CN103731425B - Network wireless terminal connection control method and system - Google Patents
Network wireless terminal connection control method and system Download PDFInfo
- Publication number
- CN103731425B CN103731425B CN201310751640.1A CN201310751640A CN103731425B CN 103731425 B CN103731425 B CN 103731425B CN 201310751640 A CN201310751640 A CN 201310751640A CN 103731425 B CN103731425 B CN 103731425B
- Authority
- CN
- China
- Prior art keywords
- wireless terminal
- ssid
- reception device
- binding
- radio reception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses the method and system of a kind of network wireless terminal binding isolation Access Control, including: wireless terminal selects SSID to access wlan network, radio reception device initiates aaa authentication, aaa server can check that wireless terminal MAC has bound this SSID, if bound, then allowing user access and access Internet resources, if binding other SSID, not allowing this user to access.If this SSID of this user's first connection, then user MAC and this SSID is bound and preserves, it is allowed to user accesses and accesses Internet resources.The present invention to wireless terminal and needs the SSID accessed to carry out binding isolation by aaa authentication server, so that wireless terminal only has access the network accessed for the first time, it is achieved that isolation, improves the security of network.
Description
Technical field
The invention belongs to communication technical field, the design of the method and system of a kind of network wireless terminal binding isolation Access Control.
Background technology
Along with developing rapidly of computer technology, information network has become as the important guarantee of social development, there are many sensitive information, even state secret, so can attract from various artificial attack all over the world unavoidably, such as leakage of information, information stealth, data tampering, data delete add, computer virus etc., meanwhile, network entity also suffers the test of the aspects such as such as floods, fire, earthquake, electromagnetic radiation.
Traditional network insertion can arbitrarily be linked into the network of zones of different by Network Access Point, but so the security of network can be caused huge threat, not wireless terminal through certification is made arbitrarily to be linked in network, cause the network information to reveal, and easily cause networking safeguard, management cost be greatly increased.
Summary of the invention
The technical problem to be solved is to propose a kind of network wireless terminal connection control method and system for the highest defect of security when overcoming network wireless terminal in prior art to access.
The present invention solves its technical problem and the technical scheme is that network wireless terminal connection control method, comprises the steps:
After A, wireless terminal select service set SSID, the radio reception device being linked in wlan network;
After B, described radio reception device receive the essential information of described wireless terminal, it is linked into aaa authentication server by aaa protocol;
C, aaa server check whether described wireless terminal MAC has been bound to the SSID of described selection, in this way, then enter aaa authentication flow process;Otherwise checking whether user binds other SSID, if binding other SSID, then refusal user accesses;If not binding other SSID, then the SSID of user MAC with described selection is bound and preserves, enter aaa authentication flow process.
Further, in described step B, before described radio reception device receives the essential information of described wireless terminal, also including that described wireless terminal sends access request information to described radio reception device, described radio reception device is replied described wireless terminal one and is accepted solicited message after receiving access request information.
Further, in described step B, described radio reception device receives the essential information of described wireless terminal and includes the user profile of wireless terminal, the essential information of SSID and the MAC Address of described wireless terminal.
Further, in described step C, do not bind when aaa server checks the SSID of described wireless terminal and described selection, and there is no the binding record with other SSID yet, then need the SSID by described wireless terminal with described selection to bind, and the binding relationship of described wireless terminal Yu the SSID of described selection is stored in database.
Present invention also offers a kind of network wireless terminal binding isolation access control system, including: the radio reception device of wlan network, wireless terminal to be accessed and aaa authentication server,
Described wireless terminal to be accessed is used for, and according to after service set SSID that selection needs, request accesses corresponding wlan network;
The radio reception device of described wlan network, after the essential information receiving described wireless terminal, is linked into the binding module of aaa authentication server by aaa protocol;
Described aaa authentication server includes binding module, and the binding module of described aaa authentication server, for checking whether described wireless terminal MAC has been bound to the SSID of described selection, in this way, then enters aaa authentication flow process;Otherwise checking whether user binds other SSID, if binding other SSID, then refusal user accesses;If not binding other SSID, then the SSID of user MAC with described selection is bound and preserves, enter aaa authentication flow process.
Further, described radio reception device is additionally operable to, and before receiving the essential information of described wireless terminal, after receiving the access request information that wireless terminal sends, replys described wireless terminal one and accepts solicited message.
