CN113645054B - Wireless network device configuration method and system - Google Patents

Abstract

This application provides a wireless network device configuration method and system. The method includes: the first mobile terminal through scanning the first identification code on the wireless network device, obtaining the first WIFI name, the first WIFI password, the first management address and the first management account password of the wireless network device. The network configuration information sends a configuration request with the first management account password and network configuration information to the first management address; the wireless network device is based on the first management account password to verify the configuration request to verify the post -application network configuration information. In this way, by scanning the identification code set on the wireless network device by the mobile terminal, the mobile terminal automatically completes actions such as WiFi access and network configuration of the wireless network device, without requiring the user to perform a large number of complicated manual operations, which can improve the efficiency of wireless network device configuration and reduce the possibility of configuration errors.

Description

Wireless network device configuration method and system

technical field

The present application relates to the technical field of network equipment, and in particular, to a wireless network equipment configuration method and system.

Background technique

With the popularization and development of network information technology, broadband network coverage is getting wider and wider. Using wireless network equipment to access broadband is currently a very common form of terminal equipment accessing the Internet. Before using a wireless network device to access a broadband network, it is usually necessary to perform a series of configurations on the wireless network device, such as configuring the WiFi name, WiFi password, device management account, device management password, dial-up account, dial-up password, etc.

In the traditional wireless network device configuration method, it is usually necessary to use a terminal device to access the wireless network device through wired or wireless means, then open the wireless network device management page according to the management address, and then perform some configurations on the management page. The operations to complete a configuration operation are complicated, the operation chain is long, and the operation process is not friendly to non-professional ordinary users. Even professional network installation and maintenance personnel have low configuration efficiency.

Contents of the invention

In order to overcome the above-mentioned deficiencies in the prior art, the purpose of this application is to provide a wireless network device configuration method, the method comprising:

The first mobile terminal obtains the first WiFi name, the first WiFi password, the first management address and the first management account password pre-stored in the wireless network device by scanning the first identification code on the wireless network device;

The first mobile terminal accesses the wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password;

The first mobile terminal responds to user operations and obtains network configuration information set by the user, the network configuration information including the updated second WiFi name, second WiFi password, second management address or second management account password;

The first mobile terminal sends a configuration request carrying the first management account password and the network configuration information to the first management address;

The wireless network device verifies the configuration request according to the pre-stored password of the first management account, and applies the network configuration information after the verification is passed.

In a possible implementation manner, the first mobile terminal obtains the initial first WiFi name, first WiFi password, first management address and first management account password of the wireless network device by scanning the first identification code on the wireless network device, including:

The first mobile terminal obtains the identity of the wireless network device by scanning the first identification code on the wireless network device;

The first mobile terminal sends a login information acquisition request to the server, and the login information acquisition request carries the identity of the wireless network device;

The server searches for the first WiFi name, the first WiFi password, the first management address and the first management account password corresponding to the wireless network device according to the identity of the wireless network device in the received login information acquisition request and sends them to the first mobile terminal.

In a possible implementation, the method further includes:

The server pre-records the corresponding relationship between the identity of the user who purchased the wireless network device and the identity of the wireless network device;

The step of the first mobile terminal sending a login information acquisition request to the server includes:

The first mobile terminal sends a login information acquisition request carrying the identity of the user logged in on the first mobile terminal and the identity of the wireless network device to the server;

The server searches for the initial first WiFi name, first WiFi password, first management address and first management account password of the wireless network device according to the identity of the wireless network device in the received login information acquisition request and sends them to the first mobile terminal, including:

The server verifies whether the identity of the user in the login information acquisition request matches the identity of the wireless network device according to the pre-stored correspondence;

If they match, search for the first WiFi name, first WiFi password, first management address and first management account password corresponding to the identity of the wireless network device and send them to the first mobile terminal.

In a possible implementation, the method further includes:

The first mobile terminal acquires the communication identification, network usage time and speed limit policy of the second mobile terminal;

The first mobile terminal encrypts the communication identification of the second mobile terminal, the network usage time and the speed limit policy according to the second management account password to obtain encrypted information;

The first mobile terminal generates a second identification code according to the encrypted information and the second management address of the wireless network device;

The second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends networking configuration information carrying the encrypted information to the second management address;

The wireless network device decrypts the encrypted information in the received networking configuration information according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time, and the speed limit policy;

The wireless network device adds the second mobile terminal to a whitelist allowing the Internet access according to the communication identifier of the second mobile terminal, and limits the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

In a possible implementation manner, the step of the first mobile terminal encrypting the communication identification of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain encrypted information includes:

The first mobile terminal obtains the current time as the authorization time;

The first mobile terminal uses the second management account password to encrypt the authorization time, the communication identification of the second mobile terminal, the network usage time and the speed limit policy to obtain the encrypted information;

The wireless network device decrypts the received encrypted information according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time and the speed limit policy, including:

The wireless network device decrypts the encrypted information in the networking configuration information received this time according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time, the speed limit policy and the authorization time;

The wireless network device detects whether it has ever received historical networking configuration information with the same authorization time as the networking configuration information received this time;

If so, the networking configuration information described this time will not be processed;

If not, then record the networking configuration information received this time as historical networking configuration information, and then perform the step of adding the second mobile terminal to the whitelist of allowing Internet access, and limiting the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit strategy.

In a possible implementation, before the first mobile terminal acquires the communication identification, network usage time and speed limit policy of the second mobile terminal, the method further includes:

The second mobile terminal obtains the identity of the wireless network device and the address of the server by scanning the first identification code set on the wireless network device;

The second mobile terminal sends the wireless network device networking application information according to the address of the server, and the networking application information includes the communication identifier of the second mobile terminal and the identity identifier of the wireless network device.

The server searches for a first mobile terminal having management authority for the wireless network device according to the identity of the wireless network device, and sends the networking application information to the first mobile terminal.

In a possible implementation manner, the step of the second mobile terminal obtaining the second management address and the encrypted information by scanning the second identification code, and sending the networking configuration information carrying the encrypted information to the second management address includes:

The first mobile terminal generates the second identification code according to the encrypted information, the second WiFi name of the wireless network device, the second WiFi password, and the second management address;

The step of obtaining the second management address and the encrypted information by the second mobile terminal by scanning the second identification code includes:

The second mobile terminal obtains the second WiFi name, the second WiFi password, the second management address and the encrypted information by scanning the second identification code;

The second mobile terminal accesses the wireless local area network provided by the wireless network device according to the second WiFi name and the second WiFi password, and sends networking configuration information carrying the encrypted information to the second management address through the wireless local area network.

In a possible implementation manner, the wireless network device is also communicatively connected to a network security server, and the method further includes:

When the wireless network device receives an unknown information access request for updating the current network configuration information, it intercepts when the unknown information access request does not match a whitelist member in the trusted white list, and sends the access configuration information in the unknown information access request to the network security server while intercepting;

The network security server acquires a set of historical network events corresponding to each access configuration attribute in the access configuration information, and after finding a target network attack event related to the routing operation environment of the wireless network device in the set of historical network events, update the routing security protection policy of the wireless network device on the network security server based on the preset update policy of the target network attack event, and simulate network security attack event information in the virtual security protection environment of the wireless network device based on the updated routing security protection policy;

Obtaining response interception behavior objects of multiple response interception behaviors in response to the network security attack event information in the virtual security protection environment of the wireless network device, and acquiring multiple historical interception extension tracking behaviors related to the multiple response interception behaviors, any historical interception extension tracking behavior includes an extension tracking object and an extension tracking path set;

According to the extended tracking object of each historical interception extended tracking action and the response interception action objects of multiple response interception actions, determine the response interception behavior to which each historical interception extended tracking action belongs;

According to the set of extended tracing paths of each historical interception extended tracing behavior and the response interception behavior to which each historical interception extended tracing behavior belongs, the multiple historical interception extended tracing behaviors are clustered to obtain the response interception behaviors to which the multiple historical interception extended tracing behavior clusters respectively belong;

According to the response interception behaviors to which the plurality of historical interception extended tracking behavior clusters respectively belong, determine the response interception behavior to which each extended tracking behavior in the plurality of historical interception extended tracking behaviors belongs, and after establishing an association relationship between each extended tracking behavior and the response interception behavior to which each extended tracking behavior belongs, perform an extended update on the routing security protection policy based on the established association relationship information, so as to send the expanded and updated routing security protection policy to the wireless network device for automatic response configuration.

The present application also provides a wireless network device configuration system, the system includes a first mobile terminal and a wireless network device;

The first mobile terminal is used to obtain the first WiFi name, first WiFi password, first management address and first management account password pre-stored by the wireless network device by scanning the first identification code on the wireless network device;

The first mobile terminal is also used to access the wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password;

The first mobile terminal is also used to respond to user operations and obtain network configuration information set by the user, the network configuration information including the updated second WiFi name, second WiFi password, second management address and second management account password;

The first mobile terminal is further configured to send a configuration request carrying the first management account password and the network configuration information to the first management address;

The wireless network device is configured to verify the configuration request according to the pre-stored first management account password, and replace the first WiFi name, first WiFi password, first management address and first management account password with the second WiFi name, second WiFi password, second management address and second management account password after the verification is passed.

In a possible implementation manner, the system further includes a second mobile terminal;

The first mobile terminal is also used to obtain the communication identification, network usage time and speed limit policy of the second mobile terminal;

The first mobile terminal is further configured to encrypt the communication identification of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain encrypted information;

The first mobile terminal is further configured to generate a second identification code according to the encrypted information and the second management address of the wireless network device;

The second mobile terminal is configured to obtain the second management address and the encrypted information by scanning the second identification code, and send networking configuration information carrying the encrypted information to the second management address;

The wireless network device is further configured to decrypt the encrypted information in the received networking configuration information according to the second management account password, and obtain the communication identification of the second mobile terminal, the network usage time, and the speed limit policy;

The wireless network device is further configured to add the second mobile terminal to a whitelist for allowing Internet access according to the communication identifier of the second mobile terminal, and limit the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

Compared with the prior art, the present application has the following beneficial effects:

The wireless network device configuration method and system provided by this application enable the mobile terminal to automatically complete actions such as WiFi access and network configuration of the wireless network device by scanning the identification code set on the wireless network device by the mobile terminal, without requiring the user to perform a large number of complicated manual operations, thereby improving the efficiency of wireless network device configuration and reducing the possibility of configuration errors.

Description of drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present application, and therefore should not be regarded as limiting the scope. For those of ordinary skill in the art, other related drawings can also be obtained according to these drawings without creative work.

FIG. 1 is one of schematic diagrams of a wireless network device configuration system provided in an embodiment of the present application;

FIG. 2 is one of schematic diagrams of a wireless network device configuration method provided in an embodiment of the present application;

FIG. 3 is the second schematic diagram of the wireless network device configuration system provided by the embodiment of the present application;

FIG. 4 is a second schematic diagram of a method for configuring a wireless network device provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of them. The components of the embodiments of the application generally described and illustrated in the figures herein may be arranged and designed in a variety of different configurations.

Accordingly, the following detailed description of the embodiments of the application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely represents selected embodiments of the application. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

It should be noted that like numerals and letters denote similar items in the following figures, therefore, once an item is defined in one figure, it does not require further definition and explanation in subsequent figures.

In the description of the present application, the terms "first", "second", "third" and so on are only used for distinguishing descriptions, and cannot be understood as indicating or implying relative importance.

In the description of the present application, it should also be noted that, unless otherwise specified and limited, the terms "installation", "installation", "connection" and "connection" should be understood in a broad sense, for example, it may be a fixed connection, a detachable connection, or an integral connection; it may be a mechanical connection or an electrical connection; it may be a direct connection or an indirect connection through an intermediary, or it may be an internal connection between two components. Those of ordinary skill in the art can understand the specific meanings of the above terms in this application in specific situations.

Please refer to FIG. 1 . FIG. 1 is a schematic diagram of a wireless network device configuration system provided in this embodiment. The system may include a first mobile terminal 200 and a wireless network device 100 used by a user.

The first mobile terminal 200 may be a mobile terminal having a wireless local area network (Wireless Local Area Network, WLAN) communication function. The first mobile terminal 200 may also have an image acquisition module, and the image acquisition module may be used to scan identification codes (such as two-dimensional codes, barcodes, etc.). For example, the first mobile terminal 200 may be a smart phone, a tablet computer, a notebook computer with a code scanning function, a personal computer, and the like. The wireless network device 100 may be a wireless network device 100 with a WLAN function.

In the above scenario, this embodiment also provides a wireless network device configuration method, please refer to FIG. 2 , and each step of the method will be explained in detail below.

Step S110, the first mobile terminal obtains the first WiFi name, first WiFi password, first management address and first management account password pre-stored in the wireless network device by scanning the first identification code on the wireless network device.

In this embodiment, before selling the wireless network device, the merchant who sells the wireless network device may paste a first identification code (such as a QR code, a barcode, etc.) related to the wireless network device on the wireless network device.

In a possible implementation manner, the first identification code may carry a pre-stored (that is, initial) first WiFi name, first WiFi password, first management address, and first management account password of the wireless network device. The user who purchased the wireless network device can scan the first identification code on the wireless network device through his first mobile terminal, thereby analyzing and obtaining the first WiFi name, the first WiFi password, the first management address and the first management account password.

For example, the information obtained from the identification of the first identification code may be as follows:

ssid1=test1&wifipwd=abcd1234&username=user&userpwd=ccabcd&ip=192.168.10.1&productname=xxx&mac=aabbccdd1122&vendor=ysz&model=wifi&date=2021.2.20

Wherein, "&" is used for field segmentation, the ssid field is the first WiFi name, the wifipwd field is the first WiFi password, the username field and userpwd field are the first management account password, and the ip field is the first management address. Other fields can be used to record information including manufacturer name, MAC address of wireless network device, mode of wireless network device, time and so on.

In another possible implementation, the merchant who sells the wireless network device may record the correspondence between each wireless network device's initial first WiFi name, first WiFi password, first management address, first management account password and the identity of the wireless network device before selling the wireless network device. The identity identifier may be the serial number of the wireless network device, a unique device identifier, a MAC address, and the like.

The first identification code may carry the identity of the wireless network device and the server address of the merchant that sells the wireless network device. A user who has purchased a wireless network device may scan the first identification code on the wireless network device through his first mobile terminal, so as to send a login information acquisition request carrying the identity of the wireless network device to the server. The server searches for the first WiFi name, the first WiFi password, the first management address and the first management account password corresponding to the wireless network device according to the identity of the wireless network device in the received login information acquisition request and sends them to the first mobile terminal.

Further, in order to prevent illegal users from maliciously obtaining the wireless network device information prestored in the server, in this embodiment, the server may pre-record the correspondence between the identity of the user who purchased the wireless network device and the identity of the wireless network device.

When the first mobile terminal sends a login information acquisition request to the server, it may send a login information acquisition request carrying the identity of the user logged in on the first mobile terminal and the identity of the wireless network device to the server.

Then, the server verifies whether the identity of the user in the login information acquisition request matches the identity of the wireless network device according to the pre-stored correspondence; if they match, then search for the first WiFi name corresponding to the identity of the wireless network device, the first WiFi password, the first management address, and the first management account password and send them to the first mobile terminal.

After the first mobile terminal obtains the first WiFi name, the first WiFi password, the first management address and the first management account password and sends them to the first mobile terminal, it can begin to execute step S120.

Step S120, the first mobile terminal accesses the wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password.

In this embodiment, when the wireless network device is powered on for the first time, it will provide a wireless local area network according to the pre-stored first WiFi name and first WiFi password. After the first mobile terminal obtains the first WiFi name and the first WiFi password through step S110, it can access the wireless local area network provided by the wireless network device.

It can be understood that after the first mobile terminal accesses the wireless local area network provided by the wireless network device, it is in the same local area network as the wireless network device, so that it can exchange information with the wireless network device through local area network communication.

Step S130, the first mobile terminal obtains network configuration information set by the user in response to the user operation, and the network configuration information includes the updated second WiFi name, second WiFi password, second management address or second management account password.

In an implementation manner of this embodiment, after accessing the wireless WiFi provided by the wireless network device, the first mobile terminal may initiate a management connection to the first management address through the first management account password to obtain current configuration information of the wireless network device.

Next, the first mobile terminal may provide an operation interface, and may display current configuration information of the wireless network device on the operation interface. The user can set a new second WiFi name, a second WiFi password, a second management address, a second management account password, etc. according to his needs on the operation interface.

The first mobile terminal may respond to the user's configuration operation on the operation interface, and obtain the second WiFi name, the second WiFi password, the second management address and the second management account password set by the user as network configuration information.

Optionally, in a scenario where the wireless network device needs to initiate dial-up Internet access (for example, PPPoE dial-up Internet access), the user can also set the dial-up PPPoE account password of the wireless network device on the operation interface. The network configuration information may include a PPPoE account password.

Step S140, the first mobile terminal sends a configuration request carrying the first management account password and the network configuration information to the first management address.

In a possible implementation manner, the first mobile terminal may splice an http Post request to access the first management address according to the first management address, the first management account password, and the network configuration information.

For example, taking the network configuration information including the PPPoE account password, the second WiFi name, and the second WiFi password as an example, the form of the configuration request can be as follows:

http://192.168.10.1/itms/username=xxxx&userpwd=xxxx&PPPOEuser=xxx&PPPOEpassword=xxx&SSID=test-2&WiFiPassword=12345678

Wherein, the username field and userpwd are the password of the first management account, the PPPOEuser field and the PPPOEpassword field are the password of the PPPoE account, the SSID field is the name of the second WiFi, and the WiFiPassword field is the password of the second WiFi.

Step S150, the wireless network device verifies the configuration request according to the pre-stored password of the first management account, and applies the network configuration information after the verification is passed.

In this embodiment, after receiving the configuration request, the wireless network device may verify whether the first management account password prestored by itself matches the first management account password carried in the configuration request. If they match, the network configuration information is applied, that is, the network configuration newly set by the user is used to replace the initial network configuration pre-stored in the wireless network device.

Wherein, if the network configuration information includes a PPPoE account password, the wireless network device uses the PPPoE account password to dial-up to access the Internet after passing the verification, and sends a dial-up status to the first mobile terminal.

Based on the above design, the wireless network device configuration method provided in this embodiment enables the mobile terminal to automatically complete actions such as WiFi access and network configuration of the wireless network device by scanning the identification code set on the wireless network device by the mobile terminal, without requiring the user to perform a large number of complicated manual operations, thereby improving the efficiency of wireless network device configuration and reducing the possibility of configuration errors.

Usually, the wireless network device also has the functions of restricting whether a certain mobile terminal can access the network, restricting the time of surfing the Internet, and limiting the speed of the network. These configuration operations also require the user to establish a management connection with the wireless network device through the terminal device, and then configure the wireless network device.

In some scenarios, a user with management rights to the wireless network device may temporarily be unable to establish a management connection with the wireless network device, but other users may need to apply for permission to access the wireless network device.

For example, referring to FIG. 3 , the wireless network device configuration system may further include a second mobile terminal 300 . Wherein, the first mobile terminal 200 is a mobile terminal of a user having management authority to the wireless network device 100, the first mobile terminal 200 may not be able to establish management communication with the wireless network device 100 currently (for example, the wireless network device 100 is a wireless network device on an internal network, and the first mobile terminal 200 is located on an external network at this time), and the second mobile terminal 300 may be a terminal that needs to access the wireless network device 100.

In a possible implementation manner of this embodiment, steps S210 to S250 may be used to realize that the second mobile terminal obtains the right to access the wireless network device to surf the Internet without requiring the user to perform too many configurations. Referring to FIG. 4 , step S210 to step S260 will be explained in detail below.

Step S210, the first mobile terminal acquires the communication identifier, network usage time and speed limit policy of the second mobile terminal.

In this embodiment, the communication identifier of the second mobile terminal may include the MAC address of the second mobile terminal, the network usage time may include usage duration, and the speed limit policy may include a maximum download speed and a maximum upload speed.

In a possible implementation manner, the second mobile terminal may obtain the identity of the wireless network device and the address of the server by scanning the first identification code set on the wireless network device.

Then the second mobile terminal sends the wireless network device networking application information according to the address of the server, and the networking application information includes the communication identifier of the second mobile terminal and the identity identifier of the wireless network device.

