CN105357168A - Device access permission allocation method and device - Google Patents
Device access permission allocation method and device Download PDFInfo
- Publication number
- CN105357168A CN105357168A CN201410410483.2A CN201410410483A CN105357168A CN 105357168 A CN105357168 A CN 105357168A CN 201410410483 A CN201410410483 A CN 201410410483A CN 105357168 A CN105357168 A CN 105357168A
- Authority
- CN
- China
- Prior art keywords
- access rights
- authority
- access
- equipment
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a device access permission allocation method and appliance, which can be used to solve the problem in the prior art that network resources cannot be reasonably utilized due to the conventional device access permission allocation mode. The device access permission allocation method includes the following steps: determining whether the network connection is a first network connection of a device or not; allocating preset initial access permission to the device if the network connection is the first network connection; allocating corresponding access permission to the device according to a corresponding relationship between the preset device access permission and an MAC address of the device if the network connection is not the first network connection. The device access permission allocation method can more reasonably allocate the network resources and improve the utilization of the network resources.
Description
Technical field
The present invention relates to communication technical field, particularly relates to a kind of device access authority distributing method and device.
Background technology
At present, intelligent router is comparatively rough for the network access authority way to manage of connected equipment, generally list current all equipment be connected on router, and the access rights situation of each equipment, such as, allow or forbid device access the Internet, for the router of band hard disk, also comprising permission or disable access hard disk.But current smart machine has various different function, such as, web page browsing, game function, multimedia interaction such as to share at the function, and these dissimilar equipment can stress different Internet resources to the access of network.Meanwhile, need to have heterogeneous networks restrict access to different users's identity of equipment, such as, the Interim use personnel of home network do not have the authority etc. of access router hard disk, and the network of children's access should limit the access of a part of network address.It can thus be appreciated that current network access authority distribution method is not enough to carry out differentiation management to the access rights of different equipment or different equipment users, cause Internet resources can not Appropriate application, cause the waste of Internet resources.
Summary of the invention
The invention provides a kind of device access authority distributing method and device, the problem that the access rights method of salary distribution in order to solve prior art causes Internet resources not to be used appropriately.
According to an aspect of the present invention, provide a kind of device access authority distributing method, comprising: whether judge that this network connects is that the first time network of equipment connects; If so, then for equipment distributes the initial access rights pre-set; If not, then according to the device access authority that the pre-sets corresponding relation with MAC (MediaAccessControlAddress, the medium access control) address of equipment, be the access rights that equipment distributes correspondence.
Wherein, device access authority comprises: the combination of the access rights corresponding with the type of equipment and the access rights corresponding with user's identity of equipment.
Wherein, the access rights corresponding with the type of equipment and the access rights corresponding with equipment user identity, comprise following at least one respectively: the restriction of the authority of network manager, the authority of access the Internet, the restriction of surf time, network speed, stream quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, authority, the authority uploading annex, the authority of video tour, the authority of game of download annex.
Wherein, according to the corresponding relation of the MAC Address of the device access authority pre-set and equipment, for equipment distributes corresponding access rights, comprise: when comprising the access rights of identical type in the access rights corresponding with device type and the access rights corresponding with user's identity of equipment and the actual size of the access rights of identical type is inconsistent, be as the criterion with actual access authority smaller during combination.
Further, said method also comprises: according to the access rights change directive of the network manager received, the access rights of change relevant device;
The corresponding relation of the MAC Address of preservation equipment and the access rights after changing.
Whether according to another aspect of the present invention, provide a kind of device access right assignment device, comprising: judge module, be that the first time network of equipment connects for judging that this network connects; First distribution module, for when the judged result of judge module is for being, for equipment distributes the acquiescence initial access rights pre-set; Second distribution module, for when the judged result of judge module is no, is that equipment distributes corresponding access rights according to the device access authority pre-set and the corresponding relation of the MAC Address of equipment.
Wherein, device access authority comprises: the combination of the access rights corresponding with the type of equipment and the access rights corresponding with user's identity of equipment.