Further, the essential information of the described wireless terminal of described radio reception device reception includes the user profile of wireless terminal, the essential information of SSID and the MAC Address of described wireless terminal.
Further, the binding module of described aaa authentication server is additionally operable to, do not bind when checking the described wireless terminal SSID with described selection, and there is no the binding record with other SSID yet, then need the SSID by described wireless terminal with described selection to bind, and the binding relationship of described wireless terminal Yu the SSID of described selection is stored in database.
Beneficial effects of the present invention: the method and system of inventive network wireless terminal Access Control, to wireless terminal and the SSID accessed is needed to bind by aaa authentication server, and binding information is stored in database, then the proof procedure bound is carried out, the network that wireless terminal accesses for the first time is remembered, when upper once wireless terminal accesses, only need to call the relation information of storage in database, so that wireless terminal only has access the network accessed for the first time, i.e. achieve binding isolation, improve the security of network, reduce network administration cost.
Accompanying drawing explanation
Fig. 1 show the FB(flow block) of the method for the network wireless terminal binding isolation Access Control of the embodiment of the present invention;
Fig. 2 show the structural representation of the system of the network wireless terminal binding isolation Access Control of the embodiment of the present invention.
Detailed description of the invention
The invention will be further elaborated with specific embodiment below in conjunction with the accompanying drawings.
Being illustrated in figure 1 the FB(flow block) of method of the network wireless terminal binding isolation Access Control of the embodiment of the present invention, it specifically includes following steps:
A, arranging WLAN WLAN, be placed in WLAN by the wireless terminal of network to be accessed, wireless terminal selects service set SSID(Service Set Identifier, service set) after, the radio reception device being linked in wlan network;
After B, described radio reception device receive the essential information of described wireless terminal, it is linked into aaa authentication server by aaa protocol;
C, aaa server check whether described wireless terminal MAC has been bound to the SSID of described selection, in this way, then enter aaa authentication flow process;Otherwise checking whether user binds other SSID, if binding other SSID, then refusal user accesses;If not binding other SSID, then the SSID of user MAC with described selection is bound and preserves, enter aaa authentication flow process.
The present invention is bound by the SSID accessing wireless terminal and needs, achieve wireless terminal when upper once wireless terminal accesses, only need to call the relation information of storage in database, so that wireless terminal only has access the network accessed for the first time, i.e. achieve binding isolation, improve the security of network, reduce network administration cost.In the present invention, the wireless terminal of described network to be accessed may is that smart mobile phone, panel computer, PC, IPTV wireless terminal etc., and described access device can use in actual applications: Ethernet switch, WAP, Radio Access Controller etc..
Wherein, the aaa protocol in described step B can be radius agreement, and corresponding aaa authentication server is also adopted by radius server, is certainly modified also dependent on actual conditions, uses Diameter or other agreements.
Radio reception device in described step B includes wireless access point AP and wireless controller AC, first request access information is sent by described wireless terminal to described AP, described AP replys described wireless terminal one after receiving request access information and accepts solicited message, then the essential information of described wireless terminal is received by described AP, and essential information is transmitted to AC, after being received essential information by AC, the binding module of aaa authentication server it is linked into by aaa protocol, described essential information can include the user profile of wireless terminal, the essential information of SSID and the essential information etc. of described wireless terminal;
Whether the binding module of described aaa server judges described wireless terminal and needs the SSID accessed is to access for the first time, if accessing for the first time, then need user profile is verified, described wireless terminal is stored in database with the binding relationship needing the SSID accessed, then the relation information of binding is sent to the binding validatation module of aaa authentication server;If not accessing for the first time, then checking whether user binds other SSID, if binding other SSID, then refusal user accesses;From database, find out described wireless terminal and need the relation information bound of SSID that accesses, and described relation information is forwarded to aaa authentication server carries out aaa authentication.
Wherein, aaa authentication server carries out binding validatation when carrying out user authentication to some additional informations, to reach higher control purpose, such as: after certification, checks the network whether user accesses from the AP specified, if not then refusing to access.Binding module is then to user by additional information configuration association, can be manual setting, it is also possible to automatically arranged by system.
Described AP and described AC sets up tunnel by capwap agreement, and by the capwap tunnel set up, essential information is transmitted to AC.
In order to skilled artisans appreciate that and implement technical solution of the present invention, below by specific embodiment, the method for inventive network wireless terminal binding isolation Access Control is described in detail, specifically comprises the following steps that
1, user opens wlan network on a wireless terminal, finds the SSID needing to access;
2, enter the SSID needing to access, input account and password, connect network;
3, the access point AP of wireless terminal IP meeting finding nearby, and send, to AP, the information that request accesses, after AP receives solicited message, return the information of acceptance request to wireless terminal;
4, wireless terminal is sent to AP essential informations such as user profile, SSID, wireless terminals;
5, access point AP and wireless controller AC sets up tunnel by capwap agreement, and essential information is transmitted to AC by tunnel by AP, after AC receives information, is all transmitted to aaa authentication server by radius agreement;
6, after aaa authentication server receives information, the binding module that first information can be issued inside is verified, if accessing for the first time, then after verifying user identity, the binding relationship of wireless terminal Yu SSID is stored in database, result is issued binding validatation module the most again;If not accessing for the first time, then checking whether user binds other SSID, if binding other SSID, then refusal user accesses;
7, after binding validatation module receives information, can judge whether the wireless terminal MAC accessed is integrated into the network specified, such as Intranet or outer net, if accessing correct situation, then can authorize and allow to access, the most not allow to access;The wireless terminal being successfully accessed can only be linked into the network specified and conduct interviews by this SSID.
Meanwhile, present invention also offers a kind of network wireless terminal access control system, be illustrated in figure 2 the structural representation of present system, including: the radio reception device of wlan network, wireless terminal to be accessed and aaa authentication server.
Described wireless terminal to be accessed is used for, and according to after service set SSID that selection needs, request accesses corresponding wlan network;The radio reception device of described wlan network, after the essential information receiving described wireless terminal, is linked into the binding module of aaa authentication server by aaa protocol;Described aaa authentication server includes binding module, and the binding module of described aaa authentication server, for checking whether described wireless terminal MAC has been bound to the SSID of described selection, in this way, then enters aaa authentication flow process;Otherwise checking whether user binds other SSID, if binding other SSID, then refusal user accesses;If not binding other SSID, then the SSID of user MAC with described selection is bound and preserves, enter aaa authentication flow process.
Those of ordinary skill in the art is it will be appreciated that embodiment described here is to aid in the principle of the reader understanding present invention, it should be understood that protection scope of the present invention is not limited to such special statement and embodiment.Those of ordinary skill in the art can make various other various concrete deformation and combination without departing from essence of the present invention according to these technology disclosed by the invention enlightenment, and these deformation and combination are the most within the scope of the present invention.
Claims (6)
1. network wireless terminal connection control method, it is characterised in that comprise the steps:
After A, wireless terminal select service set SSID, the radio reception device being linked in wlan network;
After B, described radio reception device receive the essential information of described wireless terminal, it is linked into AAA by aaa protocol
Certificate server;
C, aaa server check whether described wireless terminal MAC has been bound to the SSID of described selection, in this way, then enter
Enter aaa authentication flow process;Otherwise checking whether user binds other SSID, if binding other SSID, then refusal user accesses;
If not binding other SSID, then the SSID of user MAC with described selection is bound and preserves, enter aaa authentication flow process.
2. the method for claim 1, it is characterised in that in described step B, receives at described radio reception device
Before the essential information of described wireless terminal, also include that described wireless terminal sends access request information to described radio reception device,
Described radio reception device is replied described wireless terminal one and is accepted solicited message after receiving access request information.
3. the method for claim 1, it is characterised in that in described step B, described radio reception device receives institute
The essential information stating wireless terminal includes the user profile of wireless terminal, the essential information of SSID and described wireless terminal
MAC Address.
4. network wireless terminal access control system, it is characterised in that including: the radio reception device of wlan network, treat
The wireless terminal accessed and aaa authentication server,
Described wireless terminal to be accessed is after service set SSID needed according to selection, and request accesses corresponding WLAN
Network;
The radio reception device of described wlan network, after the essential information receiving described wireless terminal, passes through AAA
Agreement is linked into the binding module of aaa authentication server;
Described aaa authentication server includes that binding module, the binding module of described aaa authentication server are used for checking described nothing
Whether line terminal MAC has been bound to the SSID of described selection, in this way, then enters aaa authentication flow process;Otherwise check use
Whether family binds other SSID, if binding other SSID, then refusal user accesses;If not binding other SSID, then will use
Family MAC binds with the SSID of described selection and preserves, and enters aaa authentication flow process.
5. system as claimed in claim 4, it is characterised in that described radio reception device is additionally operable to, and receives described wireless end
Before the essential information of end, after receiving the access request information that wireless terminal sends, reply described wireless terminal one and accept to ask
Seek information.
6. system as claimed in claim 4, it is characterised in that described radio reception device receives the basic of described wireless terminal
Information includes the user profile of wireless terminal, the essential information of SSID and the MAC Address of described wireless terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751640.1A CN103731425B (en) | 2013-12-31 | 2013-12-31 | Network wireless terminal connection control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751640.1A CN103731425B (en) | 2013-12-31 | 2013-12-31 | Network wireless terminal connection control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103731425A CN103731425A (en) | 2014-04-16 |
| CN103731425B true CN103731425B (en) | 2016-08-24 |
Family
ID=50455352
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310751640.1A Active CN103731425B (en) | 2013-12-31 | 2013-12-31 | Network wireless terminal connection control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103731425B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681352B (en) * | 2016-03-21 | 2019-03-19 | 深圳融腾科技有限公司 | A kind of wireless network access safety management-control method and system |
| CN107395785B (en) * | 2017-08-07 | 2020-09-18 | 福州市协成智慧科技有限公司 | Method and device for acquiring real address of network equipment |
| CN112202799B (en) * | 2020-10-10 | 2022-05-10 | 杭州盈高科技有限公司 | Authentication system and method for realizing binding of user and/or terminal and SSID |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1842000A (en) * | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for realizing access authentication of WLAN |
| CN101895875A (en) * | 2010-07-29 | 2010-11-24 | 杭州华三通信技术有限公司 | Method and system of using gateway device to provide differentiated services in wireless network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060104224A1 (en) * | 2004-10-13 | 2006-05-18 | Gurminder Singh | Wireless access point with fingerprint authentication |
-
2013
- 2013-12-31 CN CN201310751640.1A patent/CN103731425B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1842000A (en) * | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for realizing access authentication of WLAN |
| CN101895875A (en) * | 2010-07-29 | 2010-11-24 | 杭州华三通信技术有限公司 | Method and system of using gateway device to provide differentiated services in wireless network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103731425A (en) | 2014-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11329982B2 (en) | Managing internet of things devices using blockchain operations | |
| CN102204307B (en) | WLAN authentication method based on MAC address and device thereof | |
| CN102843682B (en) | Access point authorizing method, device and system | |
| US9787683B2 (en) | Seamless wi-fi subscription remediation | |
| US20200213857A1 (en) | Protecting a telecommunications network using network components as blockchain nodes | |
| CN105282868B (en) | System and method for WiFi network to be temporarily added | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| DK2924944T3 (en) | Presence authentication | |
| CN110476397B (en) | User authentication method and device | |
| CN110266642A (en) | Identity identifying method and server, electronic equipment | |
| CN104735027B (en) | A kind of safety certifying method and authentication server | |
| CN103874065A (en) | Method and device for judging user position abnormity | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| CN104158824A (en) | Method and system of network real name authentication | |
| CN101711022A (en) | Wireless local area network (WLAN) access terminal, WLAN authentication server and WLAN authentication method | |
| CN204376941U (en) | Outer net middleware, Intranet middleware and middleware system | |
| KR20190014719A (en) | System for controlling admission and the method thereof | |
| CN105392137A (en) | Household WIFI embezzlement preventing method, wireless router and terminal equipment | |
| CN106304264A (en) | A kind of wireless network access method and device | |
| CN105357224B (en) | A kind of registration of intelligent domestic gateway, removing method and system | |
| CN103731425B (en) | Network wireless terminal connection control method and system | |
| CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
| CN104703183A (en) | Special line APN (Access Point Name) security-enhanced access method and device | |
| CN105516054A (en) | User authentication method and user authentication device | |
| KR101879843B1 (en) | Authentication mehtod and system using ip address and short message service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |