WO2016184380A1 - Procédé et dispositif de traitement pour un accès à un réseau - Google Patents

Procédé et dispositif de traitement pour un accès à un réseau Download PDF

Info

Publication number
WO2016184380A1
WO2016184380A1 PCT/CN2016/082354 CN2016082354W WO2016184380A1 WO 2016184380 A1 WO2016184380 A1 WO 2016184380A1 CN 2016082354 W CN2016082354 W CN 2016082354W WO 2016184380 A1 WO2016184380 A1 WO 2016184380A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
access
information
network
predetermined
Prior art date
Application number
PCT/CN2016/082354
Other languages
English (en)
Chinese (zh)
Inventor
范贤友
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016184380A1 publication Critical patent/WO2016184380A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Definitions

  • Wi-Fi wireless network such as the wireless network provided by a hotel
  • invading the Wi-Fi wireless network and stealing the bandwidth of other Internet-enabled terminals not only increases the network security risk, but also affects the network experience of the guests and reduces the network speed. It can be seen that there is a network in the related art. The problem of low access control efficiency.
  • the location information includes at least one of the following: a media access control MAC address of a Wi-Fi signal transmitting end carried by the Wi-Fi signal detected by the terminal, and a Wi-Fi signal detected by the terminal.
  • a media access control MAC address of a Wi-Fi signal transmitting end carried by the Wi-Fi signal detected by the terminal and a Wi-Fi signal detected by the terminal.
  • a method for processing an access network including: receiving location information of a terminal; determining, according to the location information, whether the terminal is within a target range of a predetermined network; and controlling the location according to the determination result The terminal accesses the predetermined network.
  • the processing method further includes: receiving, by the router, Determining token information, wherein the predetermined token information is sent by the router after receiving the predetermined token information sent by the terminal; verifying the predetermined token information and token information sent to the terminal Whether the agreement is consistent; if the verification result is consistent, the terminal allows access information of the predetermined network to be sent to the router.
  • the location information includes at least one of the following: a media access control MAC address of a Wi-Fi signal transmitting end carried by the Wi-Fi signal detected by the terminal, and a Wi-Fi signal detected by the terminal.
  • a media access control MAC address of a Wi-Fi signal transmitting end carried by the Wi-Fi signal detected by the terminal and a Wi-Fi signal detected by the terminal.
  • the location information of the terminal is sent to the authentication server, and the determination result returned by the authentication server according to the location information is received, where the determination result is used to identify whether the terminal is within the target range of the predetermined network. And determining, according to the determination result, whether the terminal is allowed to access the predetermined network, and solving the problem that the network access control efficiency in the related art is low, thereby achieving an effect of improving network access control efficiency.
  • FIG. 2 is a flowchart of a method for processing a second access network according to an embodiment of the present invention
  • the step of determining, according to the determination result, whether the terminal is allowed to access the predetermined network includes: acquiring token information carried in the determination result; The token information is accessed by the router to the predetermined network.
  • the step of accessing the predetermined network by using the router according to the token information may include: after acquiring the token information, the terminal sends the token information to the router, and the router sends the received token information to the authentication server, and the authentication server The host is allowed to access the predetermined network by comparing the token information sent by the router with the token information sent to the terminal in advance.
  • the terminal When the comparison result is consistent, it is determined that the terminal is in the target range, and the terminal is allowed to access the predetermined network, so that the terminal accesses the predetermined network through the router. If the comparison result is inconsistent, the terminal is not allowed to access the predetermined network. In addition, it intercepts illegal users to access the network and protects the interests of legitimate users. Improve the safety factor of the access network.
  • FIG. 2 is a flowchart of a method for processing a second access network according to an embodiment of the present invention. As shown in FIG. 2, the processing method includes the following steps:
  • Step S202 receiving location information of the terminal
  • the step of controlling the terminal to access the predetermined network according to the foregoing judgment result comprises: sending the token information to the terminal when the determining result is that the terminal is located in the target range, wherein the token information is used for The terminal accesses the predetermined network through the router.
  • the terminal sends information indicating that the terminal accesses the predetermined network. Thereby, the terminal is controlled to access the predetermined network according to the specific location of the terminal.
  • a processing device for accessing the network is further provided, and the device is used to implement the foregoing embodiments and optional implementations, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the terminal device takes the most popular Android mobile phone as an example.
  • the Android system provides an off-the-shelf interface for obtaining the Wi-Fi signal, the Bluetooth signal, and the base station signal of the terminal at the location.
  • the location information that can be used to describe the terminal is very large.
  • the location information of the terminal provided by the Wi-Fi signal is taken as an example in this embodiment, and the actual implementation is not limited thereto.
  • Initial configuration of the AC controller save a list of MAC addresses, the MAC address list is set to allow the terminal to access the network if the source MAC address of the message is received from the terminal, and the source of the message is received from the terminal.
  • the MAC address is not in the MAC address list, and the packet is redirected to the authentication server.
  • the implementation method can first use the iptables rule to perform the destination network address translation (DNAT) to the local processing process. , the local processing process redirects the request to the authentication server, and The redirected link carries information about the Access Controller (AC). Set the validity period for the MAC address in the MAC address list.
  • DNAT destination network address translation
  • Step S802 the terminal sends an arbitrary HTTP request after connecting to the Wi-Fi network.
  • Step S816 After receiving the redirection request from the terminal, the AC controller sends the MAC address, the AC controller identifier, and the token token of the terminal to the authentication server for verification, and is described in the JSON format as follows:
  • Interface 1 used to receive the authentication home page http://auth-server/index that is redirected after the unauthenticated terminal goes online.
  • the heartbeat interface is used to receive a request from the AC controller to query whether the MAC address of the terminal has expired: http://auth-server/alive.
  • the network can be accessed through Wi-Fi or the like.
  • the mobile terminal travels inside and outside the set area, and collects identification and information of Wi-Fi signals/Bluetooth signals, etc. at each position during the process of traveling, and each position will be marked as inside or outside the area, in order to ensure positioning.
  • the effect is to mark and information such as Wi-Fi signals/Bluetooth signals intensively at the edge of the area, and mark and information such as Wi-Fi signals/Bluetooth signals at a slightly larger distance in and outside the area.
  • 9 is a schematic diagram of a sample library and verified points located within and outside a region, respectively, in accordance with an embodiment of the present invention.
  • both the AC controller and the authentication server are implemented in the router, two interfaces are required between the terminal and the router: one is a redirected address that is redirected to when the unauthenticated terminal accesses; The second is to verify the interface.
  • the same address can be used, the entry uses the get instruction action, and the verification uses the post instruction action to distinguish.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function.
  • Embodiments of the invention are not limited to any specific form of combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un dispositif de traitement pour un accès à un réseau. Le procédé consiste à : transmettre des informations de position d'un terminal à un serveur d'authentification ; recevoir un résultat de détermination renvoyé par le serveur d'authentification selon les informations de position, le résultat de détermination étant utilisé pour marquer si le terminal est ou non positionné dans une plage cible d'un réseau planifié ; et déterminer, selon le résultat de détermination, s'il faut ou non permettre au terminal d'accéder au réseau planifié. La solution résout le problème de faible efficacité de commande d'un accès à un réseau existant dans l'état de la technique associé, ce qui permet de réaliser un effet d'amélioration de l'efficacité de commande d'un accès à un réseau.
PCT/CN2016/082354 2015-05-19 2016-05-17 Procédé et dispositif de traitement pour un accès à un réseau WO2016184380A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510257791.0 2015-05-19
CN201510257791.0A CN106162549A (zh) 2015-05-19 2015-05-19 接入网络的处理方法及装置

Publications (1)

Publication Number Publication Date
WO2016184380A1 true WO2016184380A1 (fr) 2016-11-24

Family

ID=57319437

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/082354 WO2016184380A1 (fr) 2015-05-19 2016-05-17 Procédé et dispositif de traitement pour un accès à un réseau

Country Status (2)

Country Link
CN (1) CN106162549A (fr)
WO (1) WO2016184380A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112153645A (zh) * 2019-06-28 2020-12-29 北京奇虎科技有限公司 防蹭网方法和装置、路由器
CN114268955A (zh) * 2021-12-23 2022-04-01 智小途(上海)数字科技有限公司 一种无线通信网络节点信号认知匹配方法与系统
CN115038082A (zh) * 2022-06-08 2022-09-09 上海百功半导体有限公司 一种光通信设备的安全上网控制系统及方法

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911565B (zh) * 2017-03-01 2021-03-16 常州三泰科技有限公司 一种信息数据安全处理的方法及系统
CN107241348A (zh) * 2017-07-13 2017-10-10 上海斐讯数据通信技术有限公司 一种路由器登录的警报方法和系统
CN107613498A (zh) * 2017-10-26 2018-01-19 上海与德科技有限公司 一种网络通讯的连接方法及装置
CN108566440B (zh) * 2018-06-26 2021-06-15 上海尚往网络科技有限公司 一种网络连接方法、设备及存储介质
CN109246854A (zh) * 2018-09-12 2019-01-18 苏州汇恒网络科技有限公司 一种自动更换网络设备信息的方法、装置和网络设备
CN110213769B (zh) * 2019-06-10 2022-11-25 平安科技(深圳)有限公司 一种内网访问方法及相关装置
CN112887968B (zh) * 2019-11-29 2023-11-17 中兴通讯股份有限公司 一种网络设备管理方法、装置、网络管理设备及介质
CN113068113A (zh) * 2019-12-31 2021-07-02 佛山市云米电器科技有限公司 配网方法、配网设备及计算机可读存储介质
CN114339601B (zh) * 2020-10-09 2023-12-26 美的集团股份有限公司 基于uwb的自动配网方法及装置
CN113741330A (zh) * 2021-09-08 2021-12-03 珠海格力电器股份有限公司 基于plc电力线通信技术的联网安全验证系统及方法
CN115396982A (zh) * 2022-07-13 2022-11-25 微网优联科技(成都)有限公司 基于WiFi6路由器的防蹭网方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1673925A (zh) * 2004-03-24 2005-09-28 美国博通公司 基于全球定位系统的安全访问
EP2648126A1 (fr) * 2012-04-05 2013-10-09 LG CNS Co., Ltd. Procédé d'authentification d'utilisateur, serveur et terminal mobile mettant en ýuvre celui-ci
CN104159271A (zh) * 2013-05-15 2014-11-19 华为技术有限公司 边界控制方法、接入控制器和系统
CN104581830A (zh) * 2014-12-23 2015-04-29 大唐移动通信设备有限公司 一种终端设备的接入方法和设备

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8620269B2 (en) * 2007-12-31 2013-12-31 Honeywell International Inc. Defining a boundary for wireless network using physical access control systems
CN101296240B (zh) * 2008-06-20 2012-03-28 中国移动通信集团北京有限公司 一种接入无线网络的认证方法、系统及认证服务器
CN101582769B (zh) * 2009-07-03 2012-07-04 杭州华三通信技术有限公司 用户接入网络的权限设置方法和设备
CN101668293A (zh) * 2009-10-21 2010-03-10 杭州华三通信技术有限公司 Wlan中访问网络权限的控制方法和系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1673925A (zh) * 2004-03-24 2005-09-28 美国博通公司 基于全球定位系统的安全访问
EP2648126A1 (fr) * 2012-04-05 2013-10-09 LG CNS Co., Ltd. Procédé d'authentification d'utilisateur, serveur et terminal mobile mettant en ýuvre celui-ci
CN104159271A (zh) * 2013-05-15 2014-11-19 华为技术有限公司 边界控制方法、接入控制器和系统
CN104581830A (zh) * 2014-12-23 2015-04-29 大唐移动通信设备有限公司 一种终端设备的接入方法和设备

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112153645A (zh) * 2019-06-28 2020-12-29 北京奇虎科技有限公司 防蹭网方法和装置、路由器
CN114268955A (zh) * 2021-12-23 2022-04-01 智小途(上海)数字科技有限公司 一种无线通信网络节点信号认知匹配方法与系统
CN115038082A (zh) * 2022-06-08 2022-09-09 上海百功半导体有限公司 一种光通信设备的安全上网控制系统及方法

Also Published As

Publication number Publication date
CN106162549A (zh) 2016-11-23

Similar Documents

Publication Publication Date Title
WO2016184380A1 (fr) Procédé et dispositif de traitement pour un accès à un réseau
US11552954B2 (en) Private cloud control
US10097546B2 (en) Authentication of a user device using traffic flow information
JP6506871B2 (ja) 無線アクセスポイントのセキュリティおよび品質の評価のためのシステムおよび方法
KR102581559B1 (ko) 다중-경로 검증을 이용한 로그 액세스 지점 검출
CN107005442B (zh) 用于远程接入的方法和装置
US9763099B2 (en) System and method for security and quality assessment of wireless access points
US8594632B1 (en) Device to-device (D2D) discovery without authenticating through cloud
US20180212970A1 (en) Distributed authentication for internet-of-things resources
CN104144163B (zh) 身份验证方法、装置及系统
WO2014113882A1 (fr) Système informatique et procédé pour le géorepérage et le contrôle d'accès à l'intérieur des bâtiments
CN109167780B (zh) 一种控制资源访问的方法、设备、系统和介质
CN109937608B (zh) 从传感器装置采集传感器数据的方法和系统
US20170034164A1 (en) Multifactor authentication for mail server access
US20150103678A1 (en) Identification of user home system in a distributed environment
US20170295167A1 (en) Registering a smart device with a registration device using a multicast protocol
WO2017219748A1 (fr) Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page
US9398002B2 (en) Secure communication during provisioning of a mobile device to stream media content from a media client
US11632366B1 (en) Multi-device authentication
EP3910978B1 (fr) Procédé de détection de faux dispositif et appareil d'entretien de dispositif sans fil
JP7140845B2 (ja) ネットワーク接続をセキュアにするためのデバイスおよび方法
WO2018014555A1 (fr) Procédé et appareil de commande de transmission de données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16795867

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16795867

Country of ref document: EP

Kind code of ref document: A1