protected from the traffic loss caused by the wireless network. And the experience of rate diversion brings down the problem.
图2是本发明第一实施例提供的无线网络接入装置框图,如图2所示,包括信息获取模块11、信息收发模块12和接入控制模块13。2 is a block diagram of a wireless network access device according to a first embodiment of the present invention. As shown in FIG. 2, the information includes an information acquiring module 11, an information transceiver module 12, and an access control module 13.
信息获取模块11设置成:当无线网络中初次接入已认证终端时,获取所述已认证终端的终端信息,所述终端信息包括终端的MAC地址和主机名等。The information obtaining module 11 is configured to acquire terminal information of the authenticated terminal when the authenticated terminal is first accessed in the wireless network, where the terminal information includes a MAC address and a host name of the terminal.
信息收发模块12设置成:将所述已认证终端的终端信息上报至用户,并等待接收来自用户的接入控制指令。The information transceiver module 12 is configured to: report the terminal information of the authenticated terminal to the user, and wait to receive an access control instruction from the user.
接入控制模块13设置成:根据所述来自用户的接入控制指令,确认是否断开所述已认证终端的无线网络连接。The access control module 13 is configured to confirm whether to disconnect the wireless network connection of the authenticated terminal according to the access control command from the user.
具体地说,当接入控制指令是用来限制终端接入的指令时,接入控制模 块13确认对已认证终端进行接入限制处理,即确认断开所述已认证终端的无线网络连接,并将已认证终端的终端信息和用来拒绝终端接入的确认信息保存至接入记录表;当接入控制指令是用来保持终端接入的指令时,接入控制模块13确认对已认证终端不进行接入限制处理,即确认保持所述已认证终端的无线网络连接,并将已认证终端的终端信息和用来保持终端接入的确认信息保存至接入记录表;当信息收发模块12在预设时间内未收到来自用户的接入控制指令时,接入控制模块13确认对已认证终端进行接入限制处理,即确认断开所述已认证终端的无线网络连接,可以将已认证终端的终端信息和用来拒绝终端接入的确认信息保存至接入记录表。Specifically, when the access control command is an instruction for restricting terminal access, the access control module Block 13 confirms that the authenticated terminal performs an access restriction process, that is, confirms that the wireless network connection of the authenticated terminal is disconnected, and saves the terminal information of the authenticated terminal and the confirmation information for rejecting the terminal access to the access record. When the access control command is an instruction to maintain terminal access, the access control module 13 confirms that the authenticated terminal does not perform access restriction processing, that is, confirms that the wireless network connection of the authenticated terminal is maintained, and The terminal information of the authenticated terminal and the confirmation information for maintaining the terminal access are saved to the access record table. When the information transceiver module 12 does not receive the access control command from the user within the preset time, the access control module 13 It is confirmed that the access restriction processing is performed on the authenticated terminal, that is, the wireless network connection of the authenticated terminal is disconnected, and the terminal information of the authenticated terminal and the confirmation information for denying the terminal access can be saved to the access record table.
本实施例基于目前终端和热点认证连接过程中的一些特性,在有终端接入时,可以明确给用户以提示,增加人机交互功能,从而交给用户判断是否是合法终端,可以从根本上杜绝非法终端蹭网。This embodiment is based on some characteristics of the current terminal and hotspot authentication connection process. When a terminal accesses, the user can be prompted to increase the human-computer interaction function, and then the user is judged whether it is a legitimate terminal, and can be fundamentally Eliminate illegal terminal network.
图3是本发明第一实施例提供的无线网络接入流程图,如图3所示,步骤包括:FIG. 3 is a flowchart of wireless network access according to the first embodiment of the present invention. As shown in FIG. 3, the steps include:
步骤S21:用户开启热点,系统初始化完成,热点定期发送信标帧以供终端搜索到,同时循环等待底层上报的终端接入事件。此时,当有终端发出接入请求时,按照802.11协议规范进行认证连接,如果终端用户输入了正确的密码,基本上该终端都可以保证成功连接。当终端成功接入当前热点后,获取所述终端信息,如MAC地址、主机名称、分配IP等信息。Step S21: The user turns on the hotspot, and the system is initialized. The hotspot periodically sends the beacon frame for the terminal to search, and the loop waits for the terminal access event reported by the bottom layer. At this time, when a terminal issues an access request, the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure a successful connection. After the terminal successfully accesses the current hotspot, the terminal obtains information about the terminal, such as a MAC address, a host name, and an assigned IP address.
步骤S22:将终端信息上报给UI界面,由用户确认是否拒绝接入该终端。UI界面弹出对话框,实际中还可以发出特定的提示音提醒用户做出选择;选项分为允许保持当前连接还是拒绝,用户根据接入终端的MAC地址,结合主机名基本可以确认出是否是自己接入的终端。Step S22: The terminal information is reported to the UI interface, and the user confirms whether to refuse to access the terminal. The UI interface pops up a dialog box. In practice, a specific prompt tone can be issued to remind the user to make a selection. The option is divided into whether to allow the current connection or the rejection. The user can basically confirm whether it is himself or not based on the MAC address of the access terminal and the host name. Access terminal.
步骤S23:等待接收来自用户的接入控制指令。Step S23: Waiting to receive an access control instruction from the user.
步骤S24:判断是否收到接入控制指令,如果收到,执行步骤S26,否则执行步骤S25。Step S24: It is judged whether an access control instruction is received, and if yes, step S26 is performed, otherwise step S25 is performed.
步骤S25:判断是否超时。Step S25: determining whether it is timed out.
如果用户在预设时间内,例如1分钟内,没有任何操作(即在预设时间 内未收到接入控制指令),则默认选择拒绝终端接入,执行步骤S28,否则执行步骤S23。If the user is within a preset time, for example, within 1 minute, there is no operation (ie at the preset time) If the access control command is not received, the terminal access is denied by default, and step S28 is performed; otherwise, step S23 is performed.
步骤S26:判断所收到接入控制指令是用来限制终端接入的指令还是用来保持终端接入的指令,如果是用来限制终端接入的指令,则执行步骤S28,否则,执行步骤S27。Step S26: determining whether the received access control command is used to restrict the terminal access instruction or the instruction for maintaining the terminal access. If the instruction is used to restrict the terminal access, step S28 is performed; otherwise, the step is performed. S27.
步骤S27:当所述接入控制指令是用来保持终端接入的指令时,确认对所述已认证终端不进行接入限制处理,即确认保持所述已认证终端的当前无线网络连接,并保存终端信息和用来保持终端接入的确认信息。Step S27: When the access control instruction is an instruction for maintaining terminal access, confirming that the authenticated terminal does not perform access restriction processing, that is, confirming that the current wireless network connection of the authenticated terminal is maintained, and The terminal information and the confirmation information for maintaining the terminal access are saved.
步骤S28:当所述接入控制指令是用来限制终端接入的指令时,确认对所述已认证终端进行接入限制处理,即确认断开所述已认证终端的当前无线网络连接,并将所述已认证终端的终端信息和用来拒绝终端接入的确认信息保存至接入记录表。Step S28: When the access control instruction is an instruction for restricting terminal access, confirming that the authenticated terminal performs an access restriction process, that is, confirming disconnection of the current wireless network connection of the authenticated terminal, and The terminal information of the authenticated terminal and the confirmation information for rejecting the terminal access are saved to the access record table.
第二实施例Second embodiment
图4是本发明第二实施例提供的无线网络接入方法原理框图,与图1所示第一实施例比较,图4提供的第二实施例增加以下步骤:4 is a schematic block diagram of a wireless network access method according to a second embodiment of the present invention. Compared with the first embodiment shown in FIG. 1, the second embodiment provided in FIG. 4 adds the following steps:
步骤S14:当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息。Step S14: When the authenticated terminal is re-accessed in the wireless network, the terminal information of the authenticated terminal is searched in the access record table.
步骤S15:按照所找到的终端信息对应的用来限制终端接入的确认信息,判定断开所述已认证终端的无线网络连接,或者按照所找到的终端信息对应的用来保持终端接入的确认信息,判定保持所述已认证终端的无线网络连接。Step S15: determining to disconnect the wireless network connection of the authenticated terminal according to the acknowledgment information for restricting terminal access corresponding to the found terminal information, or to maintain the terminal access according to the found terminal information. The confirmation information determines that the wireless network connection of the authenticated terminal is maintained.
由于第一实施例中在接入记录表中已经保存了该终端的终端信息以及用来保持/拒绝终端接入的确认信息,因此该终端通过认证再次接入无线热点时,可以在接入记录表中查找其终端信息,并在找到该终端的终端信息后,按照终端信息对应的确认信息确认是否断开无线网络连接。Since the terminal information of the terminal and the acknowledgment information for maintaining/rejecting the terminal access have been saved in the access record table in the first embodiment, when the terminal accesses the wireless hotspot again through authentication, the access record can be accessed. Find the terminal information in the table, and after finding the terminal information of the terminal, confirm whether to disconnect the wireless network according to the confirmation information corresponding to the terminal information.