Wherein, the access rights corresponding with the type of equipment and the access rights corresponding with equipment user identity, comprise following at least one respectively: the restriction of the authority of network manager, the authority of access the Internet, the restriction of surf time, network speed, stream quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, authority, the authority uploading annex, the authority of video tour, the authority of game of download annex.
Wherein, second distribution module specifically for, when comprising the access rights of identical type in the access rights corresponding with device type and the access rights corresponding with user's identity of equipment and the actual size of the access rights of identical type is inconsistent, be as the criterion with actual access authority smaller during combination.
Further, said apparatus also comprises: change module, for the access rights change directive according to the network manager received, and the access rights of change relevant device; Preserve module, for preserving the corresponding relation of the MAC Address of equipment and the access rights after changing.
The embodiment of the present invention is by the corresponding relation of the device mac address that pre-sets and access rights, can when device request connection route device, be equipment allocation of access rights according to this corresponding relation, can more reasonably allocation of network resources, improve network resource utilization.
Accompanying drawing explanation
Fig. 1 is the flow chart of the device access authority distributing method of the embodiment of the present invention;
Fig. 2 is the structured flowchart of the device access right assignment device of the embodiment of the present invention.
Embodiment
For further setting forth the present invention for the technological means reaching predetermined object and take and effect, below in conjunction with accompanying drawing and preferred embodiment, the present invention is described in detail as after.
Fig. 1 is the flow chart of the device access authority distributing method of the embodiment of the present invention.As shown in Figure 1, the method comprises the following steps:
Step 101: the request of receiving equipment interconnection network;
Step 102: whether judge that this network connects is that the first time network of equipment connects;
When equipment sends connection request to router, router can obtain the MAC Address of equipment, and the device mac address got can be deposited, therefore when on equipment, once request is connected with router, after router obtains the MAC Address of equipment, use the device mac address that gets to mate with the device mac address self stored, the match is successful shows equipment and non-first time is connected with router, it fails to match then devices illustrated be connect with router for the first time.
Step 103: if, then for equipment distributes the initial access rights pre-set;
If equipment is connected with router first time, the MAC Address of equipment is not then stored in router, so, now, router can distribute the initial access rights of the acquiescence that pre-sets for equipment, member to be managed is after it distributes the access rights corresponding with its MAC Address according to the concrete condition of this equipment, and during this equipment connection route device next time, router can be this equipment allocation of access rights automatically.
Step 104: if not, then the device access authority that basis pre-sets is that equipment distributes corresponding access rights with the corresponding relation of the MAC Address of equipment.
Wherein, device access authority comprises: the access rights corresponding with device type, and the combination of the access rights corresponding with user's identity of equipment.The access rights corresponding with device type and the access rights corresponding with user's identity of equipment comprise following at least one respectively: the restriction of the authority of network manager, the authority of accessing the Internet, the restriction of surf time, network speed, flow quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, the authority downloading annex, the authority uploading annex, the authority of video tour, the authority of game.Such as, if device type is mobile phone, and user's identity is Interim use identity, then namely the access rights of this equipment comprise the combination of authority that mobile phone can be endowed and the authority that user's identity can be endowed.Particularly, to when combining according to device type and the access rights corresponding according to equipment user identity, if the two causes the authority of same access rights is not of uniform size, then less access rights are distributed to the equipment that current request and router connect.It should be noted that, the access rights that device type involved in the embodiment of the present invention is corresponding, and access rights corresponding to equipment user are what pre-set in the router, namely can be the access rights having fixing mapping table middle finger phasing to answer device type corresponding with the type equipment, and the access rights that the equipment user identity of specifying is corresponding, when determining the network access authority of a certain designated equipment, the access rights that device type and equipment user identity is corresponding respectively combine, namely the network access authority of this designated equipment is obtained, based on this, when the access rights of network manager to equipment user manage, the device type that can directly provide according to router and the corresponding relation of equipment user identity obtain the access rights combination of equipment, and without the need to selecting one by one multiple access rights as above, simplify the operation of network manager.
Administrator access and global function access rights can be comprised in the authority corresponding with device type pre-set in router, namely, all access rights except administrator access, also can comprise the access rights of game access authority or home equipment, and the access rights of equipment user identity can comprise administrator access, global function access rights, guest access authority, neighbours' access rights and children's access rights.Keeper also can carry out self-defined bundle of permissions according to user's identity of physical device, namely, can selection equipment can have in access rights corresponding to the said equipment type and the access rights corresponding with user's identity of equipment access rights, such as, keeper can newly-built access rights divide into groups, the equipment network speed belonging to this group must not be default more than one value, such as, 300k/s, service time must not more than 2 hours, and total flow is 300M to the maximum, when the time is greater than preset value, namely 2 hours or flow exceed 300M automatically and equipment disconnect.
It should be noted that, when can MAC Address determination device type according to equipment, router can automatically for equipment distributes the access rights corresponding with device type, the information of the device fabrication business that this kind of situation specifically reflects according to MAC Address first three groups numeral determines device type, in this kind of situation, only can realize when device fabrication single intelligent artifact that business produces.
The access rights of the said equipment can change, and concrete alter mode can comprise, and keeper initiatively changes the access rights of equipment; Or equipment user application change device access authority, keeper, after receiving application, changes device access authority.Namely router can according to the access rights change directive of the network manager received, the access rights of change relevant device; The corresponding relation of the MAC Address of preservation equipment and the access rights after changing.
Particularly, keeper initiatively changes device access authority and can comprise following process:
According to the operation change MAC Address of equipment and the corresponding relation of access rights of the keeper received;
Preserve the corresponding relation of the MAC Address after change and access rights.
The device access authority change request that keeper submits to according to the equipment user authority change that conducts interviews can comprise following process:
Receive the access rights change request from equipment;
Obtain the response message of keeper to access rights change request;
When response message instruction is changed the access rights of equipment, the access rights of change equipment, and the corresponding relation preserving the MAC Address of equipment and the access rights after changing.
Fig. 2 is the structured flowchart of the device access right assignment device of the embodiment of the present invention, and as shown in Figure 2, this device 20 comprises following part:
Whether judge module 21 is that the first time network of equipment connects for judging that this network connects;
First distribution module 22, for when the judged result of judge module is for being, for equipment distributes the acquiescence initial access rights pre-set;
Second distribution module 23, for when the judged result of judge module is no, is that equipment distributes corresponding access rights according to the device access authority pre-set and the corresponding relation of the MAC Address of equipment.
Wherein, device access authority comprises: the combination of the access rights corresponding with the type of equipment and the access rights corresponding with user's identity of equipment.
The access rights corresponding with the type of equipment and the access rights corresponding with equipment user identity, comprise following at least one respectively: the restriction of the authority of network manager, the authority of access the Internet, the restriction of surf time, network speed, stream quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, authority, the authority uploading annex, the authority of video tour, the authority of game of download annex.
Above-mentioned second distribution module 23 specifically for, when comprising the access rights of identical type in the access rights corresponding with described device type and the access rights corresponding with user's identity of described equipment and the actual size of the access rights of described identical type is inconsistent, be as the criterion with actual access authority smaller during combination.
Said apparatus can also comprise: change module, for the access rights change directive according to the network manager received, and the access rights of change relevant device; Preserve module, for preserving the corresponding relation of the MAC Address of equipment and the access rights after changing.
The embodiment of the present invention is by the corresponding relation of the device mac address that pre-sets and access rights, can when device request connection route device, be equipment allocation of access rights according to this corresponding relation, can more reasonably allocation of network resources, improve network resource utilization.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. a device access authority distributing method, is characterized in that, comprising:
Whether judge that this network connects is that the first time network of described equipment connects;
If so, then distribute for described equipment the initial access rights pre-set;
If not, then according to the device access authority that the pre-sets corresponding relation with the medium access control MAC Address of equipment, be the access rights that described equipment distributes correspondence.
