WO2018058976A1 - Authorization management method and system of wireless router - Google Patents

Authorization management method and system of wireless router Download PDF

Info

Publication number
WO2018058976A1
WO2018058976A1 PCT/CN2017/085100 CN2017085100W WO2018058976A1 WO 2018058976 A1 WO2018058976 A1 WO 2018058976A1 CN 2017085100 W CN2017085100 W CN 2017085100W WO 2018058976 A1 WO2018058976 A1 WO 2018058976A1
Authority
WO
WIPO (PCT)
Prior art keywords
router
management
terminal
rights
permission
Prior art date
Application number
PCT/CN2017/085100
Other languages
French (fr)
Chinese (zh)
Inventor
何山
Original Assignee
上海斐讯数据通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海斐讯数据通信技术有限公司 filed Critical 上海斐讯数据通信技术有限公司
Publication of WO2018058976A1 publication Critical patent/WO2018058976A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Definitions

  • the invention belongs to the technical field of router user control, and in particular relates to a method and system for authorizing management of a wireless router.
  • the Chinese invention patent with application number 201210015256.0 involves a method of resource access authorization.
  • the specific steps of the method are as follows: the user accesses or uses the specific application as follows: the user accesses the Widget application or other application in the terminal; the application obtains the user authentication “user authentication token” from the application container, and then authenticates, The authorization and accounting server initiates a "resource access token" request; the authentication, authorization, and accounting server checks the user, the application, the application container, and the resource information to be accessed by the application, and confirms that the access can be made to generate the final "resource access token".
  • the authentication, authorization, and accounting server issues the final "resource access token" to the application; the application initiates a resource access request to the resource server; the resource server checks the application's "resource access token”; after the check is passed, the application request is returned Resources; applications present resources to end users.
  • the invention can authorize and manage resource access, but the steps are cumbersome, and the intermediate process is prone to errors leading to problems in authorization management.
  • wireless WIFI wireless wide area network
  • wireless routers are connected to a wide variety of terminal devices, and their network resources require user assignment.
  • one router can access multiple mobile APPs, and the user can operate the wireless router by using the APP, but the router does not have the operation management authority for the access user, and the management of the router function is unreasonable. .
  • network 1 the network connection between the router and the fixed smart home appliance (referred to as network 1) must be uninterrupted, and no user can change the network connection; for example, open to The child's network connection (referred to as network 2), which needs to be assigned to the parental control management, specifically may include limiting the network speed and part of the IP, etc.; for example, the network opened by the merchant to the customer (temporarily referred to as network 3), It needs to manage the speed and access mode of the customer network.
  • network 2 the network connection between the router and the fixed smart home appliance
  • network 2 which needs to be assigned to the parental control management, specifically may include limiting the network speed and part of the IP, etc.; for example, the network opened by the merchant to the customer (temporarily referred to as network 3), It needs to manage the speed and access mode of the customer network.
  • the existing solution that can solve the different network management requirements of the above networks 1, 2, 3, etc. is to establish a control in the router.
  • the authority information table, the router will set the different privilege levels of the routing users according to the privilege information table, and different users will operate the functions of the router according to the privilege.
  • the Chinese invention patent application with the application number 201310411926.5 discloses a 3G/WIFI wireless router.
  • the user hierarchical control method has the following steps: 1) setting different network access rights in the 3G/WIFI router; 2) establishing a user information table in the 3G/WIFI router; 3) setting a super user in the 3G/WIFI router; Establish a control information table in the 3G/WIFI router; 5) configure firewall rules in the 3G/WIFI router to set the access rights to the network; 6) the user accesses the set router through the WIFI network as a restricted access state; 7) The router obtains the user right in the user information table according to the user information, binds according to the user's MAC address/IP address information and network authority, and writes the information into the control information table, and sets the firewall rule; 8) Obtained access to the network while the router also dynamically monitors the user status, setting a timer for supervision during the user's connection to the router, and then the user Re-authentication is required for secondary access, which has the characteristics of enhanced system security and ease of use.
  • the allocation of permissions to users in this scheme is in the
  • the present invention provides a method for authorizing and managing a wireless router.
  • the assignment of user rights is directly assigned by the administrator account of the terminal, and the operation of the router is compared according to the setting of the administrator account.
  • the authorization management method is more flexible and fast.
  • Another object of the present invention is to provide an authorization management system for a wireless router.
  • a method for authorizing and managing a wireless router includes the following steps:
  • the router accesses multiple terminal devices and one management terminal, the management terminal sets itself as an administrator through a router, the router system records the MAC address of the management terminal, and the MAC address is an identifier of the router identification management terminal;
  • each change configuration operation on the router sets a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, ..., PN;
  • the administrator summarizes all the terminal devices of the routing network through the router, and sets the permissions of each terminal device on the administrator tool;
  • the router receives the operation request of the user, and searches for an assignment of the authority in the administrator account according to the MAC address.
  • the router determines whether the terminal device has the corresponding authority, if the authority allocation information of the administrator account includes the terminal setting With the corresponding authority, the router performs the operation requested by the terminal device; if there is no corresponding authority of the terminal device in the authority allocation information of the administrator account, the router rejects the operation request of the terminal device.
  • the permission assignment is set on the management terminal. When the permission assignment is changed, the router itself is not changed, and the operation is more convenient.
  • the configuration change operation of the router includes wireless channel change, network speed setting, flow control, and IP allocation, and the network configuration of each terminal device can be reasonably allocated.
  • the terminal device allocates one or more rights, and can perform various configuration changes.
  • the management terminal is a mobile phone or a computer, which makes the user's operation convenient and intuitive.
  • the identifier of the router identification management terminal further includes a fingerprint, a username, and a password, and the security level of the management terminal is upgraded.
  • the rights allocation is completed by the rights allocation interface, the rights allocation interface is provided by the management terminal, the rights allocation interface includes all the rights information, and one or more rights on the rights allocation interface are selected to give the terminal device corresponding rights.
  • the choice of permissions is very convenient, which is beneficial for the terminal device to quickly change the permissions.
  • a wireless router authorization management system includes a wireless router, a plurality of terminal devices, and a management terminal.
  • the wireless router is connected to a plurality of terminal devices and management terminals through a network signal, and the management terminal sets itself as an administrator through a wireless router, and manages
  • An administrator account is provided on the terminal.
  • the administrator account includes a permission module, a rights assignment module, and a permission judgment module.
  • the permission module is used to store all the rights information
  • the rights allocation module is used to allocate and store the rights information corresponding to each terminal device.
  • the judging module is configured to determine whether the changed router configuration operation requested by the user has permission.
  • the administrator account further includes a login verification module for verifying the login of the administrator account and improving the security level of the administrator account.
  • the administrator account further includes a rights update module for reallocating the rights of the terminal device.
  • the login verification module is provided with an input of a user name and a password, and is logged into the administrator account by using the username and password, which is safe and reliable.
  • the terminal device comprises a plurality of kitchen and television, lighting control, security alarm, irrigation system, door and window control, indoor climate, and building intercom to realize smart home.
  • the authorization management method and system technical scheme of the wireless router of the present invention the user authority assignment is directly allocated by the administrator account of the terminal, and the operation of the router is compared according to the setting of the administrator account, and the authorization management mode is more flexible. And fast.
  • FIG. 1 is a flowchart of an authorization management method of a wireless router according to Embodiment 1 of the present invention.
  • FIG. 2 is a structural diagram of an authorization management system of a wireless router according to Embodiment 1 of the present invention.
  • This embodiment provides a method for authorizing the management of the wireless router, including the following steps:
  • the router accesses multiple terminal devices and one management terminal, the management terminal sets itself as an administrator through a router, the router system records the MAC address of the management terminal, and the MAC address is an identifier of the router identification management terminal;
  • MAC address All networked computers must be configured with a network card, and the network card we use has a serial address, which is the MAC address.
  • the MAC address is located in the second layer of the data link layer in the OSI model and is used to define the location of the network device, so it is also called the hardware address.
  • the MAC address uses a string of 48 bits of binary to identify each computer on the network.
  • the MAC address is unique. It is fixed. That is, the MAC address of each network card is unchangeable. When the network card is produced, the manufacturer burns it into the ROM read-only memory. The user does not need to configure the MAC address. It is built into the physical device. Therefore, the MAC address of each terminal device of the present invention is different and unique.
  • each change configuration operation on the router sets a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, ..., PN;
  • the administrator summarizes all the terminal devices of the routing network through the router, and sets the permissions of each terminal device on the administrator tool;
  • the router receives the operation request of the user, and searches for the assignment of the authority in the administrator account according to the MAC address.
  • S6 determining whether the terminal device has the corresponding authority. If the authority allocation information of the administrator account includes the corresponding authority of the terminal device, the router performs the operation requested by the terminal device; if the authority allocation information of the administrator account does not have the corresponding permission of the terminal device The router rejects the operation request of the terminal device.
  • the authority allocation is set on the management terminal, and the router itself is not changed when the authority allocation is changed, and the operation is more Convenient.
  • the embodiment provides a wireless router authorization management system, including a wireless router, a plurality of terminal devices, and a management terminal.
  • the wireless router is connected to multiple terminal devices and management terminals through network signals, and the management terminal sets itself through the wireless router.
  • an administrator an administrator account is provided on the management terminal.
  • the administrator account includes a permission module, a rights assignment module, and a permission judgment module.
  • the permission module is used to store all the rights information
  • the rights allocation module is used to allocate and store each terminal device.
  • the permission information module is used to determine whether the user-requested change router configuration operation has permission.
  • the allocation of user rights is directly allocated by the administrator account of the smart phone, the allocation of rights is more flexible, and the allocation of rights can be adjusted according to needs.
  • the authorization management method of the wireless router in this embodiment specifically includes the following steps:
  • the wireless router accesses three terminal devices and one management terminal, the three terminal devices are security alarm devices, lighting control devices and televisions, and the management terminals are smart phones, smart phones, security alarm devices, lighting control devices and televisions.
  • the machine is connected to the router network, the smart phone sets itself as an administrator through the router, and the administrator account APP is installed on the smart phone.
  • the router system records the MAC address of the smart phone, and the MAC address is the identifier of the smart phone identified by the router;
  • the wireless channel change on the router, the network speed setting, the flow control, and the IP allocation change configuration operation each set a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, P3 and P4, that is, P1 corresponds to the authority of the wireless channel change, P2 corresponds to the authority of the network speed setting, P3 corresponds to the authority of the flow control, and P4 corresponds to the authority of the IP allocation;
  • the administrator summarizes all the terminal devices of the routing network through the wireless router, and sets the permissions of each terminal device on the administrator tool, and each terminal device can assign one of the rights P1, P2, P3, and P4 or Multiple
  • the user requests to perform the operation of changing the configuration of the router according to the requirement, and the change of the configuration of the router can control the operation of the terminal device, such as changing the permission P1 of the wireless channel;
  • the router receives the operation request of the user, and searches for the allocation information about the authority in the administrator account APP in the smart phone according to the MAC address, and the security alarm device, the lighting control device, and the television are recorded in the authority allocation information.
  • the corresponding permissions are as shown in the following table:
  • Terminal Equipment Security alarm equipment Lighting control equipment TV set Permission P1, P4 P2, P3 P1, P2, P3
  • S6 determining whether the terminal device has the corresponding authority. If the user requests to modify the wireless channel of the router through the security alarm device or the television, the security alarm device and the television have the permission to change the wireless channel in the authority allocation information of the administrator account APP. P1, the router performs an operation of changing the wireless channel request; if the user requests to modify the wireless channel of the router through the lighting control device, the lighting control device in the authority allocation information of the administrator account APP does not change the permission P1 of the wireless channel, and the router refuses to change the wireless channel request. Operation.
  • the authority allocation information of the administrator account APP stores the security alarm device having the IP allocation authority P4, and the router performs the IP reallocation operation; if the user passes the lighting control device or the television The router is requested to perform IP allocation, and the lighting control device and the television in the authority allocation information of the administrator account APP have no authority P4 for IP allocation, and the router refuses to re-allocate the IP request.
  • the security alarm device in the authority allocation information of the administrator account APP does not change the permission P2 of the network speed setting, and the router rejects the request for the network speed setting; if the user controls through the lighting The device or the television requests the router to change the network speed setting, and the authority allocation information of the administrator account APP stores the permission P2 of the lighting control device and the television having the network speed setting, and the router performs the network speed setting operation.
  • the security alarm device in the authority allocation information of the administrator account does not have the permission P2 for flow control, and the router rejects the request for flow control; if the user requests the router through the lighting control device or the television For flow control, the authority allocation information of the administrator account APP stores the permission control P2 of the lighting control device and the television having the flow control, and the router performs the flow control operation.
  • the authorization management method of the wireless router in this embodiment sets the authority assignment on the management terminal, and does not change the router itself when changing the rights assignment, and the operation is convenient.
  • this embodiment proposes a wireless router authorization management system based on a wireless router authorization management method
  • the wireless router authorization management system includes a wireless router, a security alarm device, a lighting control device, a television, and a smart phone.
  • the wireless router and the security alarm device, the lighting control device, the television, and the smart phone are all connected through the network provided by the wireless router, the smart phone sets itself as the administrator through the wireless router, and the administrator account APP is provided on the smart phone operation interface.
  • the administrator account APP includes a permission module, a rights assignment module, and a permission judgment module.
  • the permission module is used to store all rights information, including a wireless channel change permission P1, and a network speed setting.
  • Permission P2, flow control authority P3 and IP assignment authority P4, the authority assignment module is used to allocate and store the authority information corresponding to each terminal device.
  • the security alarm device is assigned with the wireless channel change permission P1 and the IP assignment authority P4.
  • the lighting control device is assigned with a network speed setting authority P2 and a flow control authority P3, and the television is assigned with a wireless channel changing authority P1, a network speed setting authority P2, and a flow control authority P3.
  • the authority judging module is configured to determine whether the user-requested change router configuration operation has authority, that is, whether the security alarm device, the lighting control device, and the television have wireless channel change permission P1, network speed setting authority P2, flow control authority P3, and IP. Assigning the right P4, the wireless router decides to allow or deny the user request according to the judgment result.
  • the authorization management method and system of the wireless router in this embodiment adopts a management terminal authorization mode, and the allocation of user rights is directly allocated by the administrator account APP of the smart phone, and the change configuration operation of the router is compared according to the setting of the administrator account APP. After the execution, the authorization management mode is flexible and fast; the rights allocation is set on the smart phone, and changing the permission allocation does not affect the normal operation of the router.
  • the identifier of the router identification management terminal further includes a fingerprint, a user name and a password, and the security level of the management terminal is upgraded.
  • the MAC address is based on the identification of the smart phone by the router, and the authentication of the fingerprint, the user name and the password is added, and the security of the wireless router authorization management is increased. Refer to Embodiment 5 for other methods and systems for authorization management.
  • the rights allocation is completed by the authority allocation interface of the smart phone, and the rights allocation interface can be opened by the administrator account APP, and the rights allocation interface includes all the rights information, and is arranged in a list.
  • the rights assignment interface check the permissions on the rights assignment interface, and select one or more permissions to give the terminal devices the corresponding permissions.
  • the permission selection is very convenient, which is beneficial to the terminal device to quickly change the permissions. Refer to Embodiment 3 for other methods and systems for authorization management.
  • the administrator account further includes a login verification module, which is used for verifying the login of the administrator account, improving the security level of the administrator account, and the login verification module is provided with the input of the user name and password. Item, the user enters the correct username and password, and successfully logs in to the administrator account after verification, which is safe and reliable.
  • a login verification module which is used for verifying the login of the administrator account, improving the security level of the administrator account
  • the login verification module is provided with the input of the user name and password. Item, the user enters the correct username and password, and successfully logs in to the administrator account after verification, which is safe and reliable.
  • the administrator account further includes a rights update module, which is used for reallocating the rights of the terminal device, and the user can update the rights of the terminal device according to the required change, so that the terminal device can be used at different times. Have different permissions and adaptability. Refer to Embodiment 3 for other methods and systems for authorization management.
  • the terminal device further includes an irrigation system, a door and window control device, an indoor climate device and a building intercom device, and the management terminal is replaced with an onboard computer, and the onboard computer is connected to the wireless router through mobile communication. All terminal devices are connected to the wireless router through the network provided by the wireless router.
  • the operation rights of the router configuration change include the network switch timing setting permissions P5, ..., PN, and the rights information assigned by each terminal device is as follows:
  • Terminal Equipment Security alarm equipment Lighting control equipment TV set Irrigation system Permission P1 P1, P3 P2, P4 P5 Terminal Equipment Door and window control equipment Indoor climate equipment Building intercom equipment Car computer Permission P2, P5 P1, P2, P4, P5 P1, P2, P4 P1, P2, ..., PN
  • the on-board computer as the management terminal has all the permissions P1, P2, ..., PN of the router configuration change.
  • the following is only a brief introduction to the irrigation system: if the user requests the router to perform network switch timing setting through the irrigation system
  • the authority allocation information of the administrator account stores the authority P2 of the irrigation system having the network switch timing setting, and the router performs the operation of setting the network switch timing. Refer to Embodiment 3 for other methods and systems for authorization management.
  • the wireless router is provided with an indication module, the indication module is connected with the authority judgment module signal, and the indication module is configured to indicate whether the requested user has the corresponding authority, and the indicator module is indicated by the system indicator. display. If the requested user has permission, the system indicator is green; if the requested user has permission, the system indicator is red. The system indicator determines whether the requested user has the right to change the router configuration. The judgment process and the result are clear and clear, giving the operator an intuitive feeling. Refer to Embodiment 3 for other methods and systems for authorization management.
  • the invention has the following beneficial effects:
  • the authorization management method and system of the wireless router of the present invention adopts a management terminal authorization mode, and the allocation of user rights is directly allocated by the administrator account of the management terminal, and the change configuration operation of the router is compared according to the setting of the administrator account. Execution, the authorization management mode is flexible and fast; the authority assignment is set on the management terminal, and the router itself is not changed when the authority assignment is changed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention belongs to the field of router user control technologies and relates to an authorization management method and system of a wireless router. The authorization management method of the present invention comprises: a plurality of terminal devices and one management terminal are accessed on a router, the management terminal being self-set as a manager by means of the router, and a router system recording a media access control (MAC) address of the management terminal; each change configuration operation on the router is provided with a permission management, different change configuration operations corresponding to different permissions, and the permissions being named P1, P2, ..., PN; the manager summarizes all terminal devices accessing a routing network by means of the router and sets permissions of each terminal device on a manager tool; a user requests to execute a router configuration change operation; the router receives the operation request of the user and finds a permission-related allocation in a manager account according to the MAC address; and whether the terminal devices have corresponding permissions is determined. The technical solution of the authorization management of the wireless router provided by the present invention has the advantage of a flexible authorization management mode.

Description

一种无线路由器的授权管理方法及系统Method and system for authorizing authorization of wireless router 技术领域Technical field
本发明属于路由器用户控制技术领域,具体涉及一种无线路由器的授权管理方法及系统。The invention belongs to the technical field of router user control, and in particular relates to a method and system for authorizing management of a wireless router.
背景技术Background technique
随着信息化的不断发展,网络资源的共享越来越来广泛,网络资源的共享必然需要对资源的保护和授权访问,如申请号为201210015256.0的中国发明专利涉及了一种资源访问授权的方法,该方法的具体步骤为:用户访问或者使用具体应用时的流程如下:用户访问终端中的Widget应用或者其它应用;应用从应用容器获取经过用户认证的“用户认证令牌”,然后向认证、授权和计费服务器发起“资源访问令牌”请求;认证、授权和计费服务器检查用户,应用,应用容器以及应用要访问的资源信息,确认可以访问后,生成最终的“资源访问令牌”;认证、授权和计费服务器颁发最终的“资源访问令牌”给应用;应用发起到资源服务器的资源访问请求;资源服务器检查应用的“资源访问令牌”;检查通过后,返回应用请求的资源;应用呈现资源给终端用户。该发明能对资源访问进行授权管理,但存在步骤繁琐,中间过程易出现错误导致授权管理出现问题。With the continuous development of informatization, the sharing of network resources is more and more extensive, and the sharing of network resources necessarily requires the protection and authorized access of resources. For example, the Chinese invention patent with application number 201210015256.0 involves a method of resource access authorization. The specific steps of the method are as follows: the user accesses or uses the specific application as follows: the user accesses the Widget application or other application in the terminal; the application obtains the user authentication “user authentication token” from the application container, and then authenticates, The authorization and accounting server initiates a "resource access token" request; the authentication, authorization, and accounting server checks the user, the application, the application container, and the resource information to be accessed by the application, and confirms that the access can be made to generate the final "resource access token". The authentication, authorization, and accounting server issues the final "resource access token" to the application; the application initiates a resource access request to the resource server; the resource server checks the application's "resource access token"; after the check is passed, the application request is returned Resources; applications present resources to end users. The invention can authorize and manage resource access, but the steps are cumbersome, and the intermediate process is prone to errors leading to problems in authorization management.
而随着无线WIFI的发展,越来越多的家庭设备通过WIFI连在一起。智能家居设备通过无线WIFI路由器传递数据实现控制和数据采集。无线路由器作为智能家居的枢纽,其重要性日益增强,对无线的管理也越来越重要。在智能家居的应用中,无线路由器连接着各式各样的终端设备,它们的网络资源需要用户分配。在目前的路由器应用中,一个路由器可以接入多个手机APP,用户使用APP可以对无线路由器进行操作,但路由器并没有对接入用户有操作权限的分配管理,对路由器功能的管理也不合理。With the development of wireless WIFI, more and more home devices are connected through WIFI. The smart home device transmits data through the wireless WIFI router for control and data acquisition. As the hub of smart home, wireless routers are becoming more and more important, and the management of wireless is becoming more and more important. In smart home applications, wireless routers are connected to a wide variety of terminal devices, and their network resources require user assignment. In the current router application, one router can access multiple mobile APPs, and the user can operate the wireless router by using the APP, but the router does not have the operation management authority for the access user, and the management of the router function is unreasonable. .
例如,在一个大家庭的无线网络环境中,路由器与固定的智能家电间的网络连接(暂称为网络1)是必须永远不间断的,任何用户都不能更改这个网络连接;又例如,开放给小孩的网络连接(暂称为网络2),它是需要分配给家长控制管理的,具体可以包括限制网速和部分IP等;再例如,商家开放给顾客的网络(暂称为网络3),它需要实现对客户网络的速度及接入方式的管理等。For example, in a large family wireless network environment, the network connection between the router and the fixed smart home appliance (referred to as network 1) must be uninterrupted, and no user can change the network connection; for example, open to The child's network connection (referred to as network 2), which needs to be assigned to the parental control management, specifically may include limiting the network speed and part of the IP, etc.; for example, the network opened by the merchant to the customer (temporarily referred to as network 3), It needs to manage the speed and access mode of the customer network.
现有的能解决上述网络1、2、3等不同网络管理需求的方案是在路由器中建立一个控 制权限信息表,路由器将根据权限信息表设定路由用户的不同权限级别,不同的用户将根据权限操作路由器的功能,如申请号为201310411926.5的中国发明专利申请公开了一种3G/WIFI无线路由器用户分级控制方法,步骤为:1)在3G/WIFI路由器中设定不同的网络访问权限;2)在3G/WIFI路由器中建立用户信息表;3)在3G/WIFI路由器中设超级用户;4)在3G/WIFI路由器中建立控制信息表;5)在3G/WIFI路由器中配置防火墙规则,设定访问网络的权限;6)用户通过WIFI网络接入设置好的路由器时为受限访问状态;7)路由器根据用户信息在用户信息表中获取用户权限,根据用户的MAC地址/IP地址信息和网络权限进行绑定,并将此信息写入控制信息表,同时设定防火墙规则;8)根据获取到的权限访问网络同时路由器还动态监控用户状态,在用户连接路由器期间设定定时器进行监管,用户再次接入时需再次认证,具有增强了系统安全性和易用性的特点。这种方案对用户的权限分配是在路由器中,授权方式死板不灵活。The existing solution that can solve the different network management requirements of the above networks 1, 2, 3, etc. is to establish a control in the router. The authority information table, the router will set the different privilege levels of the routing users according to the privilege information table, and different users will operate the functions of the router according to the privilege. For example, the Chinese invention patent application with the application number 201310411926.5 discloses a 3G/WIFI wireless router. The user hierarchical control method has the following steps: 1) setting different network access rights in the 3G/WIFI router; 2) establishing a user information table in the 3G/WIFI router; 3) setting a super user in the 3G/WIFI router; Establish a control information table in the 3G/WIFI router; 5) configure firewall rules in the 3G/WIFI router to set the access rights to the network; 6) the user accesses the set router through the WIFI network as a restricted access state; 7) The router obtains the user right in the user information table according to the user information, binds according to the user's MAC address/IP address information and network authority, and writes the information into the control information table, and sets the firewall rule; 8) Obtained access to the network while the router also dynamically monitors the user status, setting a timer for supervision during the user's connection to the router, and then the user Re-authentication is required for secondary access, which has the characteristics of enhanced system security and ease of use. The allocation of permissions to users in this scheme is in the router, and the authorization method is rigid and inflexible.
发明内容Summary of the invention
针对现有技术中存在的上述不足,本发明提供了一种无线路由器的授权管理方法,用户权限的分配由终端的管理员账户直接分配,对路由器的操作依据管理员账户的设定进行比对后再执行,授权管理方式更加灵活且快捷。In view of the above-mentioned deficiencies in the prior art, the present invention provides a method for authorizing and managing a wireless router. The assignment of user rights is directly assigned by the administrator account of the terminal, and the operation of the router is compared according to the setting of the administrator account. After the implementation, the authorization management method is more flexible and fast.
本发明的另一目的是提供一种无线路由器的授权管理系统。Another object of the present invention is to provide an authorization management system for a wireless router.
为了达到上述发明目的,本发明采用以下技术方案:In order to achieve the above object, the present invention adopts the following technical solutions:
一种无线路由器的授权管理方法,包括以下步骤:A method for authorizing and managing a wireless router includes the following steps:
S1,路由器上接入多个终端设备和一个管理终端,管理终端通过路由器将自身设置为管理员,路由器系统记录管理终端的MAC地址,MAC地址为路由器识别管理终端的标识;S1, the router accesses multiple terminal devices and one management terminal, the management terminal sets itself as an administrator through a router, the router system records the MAC address of the management terminal, and the MAC address is an identifier of the router identification management terminal;
S2,路由器上的每个更改配置操作设置一权限管理,不同的更改配置操作对应不同的权限,并将权限命名为P1、P2、…、PN;S2, each change configuration operation on the router sets a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, ..., PN;
S3,管理员通过路由器汇总接入路由网络的所有终端设备,并在管理员工具上设定每个终端设备的权限;S3, the administrator summarizes all the terminal devices of the routing network through the router, and sets the permissions of each terminal device on the administrator tool;
S4,用户请求执行更改路由器配置的操作;S4, the user requests to perform an operation of changing the router configuration;
S5,路由器接收用户的操作请求,并根据MAC地址查找管理员账户中关于权限的分配;S5. The router receives the operation request of the user, and searches for an assignment of the authority in the administrator account according to the MAC address.
S6,判断终端设备是否具有相应的权限,若管理员账户的权限分配信息中含有终端设 备相应的权限,路由器进行终端设备请求的操作;若管理员账户的权限分配信息中没有终端设备相应的权限,路由器拒绝终端设备的操作请求。将权限分配设于管理终端上,更改权限分配时不会更改路由器本身,操作更加方便。S6, determining whether the terminal device has the corresponding authority, if the authority allocation information of the administrator account includes the terminal setting With the corresponding authority, the router performs the operation requested by the terminal device; if there is no corresponding authority of the terminal device in the authority allocation information of the administrator account, the router rejects the operation request of the terminal device. The permission assignment is set on the management terminal. When the permission assignment is changed, the router itself is not changed, and the operation is more convenient.
优选的,所述路由器的更改配置操作包括无线信道更改、网络速度设定、流量控制和IP分配,能合理分配各个终端设备的网络配置。Preferably, the configuration change operation of the router includes wireless channel change, network speed setting, flow control, and IP allocation, and the network configuration of each terminal device can be reasonably allocated.
优选的,所述终端设备分配一个或多个权限,能进行多方面的配置更改。Preferably, the terminal device allocates one or more rights, and can perform various configuration changes.
优选的,所述管理终端为手机或电脑,使用户操作方便、直观。Preferably, the management terminal is a mobile phone or a computer, which makes the user's operation convenient and intuitive.
优选的,所述路由器识别管理终端的标识还包括指纹、用户名和密码,提升管理终端设别的安全等级。Preferably, the identifier of the router identification management terminal further includes a fingerprint, a username, and a password, and the security level of the management terminal is upgraded.
优选的,所述权限分配通过权限分配界面操作完成,权限分配界面由管理终端提供,权限分配界面包含所有的权限信息,勾选权限分配界面上的一个或多个权限赋予终端设备相应的权限,权限的选择非常方便,有利于终端设备快速进行权限的更改。Preferably, the rights allocation is completed by the rights allocation interface, the rights allocation interface is provided by the management terminal, the rights allocation interface includes all the rights information, and one or more rights on the rights allocation interface are selected to give the terminal device corresponding rights. The choice of permissions is very convenient, which is beneficial for the terminal device to quickly change the permissions.
本发明还公开了另一种技术方案:The invention also discloses another technical solution:
一种无线路由器的授权管理系统,包括无线路由器、多个终端设备和一个管理终端,无线路由器与多个终端设备、管理终端通过网络信号连接,管理终端通过无线路由器将自身设置为管理员,管理终端上设有管理员账户,管理员账户包括权限模块、权限分配模块和权限判断模块,权限模块用于存储所有权限信息,权限分配模块用于分配并存储每个终端设备对应的权限信息,权限判断模块用于判断用户请求的更改路由器配置操作是否具有权限。A wireless router authorization management system includes a wireless router, a plurality of terminal devices, and a management terminal. The wireless router is connected to a plurality of terminal devices and management terminals through a network signal, and the management terminal sets itself as an administrator through a wireless router, and manages An administrator account is provided on the terminal. The administrator account includes a permission module, a rights assignment module, and a permission judgment module. The permission module is used to store all the rights information, and the rights allocation module is used to allocate and store the rights information corresponding to each terminal device. The judging module is configured to determine whether the changed router configuration operation requested by the user has permission.
优选的,所述管理员账户还包括登陆验证模块,用于用户登陆管理员账户的验证,提升管理员账户的安全等级。Preferably, the administrator account further includes a login verification module for verifying the login of the administrator account and improving the security level of the administrator account.
优选的,所述管理员账户还包括权限更新模块,用于对终端设备权限的再分配。Preferably, the administrator account further includes a rights update module for reallocating the rights of the terminal device.
优选的,所述登陆验证模块设有用户名和密码的输入项,通过用户名和密码登陆管理员账户,安全可靠。Preferably, the login verification module is provided with an input of a user name and a password, and is logged into the administrator account by using the username and password, which is safe and reliable.
优选的,所述终端设备包括厨卫电视、照明控制、安防报警、灌溉系统、门窗控制、室内气候、楼宇对讲中的多种,实现智能家居。Preferably, the terminal device comprises a plurality of kitchen and television, lighting control, security alarm, irrigation system, door and window control, indoor climate, and building intercom to realize smart home.
本发明无线路由器的授权管理方法及系统技术方案,其用户权限的分配由终端的管理员账户直接分配,对路由器的操作依据管理员账户的设定进行比对后再执行,授权管理方式更加灵活且快捷。 The authorization management method and system technical scheme of the wireless router of the present invention, the user authority assignment is directly allocated by the administrator account of the terminal, and the operation of the router is compared according to the setting of the administrator account, and the authorization management mode is more flexible. And fast.
附图说明DRAWINGS
图1是本发明实施例1的无线路由器的授权管理方法的流程图。1 is a flowchart of an authorization management method of a wireless router according to Embodiment 1 of the present invention.
图2是本发明实施例1的无线路由器的授权管理系统的结构图。2 is a structural diagram of an authorization management system of a wireless router according to Embodiment 1 of the present invention.
具体实施方式detailed description
下面通过具体实施例对本发明的技术方案作进一步描述说明。The technical solutions of the present invention are further described below through specific embodiments.
实施例1Example 1
针对现有技术中用户的权限分配是在路由器中,授权方式死板不灵活,本实施例提供了一种无线路由器的授权管理方法,包括以下步骤:The authorization of the user in the prior art is in the router, and the authorization mode is inflexible. This embodiment provides a method for authorizing the management of the wireless router, including the following steps:
S1,路由器上接入多个终端设备和一个管理终端,管理终端通过路由器将自身设置为管理员,路由器系统记录管理终端的MAC地址,MAC地址为路由器识别管理终端的标识;S1, the router accesses multiple terminal devices and one management terminal, the management terminal sets itself as an administrator through a router, the router system records the MAC address of the management terminal, and the MAC address is an identifier of the router identification management terminal;
MAC地址:所有联网的计算机都必须配置一块网卡,而我们使用的网卡上就有一串地址,这串地址就是MAC地址。MAC地址位于OSI模型中的第二层数据链路层,用来定义网络设备的位置,所以也称为硬件地址。MAC地址采用一串48位的二进制来标识网络上的每一台计算机。MAC地址具有唯一性,它是固定不变的,即每一块网卡的MAC地址是不可更改的,它是在网卡被生产时,厂家烧录制到ROM只读存储器中的,用户无需配置MAC地址,它是物理设备自带的。因此,本发明的每个终端设备的MAC地址是不同的,具有唯一性。MAC address: All networked computers must be configured with a network card, and the network card we use has a serial address, which is the MAC address. The MAC address is located in the second layer of the data link layer in the OSI model and is used to define the location of the network device, so it is also called the hardware address. The MAC address uses a string of 48 bits of binary to identify each computer on the network. The MAC address is unique. It is fixed. That is, the MAC address of each network card is unchangeable. When the network card is produced, the manufacturer burns it into the ROM read-only memory. The user does not need to configure the MAC address. It is built into the physical device. Therefore, the MAC address of each terminal device of the present invention is different and unique.
S2,路由器上的每个更改配置操作设置一权限管理,不同的更改配置操作对应不同的权限,并将权限命名为P1、P2、…、PN;S2, each change configuration operation on the router sets a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, ..., PN;
S3,管理员通过路由器汇总接入路由网络的所有终端设备,并在管理员工具上设定每个终端设备的权限;S3, the administrator summarizes all the terminal devices of the routing network through the router, and sets the permissions of each terminal device on the administrator tool;
S4,用户请求执行更改路由器配置的操作;S4, the user requests to perform an operation of changing the router configuration;
S5,路由器接收用户的操作请求,并根据MAC地址查找管理员账户中关于权限的分配。S5. The router receives the operation request of the user, and searches for the assignment of the authority in the administrator account according to the MAC address.
S6,判断终端设备是否具有相应的权限,若管理员账户的权限分配信息中含有终端设备相应的权限,路由器进行终端设备请求的操作;若管理员账户的权限分配信息中没有终端设备相应的权限,路由器拒绝终端设备的操作请求。S6: determining whether the terminal device has the corresponding authority. If the authority allocation information of the administrator account includes the corresponding authority of the terminal device, the router performs the operation requested by the terminal device; if the authority allocation information of the administrator account does not have the corresponding permission of the terminal device The router rejects the operation request of the terminal device.
本实施例将权限分配设于管理终端上,更改权限分配时不会更改路由器本身,操作更 加方便。In this embodiment, the authority allocation is set on the management terminal, and the router itself is not changed when the authority allocation is changed, and the operation is more Convenient.
实施例2Example 2
本实施例提供了一种无线路由器的授权管理系统,包括无线路由器、多个终端设备和一个管理终端,无线路由器与多个终端设备、管理终端通过网络信号连接,管理终端通过无线路由器将自身设置为管理员,管理终端上设有管理员账户,管理员账户包括权限模块、权限分配模块和权限判断模块,权限模块用于存储所有权限信息,权限分配模块用于分配并存储每个终端设备对应的权限信息,权限判断模块用于判断用户请求的更改路由器配置操作是否具有权限。The embodiment provides a wireless router authorization management system, including a wireless router, a plurality of terminal devices, and a management terminal. The wireless router is connected to multiple terminal devices and management terminals through network signals, and the management terminal sets itself through the wireless router. As an administrator, an administrator account is provided on the management terminal. The administrator account includes a permission module, a rights assignment module, and a permission judgment module. The permission module is used to store all the rights information, and the rights allocation module is used to allocate and store each terminal device. The permission information module is used to determine whether the user-requested change router configuration operation has permission.
采用本实施例技术方案,用户权限的分配由智能手机的管理员账户APP直接分配,权限的分配更加灵活,还能根据需要对权限的分配进行调整。With the technical solution of the embodiment, the allocation of user rights is directly allocated by the administrator account of the smart phone, the allocation of rights is more flexible, and the allocation of rights can be adjusted according to needs.
实施例3:Example 3:
如图1所示,本实施例的无线路由器的授权管理方法,具体包括以下步骤:As shown in FIG. 1, the authorization management method of the wireless router in this embodiment specifically includes the following steps:
S1,无线路由器上接入三个终端设备和一个管理终端,三个终端设备为安防报警设备、照明控制设备和电视机,管理终端为智能手机,智能手机、安防报警设备、照明控制设备和电视机均与路由器网络连接,智能手机通过路由器将自身设置为管理员,智能手机上安装有管理员账户APP,路由器系统记录智能手机的MAC地址,MAC地址为路由器识别智能手机的标识;S1, the wireless router accesses three terminal devices and one management terminal, the three terminal devices are security alarm devices, lighting control devices and televisions, and the management terminals are smart phones, smart phones, security alarm devices, lighting control devices and televisions. The machine is connected to the router network, the smart phone sets itself as an administrator through the router, and the administrator account APP is installed on the smart phone. The router system records the MAC address of the smart phone, and the MAC address is the identifier of the smart phone identified by the router;
S2,路由器上无线信道更改、网络速度设定、流量控制和IP分配的更改配置操作各设置一权限管理,不同的更改配置操作对应不同的权限,并依次将权限命名为P1、P2、P3和P4,即P1对应于无线信道更改的权限,P2对应于网络速度设定的权限,P3对应于流量控制的权限,P4对应于IP分配的权限;S2, the wireless channel change on the router, the network speed setting, the flow control, and the IP allocation change configuration operation each set a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, P3 and P4, that is, P1 corresponds to the authority of the wireless channel change, P2 corresponds to the authority of the network speed setting, P3 corresponds to the authority of the flow control, and P4 corresponds to the authority of the IP allocation;
S3,管理员通过无线路由器汇总接入路由网络的所有终端设备,并在管理员工具上设定每个终端设备的权限,每个终端设备能分配权限P1、P2、P3和P4中的一个或多个;S3, the administrator summarizes all the terminal devices of the routing network through the wireless router, and sets the permissions of each terminal device on the administrator tool, and each terminal device can assign one of the rights P1, P2, P3, and P4 or Multiple
S4,用户根据需求请求执行更改路由器配置的操作,路由器配置的更改可以控制终端设备的运行,如更改无线信道的权限P1;S4, the user requests to perform the operation of changing the configuration of the router according to the requirement, and the change of the configuration of the router can control the operation of the terminal device, such as changing the permission P1 of the wireless channel;
S5,路由器接收用户的操作请求,并根据MAC地址查找智能手机内的管理员账户APP中关于权限的分配信息,权限分配信息中记录了安防报警设备、照明控制设备和电视机各 自对应的权限,如下表所示:S5, the router receives the operation request of the user, and searches for the allocation information about the authority in the administrator account APP in the smart phone according to the MAC address, and the security alarm device, the lighting control device, and the television are recorded in the authority allocation information. The corresponding permissions are as shown in the following table:
终端设备Terminal Equipment 安防报警设备Security alarm equipment 照明控制设备Lighting control equipment 电视机TV set
权限Permission P1、P4P1, P4 P2、P3P2, P3 P1、P2、P3P1, P2, P3
S6,判断终端设备是否具有相应的权限,若用户通过安防报警设备或电视机请求修改路由器的无线信道,管理员账户APP的权限分配信息中存储有安防报警设备和电视机具有更改无线信道的权限P1,路由器进行更改无线信道请求的操作;若用户通过照明控制设备请求修改路由器的无线信道,管理员账户APP的权限分配信息中照明控制设备没有更改无线信道的权限P1,路由器拒绝更改无线信道请求的操作。S6: determining whether the terminal device has the corresponding authority. If the user requests to modify the wireless channel of the router through the security alarm device or the television, the security alarm device and the television have the permission to change the wireless channel in the authority allocation information of the administrator account APP. P1, the router performs an operation of changing the wireless channel request; if the user requests to modify the wireless channel of the router through the lighting control device, the lighting control device in the authority allocation information of the administrator account APP does not change the permission P1 of the wireless channel, and the router refuses to change the wireless channel request. Operation.
若用户通过安防报警设备请求路由器执行IP分配,管理员账户APP的权限分配信息中存储有安防报警设备具有IP分配的权限P4,路由器进行IP重新分配的操作;若用户通过照明控制设备或电视机请求路由器执行IP分配,管理员账户APP的权限分配信息中照明控制设备和电视机没有IP分配的权限P4,路由器拒绝重新分配IP请求的操作。If the user requests the router to perform IP assignment through the security alarm device, the authority allocation information of the administrator account APP stores the security alarm device having the IP allocation authority P4, and the router performs the IP reallocation operation; if the user passes the lighting control device or the television The router is requested to perform IP allocation, and the lighting control device and the television in the authority allocation information of the administrator account APP have no authority P4 for IP allocation, and the router refuses to re-allocate the IP request.
若用户通过安防报警设备请求路由器更改网络速度设定,管理员账户APP的权限分配信息中安防报警设备没有更改网络速度设定的权限P2,路由器拒绝网络速度设定的请求;若用户通过照明控制设备或电视机请求路由器更改网络速度设定,管理员账户APP的权限分配信息中存储有照明控制设备和电视机具有网络速度设定的权限P2,路由器进行网络速度设定的操作。If the user requests the router to change the network speed setting through the security alarm device, the security alarm device in the authority allocation information of the administrator account APP does not change the permission P2 of the network speed setting, and the router rejects the request for the network speed setting; if the user controls through the lighting The device or the television requests the router to change the network speed setting, and the authority allocation information of the administrator account APP stores the permission P2 of the lighting control device and the television having the network speed setting, and the router performs the network speed setting operation.
若用户通过安防报警设备请求路由器进行流量控制,管理员账户APP的权限分配信息中安防报警设备没有进行流量控制的权限P2,路由器拒绝流量控制的请求;若用户通过照明控制设备或电视机请求路由器进行流量控制,管理员账户APP的权限分配信息中存储有照明控制设备和电视机具有流量控制的权限P2,路由器进行流量控制的操作。If the user requests the router to perform flow control through the security alarm device, the security alarm device in the authority allocation information of the administrator account does not have the permission P2 for flow control, and the router rejects the request for flow control; if the user requests the router through the lighting control device or the television For flow control, the authority allocation information of the administrator account APP stores the permission control P2 of the lighting control device and the television having the flow control, and the router performs the flow control operation.
本实施例的无线路由器的授权管理方法将权限分配设于管理终端上,更改权限分配时不会更改路由器本身,操作方便。The authorization management method of the wireless router in this embodiment sets the authority assignment on the management terminal, and does not change the router itself when changing the rights assignment, and the operation is convenient.
如图2所示,本实施例基于无线路由器的授权管理方法提出了一个无线路由器的授权管理系统,该无线路由器的授权管理系统包括无线路由器、安防报警设备、照明控制设备、电视机和智能手机,无线路由器与安防报警设备、照明控制设备、电视机、智能手机均通过无线路由器提供的网络进行连接,智能手机通过无线路由器将自身设置为管理员,智能手机操作界面上设有管理员账户APP,管理员账户APP包括权限模块、权限分配模块和权限判断模块,权限模块用于存储所有权限信息,包括无线信道更改权限P1、网络速度设定 权限P2、流量控制权限P3和IP分配权限P4,权限分配模块用于分配并存储每个终端设备对应的权限信息,如上表所示,安防报警设备分配有无线信道更改权限P1和IP分配权限P4,照明控制设备分配有网络速度设定权限P2和流量控制权限P3,电视机分配有无线信道更改权限P1、网络速度设定权限P2和流量控制权限P3。As shown in FIG. 2, this embodiment proposes a wireless router authorization management system based on a wireless router authorization management method, and the wireless router authorization management system includes a wireless router, a security alarm device, a lighting control device, a television, and a smart phone. The wireless router and the security alarm device, the lighting control device, the television, and the smart phone are all connected through the network provided by the wireless router, the smart phone sets itself as the administrator through the wireless router, and the administrator account APP is provided on the smart phone operation interface. The administrator account APP includes a permission module, a rights assignment module, and a permission judgment module. The permission module is used to store all rights information, including a wireless channel change permission P1, and a network speed setting. Permission P2, flow control authority P3 and IP assignment authority P4, the authority assignment module is used to allocate and store the authority information corresponding to each terminal device. As shown in the above table, the security alarm device is assigned with the wireless channel change permission P1 and the IP assignment authority P4. The lighting control device is assigned with a network speed setting authority P2 and a flow control authority P3, and the television is assigned with a wireless channel changing authority P1, a network speed setting authority P2, and a flow control authority P3.
权限判断模块用于判断用户请求的更改路由器配置操作是否具有权限,即判断安防报警设备、照明控制设备和电视机是否具有无线信道更改权限P1、网络速度设定权限P2、流量控制权限P3和IP分配权限P4,无线路由器根据判断结果决定允许或拒绝用户请求。The authority judging module is configured to determine whether the user-requested change router configuration operation has authority, that is, whether the security alarm device, the lighting control device, and the television have wireless channel change permission P1, network speed setting authority P2, flow control authority P3, and IP. Assigning the right P4, the wireless router decides to allow or deny the user request according to the judgment result.
本实施例的无线路由器的授权管理方法及系统采用管理终端授权的方式,用户权限的分配由智能手机的管理员账户APP直接分配,对路由器的更改配置操作依据管理员账户APP的设定进行比对后再执行,授权管理方式灵活、快捷;权限分配设置在智能手机上,更改权限分配时不会影响路由器的正常运行。The authorization management method and system of the wireless router in this embodiment adopts a management terminal authorization mode, and the allocation of user rights is directly allocated by the administrator account APP of the smart phone, and the change configuration operation of the router is compared according to the setting of the administrator account APP. After the execution, the authorization management mode is flexible and fast; the rights allocation is set on the smart phone, and changing the permission allocation does not affect the normal operation of the router.
实施例4:Example 4:
本实施例与实施例3的不同之处在于:路由器识别管理终端的标识还包括指纹、用户名和密码,提升管理终端设别的安全等级,随着网络信息的不断发展,信息安全不可忽视,在MAC地址为路由器识别智能手机的标识的基础上,增加指纹、用户名和密码的认证,增加无线路由器授权管理的安全性。其它授权管理的方法及系统参照实施例5。The difference between the embodiment and the embodiment 3 is that the identifier of the router identification management terminal further includes a fingerprint, a user name and a password, and the security level of the management terminal is upgraded. With the continuous development of the network information, the information security cannot be ignored. The MAC address is based on the identification of the smart phone by the router, and the authentication of the fingerprint, the user name and the password is added, and the security of the wireless router authorization management is increased. Refer to Embodiment 5 for other methods and systems for authorization management.
实施例5:Example 5:
本实施例与实施例5的不同之处在于:权限分配通过智能手机的权限分配界面操作完成,权限分配界面可由管理员账户APP打开,权限分配界面包含所有的权限信息,并以列表式排布在权限分配界面上,对权限分配界面上权限进行勾选,选择一个或多个权限赋予终端设备相应的权限,权限的选择非常方便,有利于终端设备快速进行权限的更改。其它授权管理的方法及系统参照实施例3。The difference between this embodiment and the embodiment 5 is that the rights allocation is completed by the authority allocation interface of the smart phone, and the rights allocation interface can be opened by the administrator account APP, and the rights allocation interface includes all the rights information, and is arranged in a list. On the rights assignment interface, check the permissions on the rights assignment interface, and select one or more permissions to give the terminal devices the corresponding permissions. The permission selection is very convenient, which is beneficial to the terminal device to quickly change the permissions. Refer to Embodiment 3 for other methods and systems for authorization management.
实施例6:Example 6
本实施例与实施例3的不同之处在于:管理员账户还包括登陆验证模块,用于用户登陆管理员账户的验证,提升管理员账户的安全等级,登陆验证模块设有用户名和密码的输入项,用户输入正确的用户名和密码,成功验证后登陆管理员账户APP,安全可靠,增加 无线路由器授权管理的安全性,其它授权管理的方法及系统参照实施例3。The difference between the embodiment and the embodiment 3 is that the administrator account further includes a login verification module, which is used for verifying the login of the administrator account, improving the security level of the administrator account, and the login verification module is provided with the input of the user name and password. Item, the user enters the correct username and password, and successfully logs in to the administrator account after verification, which is safe and reliable. For security of wireless router authorization management, refer to Embodiment 3 for other methods and systems for authorization management.
实施例7:Example 7
本实施例与实施例3的不同之处在于:管理员账户还包括权限更新模块,用于对终端设备权限的再分配,用户可根据需求的变换更新终端设备的权限,能使终端设备不同时间具有不同的权限,适应性好。其它授权管理的方法及系统参照实施例3。The difference between the embodiment and the embodiment 3 is that the administrator account further includes a rights update module, which is used for reallocating the rights of the terminal device, and the user can update the rights of the terminal device according to the required change, so that the terminal device can be used at different times. Have different permissions and adaptability. Refer to Embodiment 3 for other methods and systems for authorization management.
实施例8:Example 8
本实施例与实施例3的不同之处在于:终端设备还包括灌溉系统、门窗控制设备、室内气候设备和楼宇对讲设备,管理终端替换为车载电脑,车载电脑通过移动通信与无线路由器连接,所有的终端设备通过无线路由器提供的网络与无线路由器连接,路由器配置更改的操作权限还包括网络开关定时设定权限P5、…、PN,各终端设备分配的权限信息如下表:The difference between the embodiment and the embodiment 3 is that the terminal device further includes an irrigation system, a door and window control device, an indoor climate device and a building intercom device, and the management terminal is replaced with an onboard computer, and the onboard computer is connected to the wireless router through mobile communication. All terminal devices are connected to the wireless router through the network provided by the wireless router. The operation rights of the router configuration change include the network switch timing setting permissions P5, ..., PN, and the rights information assigned by each terminal device is as follows:
终端设备Terminal Equipment 安防报警设备Security alarm equipment 照明控制设备Lighting control equipment 电视机TV set 灌溉系统Irrigation system
权限Permission P1P1 P1、P3P1, P3 P2、P4P2, P4 P5P5
终端设备Terminal Equipment 门窗控制设备Door and window control equipment 室内气候设备Indoor climate equipment 楼宇对讲设备Building intercom equipment 车载电脑Car computer
权限Permission P2、P5P2, P5 P1、P2、P4、P5P1, P2, P4, P5 P1、P2、P4P1, P2, P4 P1、P2、…、PNP1, P2, ..., PN
从实际操作情况看,车载电脑作为管理终端,具有路由器配置更改的所有权限P1、P2、…、PN,下面只对灌溉系统作简要的介绍:若用户通过灌溉系统请求路由器进行网络开关定时设定,管理员账户的权限分配信息中存储有灌溉系统具有网络开关定时设定的权限P2,路由器进行网络开关定时设定的操作。其它授权管理的方法及系统参照实施例3。From the actual operation situation, the on-board computer as the management terminal has all the permissions P1, P2, ..., PN of the router configuration change. The following is only a brief introduction to the irrigation system: if the user requests the router to perform network switch timing setting through the irrigation system The authority allocation information of the administrator account stores the authority P2 of the irrigation system having the network switch timing setting, and the router performs the operation of setting the network switch timing. Refer to Embodiment 3 for other methods and systems for authorization management.
实施例9:Example 9
本实施例与实施例3的不同之处在于:无线路由器上设有指示模块,指示模块与权限判断模块信号连接,指示模块用于指示请求的用户是否具有相应的权限,指示模块由系统指示灯显示。若请求的用户具有权限,则系统指示灯显示绿色;若请求的用户具有权限,则系统指示灯显示红色。通过系统指示灯判断请求的用户是否有权限更改路由器配置,判断过程及结果清晰明了,给操作人员直观的感受。其它授权管理的方法及系统参照实施例3。 The difference between the embodiment and the embodiment 3 is that the wireless router is provided with an indication module, the indication module is connected with the authority judgment module signal, and the indication module is configured to indicate whether the requested user has the corresponding authority, and the indicator module is indicated by the system indicator. display. If the requested user has permission, the system indicator is green; if the requested user has permission, the system indicator is red. The system indicator determines whether the requested user has the right to change the router configuration. The judgment process and the result are clear and clear, giving the operator an intuitive feeling. Refer to Embodiment 3 for other methods and systems for authorization management.
本发明与现有技术相比,有益效果是:Compared with the prior art, the invention has the following beneficial effects:
本发明的无线路由器的授权管理方法及系统采用管理终端授权的方式,用户权限的分配由管理终端的管理员账户直接分配,对路由器的更改配置操作依据管理员账户的设定进行比对后再执行,授权管理方式灵活、快捷;权限分配设置在管理终端上,更改权限分配时不会更改路由器本身。The authorization management method and system of the wireless router of the present invention adopts a management terminal authorization mode, and the allocation of user rights is directly allocated by the administrator account of the management terminal, and the change configuration operation of the router is compared according to the setting of the administrator account. Execution, the authorization management mode is flexible and fast; the authority assignment is set on the management terminal, and the router itself is not changed when the authority assignment is changed.
以上对本发明的优选实施例及原理进行了详细说明,对本领域的普通技术人员而言,依据本发明提供的思想,在具体实施方式上会有改变之处,而这些改变也应视为本发明的保护范围。 The preferred embodiments and principles of the present invention have been described in detail above, and those skilled in the art will be able to change the embodiments in accordance with the embodiments of the present invention. The scope of protection.

Claims (10)

  1. 一种无线路由器的授权管理方法,其特征在于,包括以下步骤:A method for authorizing management of a wireless router, comprising the steps of:
    S1,路由器接入多个终端设备、管理终端,管理终端通过路由器将自身设置为管理员,路由器系统记录管理终端的MAC地址,MAC地址为路由器识别管理终端的标识;S1, the router accesses multiple terminal devices and management terminals, and the management terminal sets itself as an administrator through a router, and the router system records the MAC address of the management terminal, and the MAC address is an identifier of the router identification management terminal;
    S2,路由器的每个更改配置操作设置一权限管理,不同的更改配置操作对应不同的权限,并将权限命名为P1、P2、…、PN;S2, each change configuration operation of the router sets a rights management, different change configuration operations correspond to different rights, and the rights are named P1, P2, ..., PN;
    S3,管理员通过路由器汇总接入路由网络的所有终端设备,并在管理员工具上设定每个终端设备的权限;S3, the administrator summarizes all the terminal devices of the routing network through the router, and sets the permissions of each terminal device on the administrator tool;
    S4,请求执行更改路由器配置的操作;S4, requesting to perform an operation of changing a router configuration;
    S5,路由器接收步骤S4的操作请求,并根据MAC地址查找管理员账户中关于权限的分配;S5. The router receives the operation request of step S4, and searches for an assignment of the authority in the administrator account according to the MAC address.
    S6,判断终端设备是否具有相应的权限,若管理员账户的权限分配信息中含有终端设备相应的权限,路由器进行终端设备请求的操作;若管理员账户的权限分配信息中没有终端设备相应的权限,路由器拒绝终端设备的操作请求。S6: determining whether the terminal device has the corresponding authority. If the authority allocation information of the administrator account includes the corresponding authority of the terminal device, the router performs the operation requested by the terminal device; if the authority allocation information of the administrator account does not have the corresponding permission of the terminal device The router rejects the operation request of the terminal device.
  2. 根据权利要求1所述的路由器的授权管理方法,其特征在于,所述路由器的更改配置操作包括无线信道更改、网络速度设定、流量控制、IP分配。The authorization management method for a router according to claim 1, wherein the change configuration operation of the router comprises wireless channel change, network speed setting, flow control, and IP allocation.
  3. 根据权利要求1所述的路由器的授权管理方法,其特征在于,所述终端设备分配一个或多个权限。The authorization management method for a router according to claim 1, wherein the terminal device allocates one or more rights.
  4. 根据权利要求1或3所述的路由器的授权管理方法,其特征在于,所述权限分配通过权限分配界面操作完成,权限分配界面由管理终端提供,权限分配界面包含所有的权限信息,勾选权限分配界面上的一个或多个权限赋予终端设备相应的权限。The authorization management method for a router according to claim 1 or 3, wherein the authority assignment is completed through a rights assignment interface, the rights assignment interface is provided by the management terminal, and the rights assignment interface includes all rights information, and the permission is selected. One or more permissions on the assignment interface give the terminal device the appropriate permissions.
  5. 根据权利要求1所述的路由器的授权管理方法,其特征在于,所述管理终端为手机或电脑。The authorization management method for a router according to claim 1, wherein the management terminal is a mobile phone or a computer.
  6. 根据权利要求1或5所述的路由器的授权管理方法,其特征在于,所述路由器识别管理终端的标识还包括指纹、用户名、密码。The authorization management method of the router according to claim 1 or 5, wherein the identifier of the router identification management terminal further includes a fingerprint, a username, and a password.
  7. 一种无线路由器的授权管理系统,包括无线路由器、多个终端设备、管理终端,其特征在于,无线路由器与多个终端设备、管理终端通过网络连接,管理终端通过无线路由器将自身设置为管理员,管理终端设有管理员账户,管理员账户包括权限模块、权限分配模块和权限判断模块,权限模块用于存储所有权限信息,权限分配模块用于分配并存储每个终端设备对应的权限信息,权限判断模块用于判断请求的更改路由器配置操作是否具有 权限。An authorization management system for a wireless router includes a wireless router, a plurality of terminal devices, and a management terminal, wherein the wireless router is connected to a plurality of terminal devices and management terminals through a network, and the management terminal sets itself as an administrator through the wireless router. The management terminal has an administrator account, and the administrator account includes a permission module, a rights assignment module, and a permission judgment module. The permission module is configured to store all the permission information, and the authority allocation module is configured to allocate and store the permission information corresponding to each terminal device. The permission judging module is configured to judge whether the requested change router configuration operation has Permissions.
  8. 根据权利要求7所述的路由器的授权管理系统,其特征在于,所述终端设备包括厨卫电视、照明控制、安防报警、灌溉系统、门窗控制、室内气候、楼宇对讲中的一种或多种。The authorization management system for a router according to claim 7, wherein the terminal device comprises one or more of a kitchen television, a lighting control, a security alarm, an irrigation system, a door and window control, an indoor climate, and a building intercom. Kind.
  9. 根据权利要求7所述的路由器的授权管理系统,其特征在于,所述管理员账户还包括登陆验证模块,用于登陆管理员账户的验证。The authorization management system for a router according to claim 7, wherein the administrator account further comprises a login verification module for logging in the verification of the administrator account.
  10. 根据权利要求9所述的路由器的授权管理系统,其特征在于,所述登陆验证模块设有用户名和密码的输入项。 The authorization management system for a router according to claim 9, wherein the login verification module is provided with an input of a username and a password.
PCT/CN2017/085100 2016-09-30 2017-05-19 Authorization management method and system of wireless router WO2018058976A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610874453.6 2016-09-30
CN201610874453.6A CN106412896A (en) 2016-09-30 2016-09-30 Authorization management method and system of wireless router

Publications (1)

Publication Number Publication Date
WO2018058976A1 true WO2018058976A1 (en) 2018-04-05

Family

ID=59228132

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/085100 WO2018058976A1 (en) 2016-09-30 2017-05-19 Authorization management method and system of wireless router

Country Status (2)

Country Link
CN (1) CN106412896A (en)
WO (1) WO2018058976A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132372A (en) * 2021-04-13 2021-07-16 深圳市奇虎智能科技有限公司 Security monitoring method and system for networking equipment of router, storage medium and computer equipment

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106412896A (en) * 2016-09-30 2017-02-15 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router
CN107592301A (en) * 2017-08-16 2018-01-16 珠海格力电器股份有限公司 Equipment control power assignment method, device, storage medium and server
CN107360043A (en) * 2017-08-25 2017-11-17 中国联合网络通信集团有限公司 A kind of method and device that forwarding unit configuration information is changed in SDN
CN107612742A (en) * 2017-10-09 2018-01-19 郑州云海信息技术有限公司 A kind of method of routing device configurating terminal fingerprint
CN108429691B (en) * 2018-02-02 2020-12-25 温州大学瓯江学院 Interactive wireless router
CN108989247B (en) * 2018-08-28 2022-03-18 北京小米移动软件有限公司 Network speed distribution method and device
CN109283901A (en) * 2018-09-21 2019-01-29 深圳市二八智能家居有限公司 Integrated smart home system
CN109361695B (en) * 2018-11-28 2021-11-19 深圳市万网博通科技有限公司 Method and device for authorizing network access, computer equipment and storage medium
CN109445300B (en) * 2018-12-28 2022-01-04 江苏惠通集团有限责任公司 Intelligent home control method and intelligent home system
CN109831685B (en) * 2019-01-23 2021-10-08 广州中国科学院沈阳自动化研究所分所 Networked comprehensive digital display system for ship and terminal user authority management method
CN110048864B (en) * 2019-03-22 2022-03-15 北京众纳鑫海网络技术有限公司 Method and apparatus for authenticating an administrator of a device-specific message group
CA3132996A1 (en) 2019-04-08 2020-10-15 Arris Enterprises Llc Parental control based upon detection of mobile device
CN112071044A (en) * 2020-09-02 2020-12-11 潘传迪 Hospital alarm management system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398323B1 (en) * 2001-09-19 2008-07-08 Juniper Networks, Inc. Configuring a network router
CN104283745A (en) * 2014-09-12 2015-01-14 小米科技有限责任公司 Method, device and system for controlling intelligent household equipment
CN104935572A (en) * 2015-04-24 2015-09-23 普联技术有限公司 Multilevel privilege management method and device
CN105357123A (en) * 2015-11-30 2016-02-24 上海斐讯数据通信技术有限公司 Authority management method and system for router and router
CN105791063A (en) * 2016-03-24 2016-07-20 青岛海信电器股份有限公司 Method and device for controlling intelligent household appliance
CN106412896A (en) * 2016-09-30 2017-02-15 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739623B (en) * 2011-04-15 2014-12-31 华为终端有限公司 Authorization method and terminal device
CN104469762A (en) * 2013-09-12 2015-03-25 西安龙飞网络科技有限公司 User grading control system of 3G/WIFI wireless router
CN105357168B (en) * 2014-08-19 2019-02-01 酷派软件技术(深圳)有限公司 A kind of equipment access authority distribution method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398323B1 (en) * 2001-09-19 2008-07-08 Juniper Networks, Inc. Configuring a network router
CN104283745A (en) * 2014-09-12 2015-01-14 小米科技有限责任公司 Method, device and system for controlling intelligent household equipment
CN104935572A (en) * 2015-04-24 2015-09-23 普联技术有限公司 Multilevel privilege management method and device
CN105357123A (en) * 2015-11-30 2016-02-24 上海斐讯数据通信技术有限公司 Authority management method and system for router and router
CN105791063A (en) * 2016-03-24 2016-07-20 青岛海信电器股份有限公司 Method and device for controlling intelligent household appliance
CN106412896A (en) * 2016-09-30 2017-02-15 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132372A (en) * 2021-04-13 2021-07-16 深圳市奇虎智能科技有限公司 Security monitoring method and system for networking equipment of router, storage medium and computer equipment

Also Published As

Publication number Publication date
CN106412896A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
WO2018058976A1 (en) Authorization management method and system of wireless router
US20150223068A1 (en) Methods, devices and systems for dynamic network access administration
US11399283B2 (en) Tenant service set identifiers (SSIDs)
US20140127994A1 (en) Policy-based resource access via nfc
US11184767B2 (en) Methods and systems for automatically connecting to a network
CN112956219A (en) Subnet-based device allocation with geofence authentication
US9438683B2 (en) Router-host logging
WO2017024791A1 (en) Authorization processing method and device
US20110239276A1 (en) Method and system for controlling context-based wireless access to secured network resources
US20180176780A1 (en) Using power-line networks to facilitate network access
US20080133719A1 (en) System and method of changing a network designation in response to data received from a device
US20060112269A1 (en) Level-specific authentication system and method in home network
KR20080095856A (en) Authorization scheme to simplify security configurations
WO2009105950A1 (en) User managing method and apparatus
US12003506B2 (en) Biometrics based access controls for network features
US20090157880A1 (en) Management system for quality of service in home network
CN104378456A (en) Allocation optimization method for IP addresses in local area network
CN104244243A (en) Terminal peripheral control method, machine-to-machine (M2M) gateway and communication system
CN106059802A (en) Terminal access authentication method and device
US11716251B2 (en) Communication system, provider node, communication node, and method for providing a virtual network function to a customer node
EP3769553B1 (en) Method and system for authorising the communication of a network node
WO2021134562A1 (en) Configuration device replacement method and apparatus, device, and storage medium
CN116566764A (en) Configuration method and device for accessing virtual private network
US20160371971A1 (en) Process and Schematic for Operating Electronic Devices By Remote Control and for Collecting, Utilising, and Transmitting the Operating Parameters of Such Devices for the Purposes of Analysis
CN105451225A (en) An access authentication method and an access authentication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17854432

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17854432

Country of ref document: EP

Kind code of ref document: A1