图5是本发明第二实施例提供的无线网络接入装置框图,与图2所示第一实施例比较,图5提供的第二实施例增加以下模块:FIG. 5 is a block diagram of a wireless network access device according to a second embodiment of the present invention. Compared with the first embodiment shown in FIG. 2, the second embodiment provided in FIG. 5 adds the following modules:
信息查询模块14设置成:当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息。 The information querying module 14 is configured to: when the authenticated terminal is re-accessed in the wireless network, look up the terminal information of the authenticated terminal in the access record table.
接入判定模块15设置成:按照所找到的终端信息对应的用来限制终端接入的确认信息,判定断开所述已认证终端的无线网络连接,或者按照所找到的终端信息对应的用来保持终端接入的确认信息,判定保持所述已认证终端的无线网络连接。The access determining module 15 is configured to: determine, according to the found terminal information, the acknowledgment information for restricting the access of the terminal, disconnect the wireless network connection of the authenticated terminal, or use the corresponding terminal information according to the found terminal information. The acknowledgment information of the terminal access is maintained, and it is determined that the wireless network connection of the authenticated terminal is maintained.
具体地说,已认证终端通过认证再次接入无线热点时,信息查询模块14在接入记录表中找到所述已认证终端的终端信息时,接入判定模块14设置成:按照所述终端信息对应的确认信息,判定是否对所述已认证终端进行接入限制处理,即是否断开所述已认证终端的无线网络连接。Specifically, when the authenticated terminal accesses the wireless hotspot again by the authentication, the information querying module 14 finds the terminal information of the authenticated terminal in the access record table, and the access determining module 14 is configured to: follow the terminal information. Corresponding confirmation information determines whether or not the access restriction process is performed on the authenticated terminal, that is, whether the wireless network connection of the authenticated terminal is disconnected.
图6是本发明第二实施例提供的无线网络接入流程图,如图6所示,步骤包括:FIG. 6 is a flowchart of wireless network access according to a second embodiment of the present invention. As shown in FIG. 6, the steps include:
步骤S31:用户开启热点,系统初始化完成。热点定期发送信标帧以供终端搜索到,同时循环等待底层上报的终端接入事件。当有终端发出接入请求时,按照802.11协议规范进行认证连接,如果终端用户输入了正确的密码,基本上该终端都可以保证成功连接。当终端成功接入当前热点后,获取所述终端信息,如MAC地址、主机名称、分配IP等信息。Step S31: The user turns on the hotspot, and the system initialization is completed. The hotspot periodically sends a beacon frame for the terminal to search for, while waiting for the terminal access event reported by the bottom layer. When a terminal issues an access request, the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure a successful connection. After the terminal successfully accesses the current hotspot, the terminal obtains information about the terminal, such as a MAC address, a host name, and an assigned IP address.
步骤S32:在接入记录表中查找该终端信息。Step S32: Find the terminal information in the access record table.
步骤S33:判断在接入记录表中是否找到该终端信息,即判断该终端信息是否已保存,若已保存在接入记录表中,则执行步骤S34,否则执行图3所示实施例的步骤S22。Step S33: determining whether the terminal information is found in the access record table, that is, determining whether the terminal information has been saved, if it is saved in the access record table, executing step S34, otherwise performing the steps of the embodiment shown in FIG. S22.
步骤S34:获取已保存的终端信息对应的确认信息,并判断所述确认信息是否是用来拒绝终端接入的确认信息,若是,则执行步骤S36,否则,执行步骤S35。Step S34: Acquire the confirmation information corresponding to the saved terminal information, and determine whether the confirmation information is confirmation information for rejecting the terminal access. If yes, execute step S36; otherwise, execute step S35.
步骤S35:保持当前连接。Step S35: Maintain the current connection.
步骤S36:断开当前连接。Step S36: Disconnect the current connection.
第三实施例Third embodiment
图7是本发明第三实施例提供的无线网络接入流程图,如图7所示,步骤包括:FIG. 7 is a flowchart of wireless network access according to a third embodiment of the present invention. As shown in FIG. 7, the steps include:
步骤S201:用户开启热点,系统初始化完成。 Step S201: The user turns on the hotspot, and the system initialization is completed.
步骤S202:热点周期性广播信标帧以供终端搜索到,同时循环等待底层上报的事件。Step S202: The hotspot periodically broadcasts the beacon frame for the terminal to search for, while waiting for the event reported by the bottom layer.
步骤S203:当有终端请求接入时,按照802.11协议规范进行认证连接,如果终端用户输入了正确的密码,基本上该终端都可以保证成功连接。Step S203: When a terminal requests access, the authentication connection is performed according to the 802.11 protocol specification. If the terminal user inputs the correct password, the terminal can basically ensure successful connection.
步骤S204:当终端成功接入当前热点后,获取所述终端的连接信息(即终端信息),如MAC地址、主机名称、分配IP等信息,并保存该信息。Step S204: After the terminal successfully accesses the current hotspot, obtain the connection information (ie, terminal information) of the terminal, such as a MAC address, a host name, an assigned IP, and the like, and save the information.
步骤S205:将该信息上报给UI界面,由用户判定是否拒绝接入该终端。Step S205: The information is reported to the UI interface, and the user determines whether to refuse to access the terminal.
所述UI界面可以设置在热点上,也可以设置在合法终端上,还可以独立设置,此外,为了使用户能够及时了解接入其无线网络的终端,还可以进行声和/或光报警。The UI interface may be set on the hotspot, or may be set on the legal terminal, or may be set independently. In addition, in order to enable the user to know the terminal accessing the wireless network in time, an audible and/or optical alarm may also be performed.
步骤S206:UI界面弹出对话框,实际中还可以发出特定的提示音提醒用户做出选择;选项分为允许保持当前连接还是拒绝,用户根据接入终端的MAC地址,结合主机名基本可以判断出是否是自己接入的终端,如果不是,就选择拒绝,并执行步骤S207,如果用户1分钟内没有任何操作,默认选择拒绝,执行步骤S207。Step S206: The UI interface pops up a dialog box, and in actuality, a specific prompt tone may be issued to remind the user to make a selection; the option is divided into whether to allow the current connection or the rejection, and the user can basically judge according to the MAC address of the access terminal and the host name. Whether it is a terminal that is accessed by itself, if not, it selects rejection, and step S207 is performed. If the user does not have any operation within 1 minute, the default selection is rejected, and step S207 is performed.
如果用户判断出是自己接入的终端,就选择保持当前连接。If the user determines that he is a terminal that he has accessed, he chooses to keep the current connection.
步骤S207:保存被拒终端的信息,包括终端信息和用来拒绝终端接入的确认信息。Step S207: The information of the rejected terminal is saved, including terminal information and confirmation information for denying terminal access.
步骤S208:做出选择后触发进入对于当前接入终端的判断流程,如果当前接入终端被用户选择拒绝或者默认拒绝过,发出断开指令,即限制终端接入的接入控制指令,否则,发出保持指令,即保持终端接入的接入控制指令。Step S208: After making a selection, triggering to enter a judgment flow for the current access terminal. If the current access terminal is rejected by the user or rejected by default, a disconnection instruction is issued, that is, an access control instruction for restricting the terminal access, otherwise, A hold command is issued, that is, an access control command that maintains terminal access.
步骤S209:接收到该断开指令后,具体实现时可用芯片厂家提供的特定命令将当前已连接的终端踢出去,断开连接。Step S209: After receiving the disconnection instruction, the specific connected terminal can be kicked out and disconnected by a specific command provided by the chip manufacturer during the specific implementation.
步骤S210:接收到该保持指令后,保持当前连接。Step S210: After receiving the hold command, the current connection is maintained.
从上面的步骤和实现可以看出本实施例的特点在于:1.用户参与判断合法或非法终端;2.对于那些恶意接入的用户或者蹭网的用户,接入刚好暴漏了自己的终端信息,本实施例将其踢出网络的同时,还能够利用终端信息有效防止其再次接入。 It can be seen from the above steps and implementation that the features of the embodiment are: 1. The user participates in judging a legal or illegal terminal; 2. For those users who are maliciously accessed or users of the network, the access just leaks its own terminal. The information, when kicked out of the network by this embodiment, can also effectively prevent the terminal from being accessed again by using the terminal information.
图8是本发明第三实施例提供的无线网络接入的各功能模块之间的交互示意图,如图8所示,包括:Wi-Fi认证连接模块21、Wi-Fi监控模块22、人机交互界面23、限制终端信息保存模块24、终端信息判断模块25和断开终端模块26,实现了图2和图5各模块的功能。FIG. 8 is a schematic diagram of interaction between functional modules of a wireless network access according to a third embodiment of the present invention. As shown in FIG. 8, the method includes: a Wi-Fi authentication connection module 21, a Wi-Fi monitoring module 22, and a human machine. The interactive interface 23, the restricted terminal information saving module 24, the terminal information determining module 25, and the disconnected terminal module 26 implement the functions of the modules of FIGS. 2 and 5.
Wi-Fi认证连接模块21主要处理Wi-Fi连接请求,处理基本的认证流程最终完成连接,同时主要记录下当前接入终端的MAC地址,并解析出终端的主机名等信息。The Wi-Fi authentication connection module 21 mainly processes the Wi-Fi connection request, processes the basic authentication process, and finally completes the connection, and mainly records the MAC address of the current access terminal, and parses out the host name and other information of the terminal.
Wi-Fi监控模块22对Wi-Fi的不同状态进行监测,当检测到有客户端接入时将此客户端接入的信息上报给人机交互界面23。The Wi-Fi monitoring module 22 monitors different states of the Wi-Fi, and reports the information accessed by the client to the human-machine interaction interface 23 when a client access is detected.
人机交互界面23主要实现当接收到有客户端接入的信息时弹出对话框让用户选择允许或者拒绝连接,并实现一种自动机制,用户无操作一段时间后默认为拒绝此连接。The human-computer interaction interface 23 mainly implements a pop-up dialog box for the user to select whether to allow or deny the connection when receiving the information of the client access, and implements an automatic mechanism. The user refuses the connection by default after a period of no operation.
限制终端信息保存模块24当用户通过用户交互界面选择了拒绝终端保持连接后,将拒绝的终端信息保存到一个特定的限制文件里。The restriction terminal information saving module 24 saves the rejected terminal information into a specific restriction file after the user selects the rejection terminal to maintain the connection through the user interaction interface.
终端信息判断模块25结合当前接入的终端信息和从限制文件里读到的终端信息进行比对,如果在限制文件里发现了当前接入的终端信息,立刻发送主动踢掉此终端的命令。The terminal information judging module 25 compares the currently accessed terminal information with the terminal information read from the restriction file. If the currently accessed terminal information is found in the restriction file, the command to actively kick off the terminal is immediately sent.
断开终端模块26接收到踢掉此终端的命令后,主动断开当前的连接。After disconnecting the terminal module 26 to receive the command to kick off the terminal, the disconnected terminal module 26 actively disconnects the current connection.
本实施例中,有终端接入时,需要将此信息反馈给上层,让用户选择允许或拒绝;另外,需要标记此终端MAC,主机名等信息,防止用户拒绝后此终端再次接入带来的麻烦。In this embodiment, when there is a terminal access, the information needs to be fed back to the upper layer, so that the user selects permission or rejection. In addition, information such as the MAC address and the host name of the terminal needs to be marked to prevent the terminal from being accessed again after the user refuses to access the terminal. Trouble.
以上就是本发明实施例的具体流程,当然不限于这个实现。随着无线网络的发展,网络的安全性也会随之提高,而破解网络的技术也会有所改变,本发明的方法也需要相应的做出变化,但是文中引入的用户参与判断的思想在系统设定的机制遇到瓶颈时,无疑将有效发挥作用,进一步保证网络安全。The above is the specific flow of the embodiment of the present invention, and is of course not limited to this implementation. With the development of wireless networks, the security of the network will also increase, and the technology of cracking the network will also change. The method of the present invention also needs to be changed accordingly, but the idea of user participation judgment introduced in the text is When the mechanism set by the system encounters a bottleneck, it will undoubtedly play an effective role to further ensure network security.
本发明实施例还公开了一种计算机程序,包括程序指令,当该程序指令被计算机执行时,使得该计算机可执行上述任意的无线网络接入方法。The embodiment of the invention also discloses a computer program, comprising program instructions, which when executed by a computer, enable the computer to perform any of the above wireless network access methods.
本发明实施例还公开了一种载有所述计算机程序的载体。 The embodiment of the invention also discloses a carrier carrying the computer program.
综上所述,本发明技术方案具有以下技术效果:In summary, the technical solution of the present invention has the following technical effects:
1、当有终端接入无线网络时,终端信息能够上报用户交互界面,甚至发出提示音,按键选择保持或拒绝终端接入,快速方便;1. When a terminal accesses the wireless network, the terminal information can be reported to the user interaction interface, and even a prompt tone is issued, and the button is selected to maintain or reject the terminal access, which is fast and convenient;
2、MAC地址、主机名等终端信息的标记功能使得不明终端(非法终端)暴露身份,难以再次接入。2. The marking function of the terminal information such as the MAC address and the host name causes the unknown terminal (illegal terminal) to expose the identity and is difficult to access again.
尽管上文对本发明进行了详细说明,但是本发明不限于此,本技术领域技术人员可以根据本发明的原理进行各种修改。因此,凡按照本发明原理所作的修改,都应当理解为落入本发明的保护范围。Although the invention has been described in detail above, the invention is not limited thereto, and various modifications may be made by those skilled in the art in accordance with the principles of the invention. Therefore, modifications made in accordance with the principles of the invention are to be understood as falling within the scope of the invention.
工业实用性Industrial applicability
本发明技术方案提出的限制接入机制,即使非法用户接入热点,仍可以通过人为判断将其“赶出去”,虽然人机交互带来了额外的工作,但是当机器无能为力时,人为的操作更可靠。因此本发明具有很强的工业实用性。 The restricted access mechanism proposed by the technical solution of the present invention can "catch out" by illegal judgment even if an illegal user accesses a hot spot, although human-computer interaction brings extra work, but when the machine is powerless, the human operation more reliable. Therefore, the present invention has strong industrial applicability.

Claims (12)

  1. 一种无线网络接入方法,包括:A wireless network access method includes:
    当无线网络中接入已认证终端时,获取所述已认证终端的终端信息;Obtaining terminal information of the authenticated terminal when accessing the authenticated terminal in the wireless network;
    将所述已认证终端的终端信息上报至用户接口,并接收用户通过该用户接口输入的接入控制指令;And uploading the terminal information of the authenticated terminal to the user interface, and receiving an access control instruction input by the user through the user interface;
    根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接。Disconnecting or maintaining a wireless network connection of the authenticated terminal according to the access control instruction.
  2. 根据权利要求1所述的无线网络接入方法,其中,所述根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接的步骤包括:The wireless network access method according to claim 1, wherein the step of disconnecting or maintaining the wireless network connection of the authenticated terminal according to the access control instruction comprises:
    当所述接入控制指令是用来限制终端接入的指令时,断开所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和断开信息保存至接入记录表。When the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
  3. 根据权利要求1所述的无线网络接入方法,其中,所述根据所述接入控制指令,确认是否断开所述已认证终端的无线网络连接的步骤包括:The wireless network access method according to claim 1, wherein the step of confirming whether to disconnect the wireless network connection of the authenticated terminal according to the access control instruction comprises:
    当所述接入控制指令是用来保持终端接入的指令时,保持所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和保持信息保存至接入记录表。And when the access control instruction is an instruction for maintaining terminal access, maintaining a wireless network connection of the authenticated terminal, and saving the terminal information and the hold information of the authenticated terminal to an access record table.
  4. 根据权利要求1-3中任一项所述的无线网络接入方法,该方法还包括:The wireless network access method according to any one of claims 1 to 3, further comprising:
    若在预设时间内未收到来自用户的接入控制指令,则断开所述已认证终端的无线网络连接。If the access control command from the user is not received within the preset time, the wireless network connection of the authenticated terminal is disconnected.
  5. 根据权利要求2或3所述的无线网络接入方法,该方法还包括:The wireless network access method according to claim 2 or 3, further comprising:
    当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息;When the authenticated terminal is re-accessed in the wireless network, the terminal information of the authenticated terminal is searched in the access record table;
    按照所找到的终端信息对应的断开信息,断开所述已认证终端的无线网络连接,或者按照所找到的终端信息对应的保持信息,保持所述已认证终端的无线网络连接。And disconnecting the wireless network connection of the authenticated terminal according to the disconnected information corresponding to the found terminal information, or maintaining the wireless network connection of the authenticated terminal according to the retained information corresponding to the found terminal information.
  6. 一种无线网络接入装置,包括信息获取模块、信息收发模块和接入控制模块,其中: A wireless network access device includes an information acquisition module, an information transceiver module, and an access control module, wherein:
    所述信息获取模块设置成:当无线网络中接入已认证终端时,获取所述已认证终端的终端信息;The information acquiring module is configured to: when accessing the authenticated terminal in the wireless network, acquire terminal information of the authenticated terminal;
    所述信息收发模块设置成:将所述已认证终端的终端信息上报至用户接口,并接收用户通过用户接口输入的接入控制指令;The information transceiver module is configured to: report terminal information of the authenticated terminal to a user interface, and receive an access control instruction input by the user through the user interface;
    所述接入控制模块设置成:根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接。The access control module is configured to: disconnect or maintain a wireless network connection of the authenticated terminal according to the access control instruction.
  7. 根据权利要求6所述的无线网络接入装置,其中,所述接入控制模块设置成按照如下方式根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接:The wireless network access device according to claim 6, wherein the access control module is configured to disconnect or maintain a wireless network connection of the authenticated terminal according to the access control instruction as follows:
    在所述接入控制指令是用来限制终端接入的指令时,断开所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和断开信息保存至接入记录表。When the access control instruction is an instruction for restricting terminal access, disconnecting the wireless network connection of the authenticated terminal, and saving terminal information and disconnection information of the authenticated terminal to an access record table .
  8. 根据权利要求6所述的无线网络接入装置,其中,所述接入控制模块设置成按照如下方式根据所述接入控制指令,断开或保持所述已认证终端的无线网络连接:The wireless network access device according to claim 6, wherein the access control module is configured to disconnect or maintain a wireless network connection of the authenticated terminal according to the access control instruction as follows:
    在所述接入控制指令是用来保持终端接入的指令时,保持所述已认证终端的无线网络连接,并将所述已认证终端的终端信息和保持信息保存至接入记录表。When the access control instruction is an instruction for maintaining terminal access, the wireless network connection of the authenticated terminal is maintained, and the terminal information and the hold information of the authenticated terminal are saved to the access record table.
  9. 根据权利要求6-8中任一项所述的无线网络接入装置,其中,所述信息收发模块在预设时间内未收到来自用户的接入控制指令时,所述接入控制模块还设置成:断开所述已认证终端的无线网络连接。The wireless network access device according to any one of claims 6-8, wherein, when the information transceiving module does not receive an access control instruction from a user within a preset time, the access control module further Set to: disconnect the wireless network connection of the authenticated terminal.
  10. 根据权利要求7或8所述的无线网络接入装置,该装置还包括信息查询模块和接入判定模块,其中:The wireless network access device according to claim 7 or 8, further comprising an information query module and an access decision module, wherein:
    所述信息查询模块设置成:当无线网络中再次接入所述已认证终端时,在所述接入记录表中查找所述已认证终端的终端信息;The information querying module is configured to: when the authenticated terminal is re-accessed in the wireless network, look up the terminal information of the authenticated terminal in the access record table;
    所述接入判定模块设置成:按照所找到的终端信息对应的断开信息,断开所述已认证终端的无线网络连接,或者,按照所找到的终端信息对应的保持信息,保持所述已认证终端的无线网络连接。 The access determination module is configured to: disconnect the wireless network connection of the authenticated terminal according to the disconnection information corresponding to the found terminal information, or keep the already-maintained information according to the found terminal information The wireless network connection of the authentication terminal.
  11. 一种计算机程序,包括程序指令,当该程序指令被计算机执行时,使得该计算机可执行如权利要求1-5中任一项所述的无线网络接入方法。A computer program comprising program instructions which, when executed by a computer, cause the computer to perform the wireless network access method of any of claims 1-5.
  12. 一种载有如权利要求11所述计算机程序的载体。 A carrier carrying the computer program of claim 11.
PCT/CN2015/079836 2014-11-24 2015-05-26 Wireless network access method and apparatus WO2016082500A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410682775.1 2014-11-24
CN201410682775.1A CN105704780A (en) 2014-11-24 2014-11-24 Wireless network access method and device

Publications (1)

Publication Number Publication Date
WO2016082500A1 true WO2016082500A1 (en) 2016-06-02

Family

ID=56073509

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/079836 WO2016082500A1 (en) 2014-11-24 2015-05-26 Wireless network access method and apparatus

Country Status (2)

Country Link
CN (1) CN105704780A (en)
WO (1) WO2016082500A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106604278B (en) * 2016-12-14 2020-10-13 炫彩互动网络科技有限公司 Multi-authority mobile network sharing method
CN107707571A (en) * 2017-11-15 2018-02-16 江苏神州信源系统工程有限公司 A kind of method and apparatus for managing network external connection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1604523A (en) * 2003-09-30 2005-04-06 华为技术有限公司 Network access method for wireless terminal
CN102572799A (en) * 2011-12-29 2012-07-11 华为终端有限公司 Method for acquiring network connection information of client terminal accessing Wi-Fi spot and terminal
CN102883315A (en) * 2012-08-28 2013-01-16 中兴通讯股份有限公司 Wireless fidelity (WiFi) authentication method and system, and terminal
CN103415016A (en) * 2013-07-05 2013-11-27 惠州Tcl移动通信有限公司 Mobile WIFI hotspot connection processing method and system
CN103813330A (en) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 Communication terminal and system and authority management method
CN103987130A (en) * 2014-05-16 2014-08-13 北京奇虎科技有限公司 Terminal access method, device and system based on WIFI equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
CN102316457A (en) * 2011-09-21 2012-01-11 中国联合网络通信集团有限公司 Method for monitoring illegal access device and apparatus thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1604523A (en) * 2003-09-30 2005-04-06 华为技术有限公司 Network access method for wireless terminal
CN102572799A (en) * 2011-12-29 2012-07-11 华为终端有限公司 Method for acquiring network connection information of client terminal accessing Wi-Fi spot and terminal
CN102883315A (en) * 2012-08-28 2013-01-16 中兴通讯股份有限公司 Wireless fidelity (WiFi) authentication method and system, and terminal
CN103813330A (en) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 Communication terminal and system and authority management method
CN103415016A (en) * 2013-07-05 2013-11-27 惠州Tcl移动通信有限公司 Mobile WIFI hotspot connection processing method and system
CN103987130A (en) * 2014-05-16 2014-08-13 北京奇虎科技有限公司 Terminal access method, device and system based on WIFI equipment

Also Published As

Publication number Publication date
CN105704780A (en) 2016-06-22

Similar Documents

Publication Publication Date Title
US11089476B2 (en) Network access control method and apparatus
US11741210B2 (en) Proximity unlock and lock operations for electronic devices
US11729594B2 (en) Network access method, device, and system
JP6599341B2 (en) Method, device and system for dynamic network access management
US20120036557A1 (en) Wi-fi access method, access point and wi-fi access system
WO2016078301A1 (en) Wireless network access method and access apparatus, client and storage medium
CN104765990B (en) The setting method and device of intelligent device management account
US9226336B2 (en) Wireless network area limiting method and system based on near field communication
EP1589703B1 (en) System and method for accessing a wireless network
WO2015101125A1 (en) Network access control method and device
US20150026774A1 (en) Access authentication method and device for wireless local area network hotspot
KR102150659B1 (en) A method for discovering devices based on a location information and apparatus thereof
KR20130044922A (en) Method and apparatus for wi-fi connecting using wi-fi protected setup in a portable terminal
JP2016541082A (en) Connection management method, apparatus, electronic equipment, program, and recording medium
WO2018010425A1 (en) Method and apparatus for pushing and receiving wi-fi hotspot information, and storage medium
US20150180832A1 (en) System and method for controlling virtual private network access
WO2015196679A1 (en) Authentication method and apparatus for wireless access
WO2016082500A1 (en) Wireless network access method and apparatus
WO2017032346A1 (en) Wireless security-based client computer self-connection protection method and system
CN114245403A (en) Equipment network distribution method and device, electronic equipment and storage medium
WO2016061980A1 (en) Wlan sharing method and system, and wlan sharing registration server
WO2016061981A1 (en) Wlan sharing method and system, and wlan sharing registration server
CN113507708A (en) Screen projection method and screen projection system
CN108076009B (en) Resource sharing method, device and system
JP2016025598A (en) Radio signal transceiver and radio signal transmission/reception control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862216

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862216

Country of ref document: EP

Kind code of ref document: A1