2. the method for claim 1, is characterized in that, described device access authority comprises:
The combination of the access rights corresponding with the type of described equipment and the access rights corresponding with user's identity of described equipment.
3. method as claimed in claim 2, it is characterized in that, the access rights corresponding with the type of equipment and the access rights corresponding with equipment user identity, comprise following at least one respectively:
The restriction of the authority of network manager, the authority of access the Internet, the restriction of surf time, network speed, stream quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, authority, the authority uploading annex, the authority of video tour, the authority of game of download annex.
4. method as claimed in claim 2, is characterized in that, according to the corresponding relation of the device access authority pre-set with the MAC Address of equipment, is the access rights that described equipment distributes correspondence, comprises:
When comprising the access rights of identical type in the access rights corresponding with described device type and the access rights corresponding with user's identity of described equipment and the actual size of the access rights of described identical type is inconsistent, be as the criterion with actual access authority smaller during combination.
5. the method for claim 1, is characterized in that, described method also comprises:
According to the access rights change directive of the network manager received, the access rights of change relevant device;
Preserve the corresponding relation of the MAC Address of described equipment and the access rights after changing.
6. a device access right assignment device, is characterized in that, comprising:
Whether judge module is that the first time network of described equipment connects for judging that this network connects;
First distribution module, for when the judged result of described judge module is for being, for described equipment distributes the acquiescence initial access rights pre-set;
Second distribution module, for when the judged result of described judge module is no, is that described equipment distributes corresponding access rights according to the device access authority pre-set and the corresponding relation of the medium access control MAC Address of equipment.
7. device as claimed in claim 6, it is characterized in that, described device access authority comprises:
The combination of the access rights corresponding with the type of described equipment and the access rights corresponding with user's identity of described equipment.
8. device as claimed in claim 7, it is characterized in that, the access rights corresponding with the type of equipment and the access rights corresponding with equipment user identity, comprise following at least one respectively:
The restriction of the authority of network manager, the authority of access the Internet, the restriction of surf time, network speed, stream quantitative limitation, the restriction of network address blacklist, the restriction of network address white list, the authority of access hard disk, authority, the authority uploading annex, the authority of video tour, the authority of game of download annex.
9. device as claimed in claim 7, is characterized in that, described second distribution module specifically for,
When comprising the access rights of identical type in the access rights corresponding with described device type and the access rights corresponding with user's identity of described equipment and the actual size of the access rights of described identical type is inconsistent, be as the criterion with actual access authority smaller during combination.
10. device as claimed in claim 6, it is characterized in that, described device also comprises:
Change module, for the access rights change directive according to the network manager received, the access rights of change relevant device;
Preserve module, for preserving the corresponding relation of the MAC Address of described equipment and the access rights after changing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410410483.2A CN105357168B (en) | 2014-08-19 | 2014-08-19 | A kind of equipment access authority distribution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410410483.2A CN105357168B (en) | 2014-08-19 | 2014-08-19 | A kind of equipment access authority distribution method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105357168A true CN105357168A (en) | 2016-02-24 |
| CN105357168B CN105357168B (en) | 2019-02-01 |
Family
ID=55333034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410410483.2A Active CN105357168B (en) | 2014-08-19 | 2014-08-19 | A kind of equipment access authority distribution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105357168B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106412896A (en) * | 2016-09-30 | 2017-02-15 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
| CN106792689A (en) * | 2016-12-16 | 2017-05-31 | 广东美晨通讯有限公司 | WI FI focuses management methods and WI FI focus managing devices |
| CN106878296A (en) * | 2017-01-24 | 2017-06-20 | 深圳市评估王信息科技有限公司 | Data access control method and device |
| CN110351719A (en) * | 2019-07-16 | 2019-10-18 | 深圳市信锐网科技术有限公司 | A kind of wireless network management method, system and electronic equipment and storage medium |
| CN110661744A (en) * | 2018-06-28 | 2020-01-07 | 石悌君 | Network access control method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1102156A1 (en) * | 1999-11-16 | 2001-05-23 | France Telecom | Method and system for the management of access to information |
| CN101599967A (en) * | 2009-06-29 | 2009-12-09 | 杭州华三通信技术有限公司 | Authority control method and system based on the 802.1x Verification System |
| US7735114B2 (en) * | 2003-09-04 | 2010-06-08 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus using dynamic user policy assignment |
| CN102136938A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method and device for providing user information for carried grade network address translation (CGN) equipment |
| CN102348209A (en) * | 2011-09-23 | 2012-02-08 | 福建星网锐捷网络有限公司 | Method and device for wireless network access and authentication |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
-
2014
- 2014-08-19 CN CN201410410483.2A patent/CN105357168B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1102156A1 (en) * | 1999-11-16 | 2001-05-23 | France Telecom | Method and system for the management of access to information |
| US7735114B2 (en) * | 2003-09-04 | 2010-06-08 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus using dynamic user policy assignment |
| CN101599967A (en) * | 2009-06-29 | 2009-12-09 | 杭州华三通信技术有限公司 | Authority control method and system based on the 802.1x Verification System |
| CN102136938A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method and device for providing user information for carried grade network address translation (CGN) equipment |
| CN102348209A (en) * | 2011-09-23 | 2012-02-08 | 福建星网锐捷网络有限公司 | Method and device for wireless network access and authentication |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106412896A (en) * | 2016-09-30 | 2017-02-15 | 上海斐讯数据通信技术有限公司 | Authorization management method and system of wireless router |
| CN106792689A (en) * | 2016-12-16 | 2017-05-31 | 广东美晨通讯有限公司 | WI FI focuses management methods and WI FI focus managing devices |
| CN106878296A (en) * | 2017-01-24 | 2017-06-20 | 深圳市评估王信息科技有限公司 | Data access control method and device |
| CN110661744A (en) * | 2018-06-28 | 2020-01-07 | 石悌君 | Network access control method |
| CN110351719A (en) * | 2019-07-16 | 2019-10-18 | 深圳市信锐网科技术有限公司 | A kind of wireless network management method, system and electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105357168B (en) | 2019-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110896355B (en) | Network slice selection method and device | |
| US10375015B2 (en) | Methods and system for allocating an IP address for an instance in a network function virtualization (NFV) system | |
| KR102162678B1 (en) | Communication method and related device | |
| CA2990041C (en) | Network function virtualization (nfv) hardware trust in data communication systems | |
| CN108024270B (en) | Information sending method, unit and system | |
| US20170250870A1 (en) | Virtual network policy configuration method and system, and virtual network element and network administration system thereof | |
| CN106878084B (en) | Authority control method and device | |
| CN105357168A (en) | Device access permission allocation method and device | |
| US11902108B2 (en) | Dynamic adaptive network | |
| US20210036920A1 (en) | Configuring network slices | |
| CN111165025A (en) | Collaborative terminal slicing and network slicing functions | |
| WO2022142740A1 (en) | Network slice connection method and apparatus, storage medium, and electronic apparatus | |
| CN104348798B (en) | A kind of method, apparatus, dispatch server and system for distributing network | |
| CN109151825A (en) | Hot spot shared method, apparatus and system | |
| CN109962806B (en) | Method and device for managing transmission network sub-slices | |
| CN104780147A (en) | BYOD access control method and device | |
| CN106714000A (en) | Control method, system and device of conference terminal authority | |
| CN114079933A (en) | Network slice management system, application server and terminal equipment | |
| WO2019029704A1 (en) | Network object management method and apparatus therefor | |
| CN109302302B (en) | Method, system and computer readable storage medium for scaling service network element | |
| CN105763545A (en) | BYOD method and device | |
| CN103973747A (en) | Method and device for acquiring content | |
| CN103140833A (en) | System and method for multimedia multi-party peering (M2P2) | |
| CN112954084B (en) | Edge computing processing method, network function example and edge service management and control center | |
| CN104754072A (en) | Address allocation method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |