WO2017219748A1 - Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page - Google Patents

Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page Download PDF

Info

Publication number
WO2017219748A1
WO2017219748A1 PCT/CN2017/081283 CN2017081283W WO2017219748A1 WO 2017219748 A1 WO2017219748 A1 WO 2017219748A1 CN 2017081283 W CN2017081283 W CN 2017081283W WO 2017219748 A1 WO2017219748 A1 WO 2017219748A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
type
ssid
access
determining
Prior art date
Application number
PCT/CN2017/081283
Other languages
English (en)
Chinese (zh)
Inventor
雷蕊蕊
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017219748A1 publication Critical patent/WO2017219748A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0253Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • the present invention relates to the field of communications, and in particular, to a method for determining access rights, a method for accessing a page, and a device.
  • the WIFI function has the difference between the administrator user and the temporary user.
  • the administrator is the administrator user of the entire access point AP (Access Point).
  • the temporary user is convenient for the temporary visiting user to access the WIFI.
  • the permission of the temporary user has been restricted.
  • the connection time of the temporary user can be modified, for example, the temporary user can be accessed for 1 hour, or the user can be accessed after 2 hours.
  • the MAC address of the Service Trigger Agent is released, which ensures the security of the administrator user.
  • the parameters of the wireless products currently in the market and the routers used by the home are all modified by the Web-UI of the device, and the WEB-UI password has also been attacked by hackers before.
  • the implementation of the related technology for the temporary users is As long as the user successfully accesses the AP, the Web-UI can be opened to perform some operations that the administrator can perform. If the temporary user knows the login password, or if a hacker obtains the login password in a special way, he can log in to the Web-UI of the device, so that important parameters such as network, WIFI, and advanced can be modified, and the rights of the administrator user are seriously threatened. It will cause unnecessary losses to other users connected to the device.
  • the solution in the related art is to limit the access time of the temporary user (by limiting the access time of the MAC address in the temporary user, for example, restricting the temporary user to only access the AP for 1 hour, then the AP is 1 hour later) It will actively kick out the temporary user's MAC address to ensure that the entire AP has the security of the administrator user) to ensure the security of the entire wireless terminal.
  • security awareness is still weak, coupled with the general lack of attention to wireless network security technology in the country, even with administrator users and administrator users
  • the permission settings do not fully guarantee the security and rights of users.
  • the related art also does not provide a better distinguishing method.
  • the embodiment of the invention provides a method for determining access rights, a method for accessing a page, and a device, so as to solve at least the problem that the rights of the administrator user cannot be protected and the individual needs of the administrator user cannot be met when the page is accessed in the related art. .
  • a method for determining an access right including: when the terminal accesses a specified page, acquiring an SSID type of a service set identifier SSID allocated by the terminal access point AP; Determining an access right corresponding to the type;
  • the type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the SSID type of the service set identifier SSID allocated by the terminal access point AP is obtained, and the method further includes: acquiring, from the wireless communication protocol file, indication information indicating the type of the SSID.
  • determining, according to the type, the access rights corresponding to the type includes: invoking a network server service protocol process to obtain the indication information that matches the network server service protocol process.
  • determining the access right corresponding to the type according to the type includes: determining, according to the type of the SSID accessed by the terminal, whether the terminal has the capability of authenticating through an HTTP or HTTPS protocol stack; The ability to determine the access rights.
  • acquiring a service set identifier SSID allocated by the terminal access point AP further includes: acquiring network parameter information of a terminal requesting to establish a wireless communication connection; identifying, according to the network parameter information, a terminal type of the terminal requesting to establish a wireless communication connection; wherein the terminal type includes: management And a temporary user; determining the SSID type corresponding to the terminal type according to the terminal type.
  • a method for accessing a page including: acquiring, by a terminal, an SSID allocated by the wireless routing device for the terminal, and determining a type of the SSID; when the terminal accesses the specified page, according to An access right corresponding to the type of the SSID accesses the specified page.
  • the type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the terminal sends, to the wireless routing device, network parameter information that requests to establish a wireless communication connection, where the network parameter information is used by the wireless routing device to identify a terminal type of the terminal that requests to establish a wireless communication connection,
  • the terminal types include: an administrator user and a temporary user.
  • a wireless routing apparatus including: a first obtaining module, configured to acquire, when the terminal accesses a specified page, a service set identifier SSID allocated for the terminal access point AP The SSID type; the determining module determines the access rights corresponding to the type according to the type.
  • the type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the obtaining module further includes: a first acquiring unit, configured to obtain, from the wireless communication protocol file, indication information for indicating the type of the SSID; where the communication protocol corresponding to the wireless communication protocol file is The terminal accesses a communication protocol of the network to which the AP belongs, and the indication information includes at least one of the following: an SSID name and a password parameter.
  • the determining module includes: an invoking unit, configured to invoke a web server service
  • the protocol process acquires the indication information that matches the network server service protocol process; the first determining unit determines, according to the indication information, an access right corresponding to the type.
  • the determining module further includes: a determining unit, configured to determine, according to the SSID type accessed by the terminal, whether the terminal has the capability of authenticating through an HTTP or HTTPS protocol stack; and second determining unit, setting The access rights are determined in accordance with the capabilities.
  • the first obtaining module further includes: a second acquiring unit, acquiring network parameter information of a user requesting to establish a wireless communication connection; and an identifying unit, configured to identify the request to establish a wireless communication according to the network parameter information
  • the terminal type of the connected terminal wherein the terminal type includes: an administrator user and a temporary user; and the third determining unit is configured to determine the SSID type corresponding to the terminal type according to the terminal type.
  • a page accessing apparatus comprising: an obtaining module, configured to acquire an SSID allocated by the wireless routing device for the terminal, and determine a type of the SSID; and the access module is set to be in the When the terminal accesses the specified page, the specified page is accessed according to the access authority corresponding to the type of the SSID.
  • the device further includes: a sending module, configured to send, to the wireless routing device, network parameter information requesting to establish a wireless communication connection; wherein the network parameter information is used by the wireless routing device to identify the request
  • a sending module configured to send, to the wireless routing device, network parameter information requesting to establish a wireless communication connection; wherein the network parameter information is used by the wireless routing device to identify the request
  • a terminal type of a terminal that establishes a wireless communication connection the terminal type including: an administrator user and a temporary user.
  • a storage medium is also provided.
  • the storage medium is arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • S21 Obtain indication information for indicating the type of the SSID from the wireless communication protocol file, where the communication protocol corresponding to the wireless communication protocol file is a communication protocol that the terminal accesses the network to which the AP belongs, and the indication is The information includes at least one of the following: the SSID name is And password parameters.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • S41 Determine, according to the SSID type accessed by the terminal, whether the terminal has the capability of authenticating by using an HTTP or HTTPS protocol stack.
  • the storage medium is further arranged to store program code for performing the following steps:
  • another storage medium is also provided.
  • the storage medium is arranged to store program code for performing the following steps:
  • the terminal acquires an SSID allocated by the wireless routing device to the terminal, and determines a type of the SSID.
  • the storage medium is further arranged to store program code for performing the following steps:
  • Terminal sends, to the wireless routing device, network parameter information that requests to establish a wireless communication connection, where the network parameter information is used by the wireless routing device to identify a terminal type of the terminal requesting to establish a wireless communication connection
  • Terminal types include: administrator users and temporary users.
  • the access authority corresponding to the type of the SSID assigned by the wireless routing device to the terminal is determined, it is possible to solve the problem that the administrator user's rights cannot be protected and cannot meet the individual needs of the administrator user, and the multiple SSIDs are The administrator user and the temporary user can be distinguished.
  • the two types of users can be used to access the webUI under the premise that the two types of users can use the AP device.
  • the parameters of the wireless routing device and other important information are not used by the temporary user to log in to the webUI page. Modifications and deletions to achieve the security of the wireless routing device.
  • FIG. 1 is a block diagram showing the hardware structure of a wireless routing apparatus for determining a method for determining access rights according to an embodiment of the present invention
  • FIG. 2 is a flow chart of a method for determining a right according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for accessing a page according to an embodiment of the present invention
  • FIG. 4 is a structural block diagram of an apparatus for determining access rights according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of another apparatus for determining access rights according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of still another apparatus for determining access rights according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of still another apparatus for determining access rights according to an embodiment of the present invention.
  • FIG. 8 is a structural block diagram of still another apparatus for determining access rights according to an embodiment of the present invention.
  • FIG. 9 is a structural block diagram of a page access device according to an embodiment of the present invention.
  • FIG. 10 is a structural block diagram of another page access device according to an embodiment of the present invention.
  • FIG. 1 is a hardware structural block diagram of a wireless routing device for determining a method for determining access rights according to an embodiment of the present invention.
  • the wireless routing device 10 can include one or more (only one shown) processor 102 (the processor 102 can include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA.
  • FIG. 1 is merely illustrative and does not limit the structure of the above electronic device.
  • wireless routing device 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration than that shown in FIG.
  • the memory 104 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method for determining access rights in the embodiment of the present invention, and the processor 102 executes by executing software programs and modules stored in the memory 104.
  • Memory 104 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 104 may further include memory remotely located relative to processor 102, which may be connected to wireless routing device 10 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • Transmission device 106 is arranged to receive or transmit data via a network.
  • the network specific examples described above may include a wireless network provided by a communication provider of the wireless routing device 10.
  • the transmission device 106 includes a network interface controller (Network Interface Controller, NIC), which can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission device 106 can be a Radio Frequency (RF) module configured to communicate with the Internet wirelessly.
  • RF Radio Frequency
  • FIG. 2 is a flowchart of a method for determining a permission according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
  • Step S202 When the terminal accesses the specified page, acquire an SSID type of the service set identifier SSID allocated by the terminal access point AP.
  • the above type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the SSID type of the page that supports denial of access can be referred to as the second type SSID. That is to say, at least one SSID can be corresponding to the wireless routing device. For different temporary users, you can set a different SSID. Different SSID types correspond to different specified pages that are denied access.
  • the corresponding SSID type is SSID-1.
  • the web-UI page can also be accessed to modify the parameter information of the wireless routing device.
  • the company's ordinary employees are a temporary user, and the corresponding SSID type is SSID-2.
  • the corresponding SSID type is SSID-3.
  • terminals with SSID type SSID-3 although they are allowed to connect to the wireless routing device, their permissions are only able to access the company's promotional page, while other functional pages are not accessible.
  • the method further includes: acquiring network parameter information of the terminal requesting to establish a wireless communication connection; and according to the network parameter information, Identifying the end of the terminal requesting to establish a wireless communication connection End type; wherein the terminal type includes: an administrator user and a temporary user.
  • the network parameter information includes at least: an IP address of the terminal, a MAC address, and the like for describing a state of the network of the terminal.
  • identifying a terminal type of the terminal requesting to establish a wireless communication connection includes: a protocol layer of the wireless network is read by NV (Nonvolatile, non-volatile parameter) for managing a memory-related parameter.
  • NV Nonvolatile, non-volatile parameter
  • the wireless routing device determines whether to give the next layer (the service layer where the network server is located) according to the result of the return of the access terminal address accessed by the AP (for example, whether the IP packet, the network management address, the port number, and the like) are valid. ) returns a valid value.
  • the wireless routing device in this embodiment may be a short-range wireless communication device.
  • the wireless routing device obtains, from the wireless communication protocol file, the indication information for indicating the type of the SSID, where the communication protocol corresponding to the wireless communication protocol file is the communication that the terminal accesses the network to which the AP belongs.
  • the protocol includes at least one of the following: an SSID name and a password parameter.
  • the wireless communication protocol file includes at least the following protocol files: a WIFI connection authentication protocol file, an encryption protocol file, or a DHCP (Dynamic Host Configuration Protocol).
  • Step S204 determining an access right corresponding to the type according to the type
  • the network server service protocol process is invoked to obtain the indication information that matches the network server service protocol process, and the access authority corresponding to the type is determined according to the indication information, which includes: serving by using the network server After the protocol invokes the WIFI protocol process to obtain parameters, the NV non-volatile parameter is used to obtain the indication information that matches the network server service protocol process.
  • the wireless routing device allows the terminal (ie, the administrator user) to access the specified page. And if the above stack authentication is not possible, the wireless routing device returns a page of 404not found to the terminal (temporary user). The face display identifier is used to deny the terminal in the access to the temporary page.
  • the company's administrator user assigns the SSID name and password corresponding to the SSID to himself, the general employees in the company, and the personnel who temporarily access the company, and saves them in the wireless communication protocol.
  • a terminal connects to the wireless routing device by sending network parameter information such as an IP address or a MAC address
  • the wireless routing device can identify the terminal according to the network parameter information of the terminal. Types of.
  • the terminal can normally connect to the AP.
  • the type of the SSID (SSID-1, SSID-2, and SSID-3) allocated by the terminal to the AP is obtained.
  • the wireless routing device invokes the web server protocol and matches the network parameters stored in the wireless communication protocol. And determining, according to the matching result, whether the terminal has the capability of being authenticated by the HTTP or HTTPS protocol stack of the current page.
  • the wireless routing device displays the current news website on the display page of the terminal after authenticating its ability to authenticate via HTTP or HTTPS protocol stack. If the person is temporarily accessing the company, then the wireless routing device displays the 404not found identifier on the display page of the terminal after the wireless routing device authenticates that it does not have the capability of authenticating through the HTTP or HTTPS protocol stack. This person does not have access.
  • the administrator user and the temporary user are distinguished by multiple SSIDs, and the two types of users can ensure the normal use of the AP device.
  • the following two types of users are allowed to access the webUI to ensure that the parameters and other important information of the wireless routing device are not modified or deleted by the temporary user by logging in to the webUI page, thereby achieving the effect of ensuring the security of the wireless routing device. .
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be through hardware, but in many cases the former is a better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • FIG. 3 is a flowchart of a method for accessing a page according to an embodiment of the present invention. As shown in FIG. 3, the process includes the following steps:
  • the terminal acquires an SSID allocated by the wireless routing device to the terminal, and determines a type of the SSID.
  • the method further includes: the terminal sending, to the wireless routing device, network parameter information requesting to establish a wireless communication connection; wherein, the network parameter information is used by the terminal
  • the wireless routing device identifies a terminal type of the terminal requesting to establish a wireless communication connection, and the terminal type includes: an administrator user and a temporary user.
  • the network parameter information includes at least: an IP address of the terminal, a MAC address, and the like for describing a state of the network of the terminal.
  • identifying a terminal type of the terminal requesting to establish a wireless communication connection includes: returning a result of an access terminal address accessed by an AP that is read by an NV by a protocol layer of the wireless network (for example, an IP packet Whether the network management address, port number, etc. are valid, according to the result, the wireless routing device determines whether to return a valid value to the next layer (the service layer where the network server is located) through the authority.
  • a protocol layer of the wireless network for example, an IP packet Whether the network management address, port number, etc. are valid
  • the wireless routing device in this embodiment may be a short-range wireless communication device.
  • the above type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the second type indicated above does not mean that there are only two types of SSIDs in this implementation.
  • the SSID type of the page that supports denial of access can be referred to as the second type SSID. That is to say, at least one SSID can be corresponding to the wireless routing device. For different temporary users, you can set a different SSID. Different SSID types correspond to different specified pages that are denied access.
  • the corresponding SSID type is SSID-1.
  • the web-UI page can also be accessed to modify the parameter information of the wireless routing device.
  • the company's ordinary employees are a temporary user, and the corresponding SSID type is SSID-2.
  • the corresponding SSID type is SSID-3.
  • terminals with SSID type SSID-3 although they are allowed to connect to the wireless routing device, their permissions are only able to access the company's promotional page, while other functional pages are not accessible.
  • the administrator user and the temporary user are distinguished by multiple SSIDs, and the two types of users can normally use the AP device. Differentiating the rights of the two types of users to access the webUI ensures that the parameters and other important information of the wireless routing device are not modified or deleted by the temporary user by logging in to the webUI page, thereby achieving the effect of ensuring the security of the wireless routing device.
  • a device for determining the access authority is further provided, and the device is used to implement the foregoing embodiments and the preferred embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the device for determining the access authority can be applied to the wireless routing device. Therefore, in the following embodiments, the access authority determining means is replaced with a wireless routing means.
  • FIG. 4 is a structural block diagram of an apparatus for determining access rights according to an embodiment of the present invention. As shown in FIG. 4, the apparatus includes an obtaining module 42 and a determining module 44.
  • the obtaining module 42 is configured to acquire, when the terminal accesses the specified page, an SSID type of the service set identifier SSID allocated by the terminal access point AP;
  • the type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the second type indicated above does not mean that there are only two types of SSIDs in this implementation.
  • the SSID type of the page that supports denial of access can be referred to as the second type SSID. That is to say, at least one SSID can be corresponding to the wireless routing device. For different temporary users, you can set a different SSID. Different SSID types correspond to different specified pages that are denied access.
  • SSID-1 For a terminal whose SSID type is SSID-1, there is no restriction on the accessed page, and the web-UI page can also be accessed to modify the parameter information of the wireless routing device.
  • the company's ordinary employees are a temporary user, and the corresponding SSID type is SSID-2.
  • SSID-2 For a terminal with an SSID type of SSID-2, although the web-UI page cannot be accessed, other network pages can be normally accessed.
  • the corresponding SSID type For temporary access to the company's personnel, the corresponding SSID type is SSID-3.
  • terminals with SSID type SSID-3 although they are allowed to connect to the wireless routing device, their permissions are only able to access the company's promotional page, while other functional pages are not accessible.
  • the wireless routing device in this embodiment may be a short-range wireless communication device.
  • the determining module 44 is coupled to the obtaining module 42 and configured to determine an access right corresponding to the type according to the type.
  • FIG. 5 is a structural block diagram of another apparatus for determining access rights according to an embodiment of the present invention.
  • the acquiring module further includes: a first acquiring unit 52.
  • the first obtaining unit 52 is configured to obtain, from the wireless communication protocol file, indication information for indicating the type of the SSID, where the communication protocol corresponding to the wireless communication protocol file is that the terminal accesses the network to which the AP belongs.
  • the communication protocol, the indication information includes at least one of the following: an SSID name and a password parameter.
  • the wireless communication protocol file includes at least the following protocol files: a WIFI connection authentication protocol file, an encryption protocol file, or a dynamic host configuration DHCP.
  • FIG. 6 is a structural block diagram of another apparatus for determining access rights according to an embodiment of the present invention. As shown in FIG. 6, the determining module further includes: a calling unit 62 and a first determining unit 64.
  • the calling unit 62 is configured to invoke the network server service protocol process to obtain the indication information that matches the network server service protocol process;
  • the first determining unit 64 is connected to the calling unit 62, and determines an access right corresponding to the type according to the indication information.
  • FIG. 7 is a structural block diagram of still another apparatus for determining access rights according to an embodiment of the present invention. As shown in FIG. 7, the above determining module further includes: a determining unit 72 and a second determining unit 74.
  • the determining unit 72 is configured to determine, according to the SSID type accessed by the terminal, whether the terminal has the capability of authenticating by using an HTTP or HTTPS protocol stack;
  • the wireless routing device allows the terminal (ie, the administrator user) to access the specified page. If the above-mentioned stack authentication is not available, the wireless routing device returns a 404not found page display identifier to the terminal (temporary user) for denying the terminal to access the temporary page.
  • the second determining unit 74 is connected to the determining unit 72 and is configured to determine the access right according to the capability.
  • FIG. 8 is a structural block diagram of still another apparatus for determining access rights according to an embodiment of the present invention.
  • the acquiring module further includes: a second obtaining unit 82, an identifying unit 84, and a third determining unit 86.
  • the second obtaining unit 82 is configured to acquire network parameter information of a user requesting to establish a wireless communication connection
  • the network parameter information includes at least: an IP address of the terminal, a MAC address, and the like for describing a state of the network of the terminal.
  • identifying a terminal type of the terminal requesting to establish a wireless communication connection includes: a protocol layer of the wireless network accessing the AP through a non-volatile parameter NV for managing a memory-related parameter
  • the wireless routing device determines whether to return a valid value to the next layer (the service layer where the network server is located) by using the result of the access terminal address (for example, whether the IP packet, the network management address, the port number, etc. are valid).
  • the identification unit 84 is connected to the second obtaining unit 82, and is configured to identify, according to the network parameter information, a terminal type of the terminal that requests to establish a wireless communication connection; wherein the terminal type includes: an administrator user and a temporary user;
  • the third determining unit 86 is connected to the third determining unit 86, and is configured to determine the SSID type corresponding to the terminal type according to the terminal type.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination.
  • the forms are located in different processors.
  • the device is used to implement the above embodiments and preferred embodiments, and the description thereof has been omitted.
  • a page access device is further provided, which is used to implement the above-mentioned embodiments and preferred embodiments, and has not been described again.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the access device of the page can be applied to the terminal. Therefore, in the following embodiments, the access device of the page is replaced with a terminal.
  • FIG. 9 is a structural block diagram of a page access device according to an embodiment of the present invention. As shown in FIG. 9, the device includes an acquisition module 92 and an access module 94.
  • the obtaining module 92 is configured to obtain an SSID allocated by the wireless routing device for the terminal, and determine a type of the SSID;
  • the wireless routing device in this embodiment may be a short-range wireless communication device.
  • the access module 94 is connected to the obtaining module 92, and is configured to access the specified page according to an access right corresponding to the type of the SSID when the terminal accesses the specified page.
  • the above type includes at least one of: a first type for indicating that the terminal is allowed to access the specified page; and a second type for indicating that the terminal is denied access to the specified page.
  • the second type indicated above does not mean that there are only two types of SSIDs in this implementation.
  • the SSID type of the page that supports denial of access can be referred to as the second type SSID. That is to say, at least one SSID can be corresponding to the wireless routing device. For different Temporary users can set different SSIDs. Different SSID types correspond to different specified pages that are denied access.
  • the corresponding SSID type is SSID-1.
  • the web-UI page can also be accessed to modify the parameter information of the wireless routing device.
  • the company's ordinary employees are a temporary user, and the corresponding SSID type is SSID-2.
  • the corresponding SSID type is SSID-3.
  • terminals with SSID type SSID-3 although they are allowed to connect to the wireless routing device, their permissions are only able to access the company's promotional page, while other functional pages are not accessible.
  • FIG. 10 is a structural block diagram of another page access device according to an embodiment of the present invention. As shown in FIG. 10, the device includes a sending module 1002.
  • the sending module 1002 is connected to the obtaining module 94, and configured to send, to the wireless routing device, network parameter information requesting to establish a wireless communication connection, wherein the network parameter information is used by the wireless routing device to identify the request to establish a wireless communication Terminal type of the connected terminal, the terminal type includes: an administrator user and a temporary user
  • the network parameter information includes at least: an IP address of the terminal, a MAC address, and the like for describing a state of the network of the terminal.
  • identifying a terminal type of the terminal requesting to establish a wireless communication connection includes: a protocol layer of the wireless network accessing the AP through a non-volatile parameter NV for managing a memory-related parameter
  • the wireless routing device determines whether to return a valid value to the next layer (the service layer where the network server is located) by using the result of the access terminal address (for example, whether the IP packet, the network management address, the port number, etc. are valid).
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • S21 Obtain indication information for indicating the type of the SSID from the wireless communication protocol file, where the communication protocol corresponding to the wireless communication protocol file is a communication protocol that the terminal accesses the network to which the AP belongs, and the indication is The information includes at least one of the following: the SSID name and the password parameter.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • S41 Determine, according to the SSID type accessed by the terminal, whether the terminal has the capability of authenticating by using an HTTP or HTTPS protocol stack.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a random access memory (RAM, Random).
  • ROM Read-Only Memory
  • RAM random access memory
  • Embodiments of the present invention also provide another storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the terminal acquires an SSID allocated by the wireless routing device to the terminal, and determines a type of the SSID.
  • the storage medium is further arranged to store program code for performing the following steps:
  • Terminal sends, to the wireless routing device, network parameter information that requests to establish a wireless communication connection, where the network parameter information is used by the wireless routing device to identify a terminal type of the terminal requesting to establish a wireless communication connection
  • Terminal types include: administrator users and temporary users.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the technical solution provided by the embodiment of the present invention can be applied to the process of determining the access authority. Because the access authority corresponding to the type of the SSID allocated by the wireless routing device for the terminal is determined, the rights of the administrator user can be protected from being protected. The problem of the individual needs of the administrator user cannot be met.
  • the multiple SSIDs can be used to distinguish between the administrator user and the temporary user.
  • the two types of users can use the AP device to ensure that the two types of users can access the webUI. Parameters and other important information are not modified or deleted by the temporary user by logging into the webUI page, thereby achieving the effect of ensuring the security of the wireless routing device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un dispositif permettant une détermination d'autorisation d'accès et un accès à une page. Le procédé de détermination consiste : à obtenir un type d'identifiant d'ensemble de services (SSID pour Service Set IDentifier) d'un identifiant SSID distribué pour un terminal ayant accès à un point d'accès (AP pour Access Point) lorsque le terminal a accès à une page spécifiée ; et à déterminer, en fonction du type, une autorisation d'accès correspondant au type. La solution technique de l'invention peut résoudre les problèmes de droits d'utilisateur administrateur qui ne sont pas protégés et des exigences de personnalisation des utilisateurs administrateurs qui ne sont pas satisfaites. En distinguant l'utilisateur administrateur et l'utilisateur temporaire au moyen de multiples identifiants SSID, des autorisations permettant aux deux types d'utilisateurs d'avoir accès à l'interface utilisateur (UI pour User Interface) du site Web peuvent être distinguées tout en garantissant que les deux types d'utilisateurs peuvent utiliser normalement l'équipement de point d'accès, tout en assurant que les paramètres et d'autres informations importantes du routeur sans fil ne seront pas modifiés ou supprimés par un utilisateur temporaire se connectant à la page de l'interface utilisateur du site Web, ce qui permet d'assurer la sécurité du routeur sans fil.
PCT/CN2017/081283 2016-06-22 2017-04-20 Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page WO2017219748A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610460082.7A CN107528712A (zh) 2016-06-22 2016-06-22 访问权限的确定、页面的访问方法及装置
CN201610460082.7 2016-06-22

Publications (1)

Publication Number Publication Date
WO2017219748A1 true WO2017219748A1 (fr) 2017-12-28

Family

ID=60735524

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/081283 WO2017219748A1 (fr) 2016-06-22 2017-04-20 Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page

Country Status (2)

Country Link
CN (1) CN107528712A (fr)
WO (1) WO2017219748A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247906A (zh) * 2019-06-10 2019-09-17 平安科技(深圳)有限公司 一种网络监控方法及装置、设备、存储介质

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108427828B (zh) * 2018-02-07 2022-04-26 李荣陆 一种自动评估平面设计布局质量与优化的装置
CN111224920B (zh) * 2018-11-23 2021-04-20 珠海格力电器股份有限公司 一种防止非法登录的方法、装置、设备及计算机存储介质
CN110611913B (zh) * 2019-09-24 2023-03-21 中广核工程有限公司 核电厂无线网络接入方法、系统管理平台和接入系统
CN111314991B (zh) * 2020-02-11 2022-08-12 中国联合网络通信集团有限公司 网络接入控制方法、装置及系统
CN112214705A (zh) * 2020-08-21 2021-01-12 长沙市到家悠享网络科技有限公司 页面显示方法、装置、设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040249983A1 (en) * 2003-03-21 2004-12-09 Ilja Bedner Method and system for accessing a web page within a network
CN101286948A (zh) * 2008-05-30 2008-10-15 杭州华三通信技术有限公司 一种访问权限控制的方法和无线接入设备
CN103873456A (zh) * 2012-12-18 2014-06-18 华为终端有限公司 WiFi设备的访问控制方法及WiFi设备
CN104053154A (zh) * 2014-06-16 2014-09-17 福建星网锐捷网络有限公司 一种无线网络接入控制方法、装置和接入点设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040249983A1 (en) * 2003-03-21 2004-12-09 Ilja Bedner Method and system for accessing a web page within a network
CN101286948A (zh) * 2008-05-30 2008-10-15 杭州华三通信技术有限公司 一种访问权限控制的方法和无线接入设备
CN103873456A (zh) * 2012-12-18 2014-06-18 华为终端有限公司 WiFi设备的访问控制方法及WiFi设备
CN104053154A (zh) * 2014-06-16 2014-09-17 福建星网锐捷网络有限公司 一种无线网络接入控制方法、装置和接入点设备

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247906A (zh) * 2019-06-10 2019-09-17 平安科技(深圳)有限公司 一种网络监控方法及装置、设备、存储介质

Also Published As

Publication number Publication date
CN107528712A (zh) 2017-12-29

Similar Documents

Publication Publication Date Title
WO2017219748A1 (fr) Procédé et dispositif permettant une détermination d'autorisation d'accès et un accès à une page
US11129021B2 (en) Network access control
US9763094B2 (en) Methods, devices and systems for dynamic network access administration
CN107005442B (zh) 用于远程接入的方法和装置
US8392712B1 (en) System and method for provisioning a unique device credential
EP3319293B1 (fr) Procédé et dispositif sans connexion inter-terminaux
TWI625976B (zh) 用於熱點之動態預分享密鑰
US8893255B1 (en) Device authentication using device-specific proxy addresses
JP2019511141A5 (fr)
WO2015101125A1 (fr) Procédé et dispositif de contrôle d'accès au réseau
US20180198786A1 (en) Associating layer 2 and layer 3 sessions for access control
US20080060061A1 (en) System and method for automatic network logon over a wireless network
EP2846586B1 (fr) Procédé permettant d'accéder à un réseau sûr d'un dispositif personnel, serveur d'entreprise et point d'accès
TW201351188A (zh) 用於品牌之密鑰分派
CN101379795A (zh) 在由认证服务器检查客户机证书的同时由dhcp服务器进行地址分配
WO2016165505A1 (fr) Procédé et appareil de commande de connexion
WO2016131289A1 (fr) Procédé, dispositif et équipement d'utilisateur destiné aux essais de sécurité de point d'accès sans fil
US9703987B2 (en) Identity based connected services
US20060195889A1 (en) Method for configuring and controlling access of a computing device based on location
US11516642B2 (en) Different profiles for selecting different network interfaces for communications of an electronic device
US20080244262A1 (en) Enhanced supplicant framework for wireless communications
WO2016090927A1 (fr) Procédé et système de gestion pour le partage du réseau local sans fil (wlan) et serveur d'enregistrement de partage du réseau wlan
Nguyen et al. An SDN‐based connectivity control system for Wi‐Fi devices
WO2018014555A1 (fr) Procédé et appareil de commande de transmission de données
US20240056806A1 (en) Device authorization in an enterprise network based on whether a mobile number is in a user information repository

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17814486

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17814486

Country of ref document: EP

Kind code of ref document: A1