The server may search for a first mobile terminal having management authority for the wireless network device according to the identity of the wireless network device, and send the networking application information to the first mobile terminal.

In this way, the first mobile terminal can obtain the communication identifier of the second mobile terminal.

Further, after the first mobile terminal receives the networking application information, it can display an operation interface, and the user can configure and select the network usage time and the speed limit policy on the operation interface.

Step S220, the first mobile terminal encrypts the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain encrypted information.

In this embodiment, in order to prevent a malicious terminal device from configuring the wireless network device, the first terminal may use the second management account password to encrypt the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy.

Step S230, the first mobile terminal generates a second identification code according to the encrypted information and the second management address of the wireless network device.

In this embodiment, the second identification code may be sent by the first mobile terminal to the second mobile terminal, or sent to the user using the second mobile terminal in the other manner.

Step S240, the second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends networking configuration information carrying the encrypted information to the second management address.

In this embodiment, after establishing a network connection with the wireless network device, the second mobile terminal may send the encrypted information to the wireless network device according to the second management address.

In a possible implementation manner, in step S230, the first mobile terminal may generate the second identification code according to the encrypted information, the second WiFi name, the second WiFi password, and the second management address of the wireless network device.

Then in step S240, the second mobile terminal can obtain the second WiFi name, the second WiFi password, the second management address and the encrypted information by scanning the second identification code. Then the second mobile terminal can access the wireless local area network provided by the wireless network device according to the second WiFi name and the second WiFi password, and send the networking configuration information carrying the encrypted information to the second management address through the wireless local area network.

In this way, the user using the second mobile terminal does not need to know the second WiFi name and the second WiFi password of the wireless network device in advance, and does not need to perform a manual selection operation to enable the second mobile terminal to automatically access the WiFi provided by the wireless network device and send the networking configuration information.

It can be understood that at this time, although the second mobile terminal can access the wireless local area network provided by the wireless network device, it does not immediately access the Internet through the wireless network device, and needs to go through the subsequent processing steps of the wireless network device before it can access the Internet through the wireless network device.

Step S250, the wireless network device decrypts the encrypted information in the received networking configuration information according to the second management account password, and obtains the communication identifier of the second mobile terminal, the network usage time and the speed limit policy.

In this embodiment, the wireless network device may decrypt the encrypted information according to the pre-stored second management account password. If the decryption is successful, it means that the networking configuration information does come from the first mobile terminal having management authority for the wireless network device, and the wireless network device acquires and decrypts the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy.

In step S260, the wireless network device adds the second mobile terminal to a whitelist for allowing Internet access according to the communication identifier of the second mobile terminal, and limits the online time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

For example, the wireless network device may add the MAC address of the second mobile terminal to a white list allowing Internet access, and then set the network usage time setting and speed limit setting related to the MAC address. After such setting, the wireless network device can allow the Internet traffic of the second mobile terminal.

Based on the above design, the wireless network device configuration method provided in this embodiment can enable the second mobile terminal to initiate information interaction with the first mobile terminal through the scanning action of the second mobile terminal that needs to access the wireless network device when the first mobile terminal having management authority for the wireless network device cannot directly communicate with the wireless network device, so as to automatically configure the wireless network device so that the second mobile terminal obtains the right to access the Internet through the wireless network device. The entire process of information transmission and data configuration does not require users to perform complicated manual operations, which greatly improves the efficiency of wireless network device configuration and reduces the possibility of configuration errors.

Further, in order to prevent the second mobile terminal from repeatedly using the same networking configuration information to obtain extended online time, in some possible implementation manners, the first mobile terminal may set some kind of unique identifier in the encrypted information.

For example, in step S230, the first mobile terminal may obtain the current time as the authorization time, and then encrypt the authorization time, the communication identifier of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain the encrypted information.

In step S260, the wireless network device may decrypt the encrypted information in the networking configuration information received this time according to the second management account password, and obtain the communication identifier of the second mobile terminal, the network usage time, the speed limit policy and the authorization time.

Then, the wireless network device detects whether it has ever received historical networking configuration information with the same authorization time as the networking configuration information received this time.

If the historical networking configuration information with the same authorization time as the networking configuration information received this time has been received, it means that the networking configuration information received this time was sent by the second mobile terminal, that is, the second mobile terminal may reuse the same networking configuration information to obtain an extended Internet access time, so the wireless network device does not process the networking configuration information this time.

If the historical networking configuration information with the same authorization time as the network configuration information received this time has not been received, it means that the network connection configuration information received this time is new, and the wireless network device can record the network connection configuration information received this time as historical network configuration information, and then perform the steps of adding the second mobile terminal to the white list of allowing Internet access, and limiting the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

In a possible implementation manner, the wireless network device is also communicatively connected to a network security server, and the method further includes:

When the wireless network device receives an unknown information access request for updating the current network configuration information, it intercepts when the unknown information access request does not match a whitelist member in the trusted white list, and sends the access configuration information in the unknown information access request to the network security server while intercepting;

The network security server acquires a set of historical network events corresponding to each access configuration attribute in the access configuration information, and after finding a target network attack event related to the routing operation environment of the wireless network device in the set of historical network events, update the routing security protection policy of the wireless network device on the network security server based on the preset update policy of the target network attack event, and simulate network security attack event information in the virtual security protection environment of the wireless network device based on the updated routing security protection policy;

Obtaining response interception behavior objects of multiple response interception behaviors in response to the network security attack event information in the virtual security protection environment of the wireless network device, and acquiring multiple historical interception extension tracking behaviors related to the multiple response interception behaviors, any historical interception extension tracking behavior includes an extension tracking object and an extension tracking path set;

According to the extended tracking object of each historical interception extended tracking action and the response interception action objects of multiple response interception actions, determine the response interception behavior to which each historical interception extended tracking action belongs;

According to the set of extended tracing paths of each historical interception extended tracing behavior and the response interception behavior to which each historical interception extended tracing behavior belongs, the multiple historical interception extended tracing behaviors are clustered to obtain the response interception behaviors to which the multiple historical interception extended tracing behavior clusters respectively belong;

According to the response interception behaviors to which the plurality of historical interception extended tracking behavior clusters respectively belong, determine the response interception behavior to which each extended tracking behavior in the plurality of historical interception extended tracking behaviors belongs, and after establishing an association relationship between each extended tracking behavior and the response interception behavior to which each extended tracking behavior belongs, perform an extended update on the routing security protection policy based on the established association relationship information, so as to send the expanded and updated routing security protection policy to the wireless network device for automatic response configuration.

Based on the above design, the wireless network device configuration method provided in this embodiment can update the network security policy of the wireless network device in the cloud, and perform extended updates in combination with simulated behavior and historical behavior during the update process, so as to improve the network security of subsequent wireless network devices. Traditional solutions usually only focus on simple interception.

Optionally, when performing the acquisition of a plurality of historical interception extended tracking actions related to the plurality of response interception actions, an original interception extended tracking action set may be obtained, and any original interception extended tracking action set includes an extended tracking object and an extended tracking path set; then, from the original interception extended tracking action set, an original interception extended tracking action that matches at least one response interception action object among the plurality of response interception action objects is determined, and the matched multiple original interception extended tracking actions are used as multiple historical interception extended tracking actions related to the plurality of response interception actions.

Optionally, the response interception behavior object includes a response interception behavior category and a response interception behavior coverage area. When performing the original interception extended tracking behavior determined to match at least one response interception behavior object among the plurality of response interception behavior objects from the original interception extended tracking behavior set, if the extended tracking object in the original interception extended tracking behavior matches the target response interception behavior category, then it is determined that the original interception extended tracking behavior is the original interception extended tracking behavior matching the response interception behavior object corresponding to the target response interception behavior category, and the target response interception behavior category belongs to multiple response interception behavior categories.

Optionally, when executing any historical interception extended tracking behavior, according to the extended tracking object of any historical interception extended tracking behavior and the response interception behavior objects of multiple response interception behaviors, when determining the response interception behavior to which any historical interception extended tracking behavior belongs, determine from the multiple response interception behavior objects a target response interception behavior object that matches the extended tracking object in any of the historical interception extended tracking behaviors; and then use the response interception behavior corresponding to the target response interception behavior object as the response interception behavior to which any historical interception extended tracking behavior belongs.

Optionally, when executing the extended tracing path set of each historical intercepting extended tracing behavior and the response intercepting behavior to which each historical intercepting extended tracing behavior belongs, performing clustering processing on the multiple historical intercepting extended tracing behaviors to obtain the response intercepting behaviors to which the multiple historical intercepting extended tracing behavior clusters respectively belong, a first preset clustering number may be obtained, and according to the extended tracing path set of each historical intercepting extended tracking behavior and the first preset clustering number, divide the multiple historical intercepting extended tracking behaviors into multiple original intercepting extended tracking behavior libraries. Then, according to the response interception behavior to which the history interception extension tracking behavior belongs in each original interception extension tracking behavior library, multiple historical interception extension tracking behavior clusters and the response interception behavior to which each history interception extension tracking behavior cluster belongs are determined.

Wherein, when executing the response interception behavior to which the historical interception extension tracking behavior in each original interception extension tracking behavior library belongs, a plurality of historical interception extension tracking behavior clusters and the response interception behavior to which each historical interception extension tracking behavior cluster belongs are determined, the number of the first behaviors of the historical interception extension tracking behavior contained in the original interception extension tracking behavior library can be counted, and then the original interception extension tracking behavior library is divided into multiple unit original interception extension tracking behavior libraries, and the historical interception extension tracking behaviors in any unit original request cluster belong to the same response interception behavior. Then obtain the target unit original interception extended tracking behavior library containing the most historical interception extended tracking behavior library from multiple unit original interception extended tracking behavior libraries, and count the number of second behaviors of historical interception extended tracking behavior contained in the target unit's original interception extended tracking behavior library.

If the ratio between the first behavior quantity and the second behavior quantity is not less than the preset response interception behavior ratio, the original interception extended tracking behavior library is determined as a historical interception extended tracking behavior cluster, and the response interception behavior corresponding to the original interception extended tracking behavior library of the target unit is used as the response interception behavior to which the historical interception extended tracking behavior cluster belongs.

If the ratio between the first behavior number and the second behavior number is smaller than the preset response interception behavior ratio, then adjust the first preset clustering number to obtain a second preset clustering number.

Then, according to the second preset number of clusters, re-cluster the historical interception extended tracking behaviors in the original interception extended tracking behavior library to obtain the historical interception extended tracking behavior clusters and the response interception behaviors to which the historical interception extended tracking behavior clusters belong.

In a possible implementation manner, the multiple history intercepting extended tracing actions include a first historical intercepting extended tracing action and a second historical intercepting extended tracing action. When executing the extended tracing path set and the first preset clustering quantity of each historical intercepting extended tracing behavior, when dividing a plurality of historical intercepting extended tracing behaviors into a plurality of original intercepting extended tracing behavior libraries, counting the number of extended tracing behavior linkages between the first historical intercepting extended tracing behavior and the second historical intercepting extended tracing behavior; obtaining the maximum number of extended tracing behaviors from the first historical intercepting extended tracing behavior and the second historical intercepting extended tracing behavior; Combining the tracing behavior and the second historical interception extension tracing behavior into an original interception extension tracing behavior library; or

In another possible implementation manner, the multiple history intercepting extended tracing actions include a first historical intercepting extended tracing action and a second historical intercepting extended tracing action. When executing the extended tracing path set and the first preset clustering quantity according to each historical intercepting extended tracing behavior, when dividing a plurality of historical intercepting extended tracing behaviors into a plurality of original intercepting extended tracing behavior libraries, counting the number of extended tracing behaviors of the first historical intercepting extended tracing behavior and the second historical intercepting extended tracing behavior; counting the total amount of extended tracing behaviors of the first historical intercepting extended tracing behavior and the second historical intercepting extended tracing behavior; Combining with the second historical interception extension tracking behavior to form an original interception extension tracking behavior library; or

In another possible implementation manner, the plurality of history intercepting extended tracking behaviors include a first historical intercepting extended tracking action and a second historical intercepting extended tracking action, and both the first historical intercepting extended tracking action and the second historical intercepting extended tracking action further include the behavior participation degree of the extended tracking action. When executing the extended tracking path set and the first preset clustering quantity of each historical intercepting extended tracking behavior, when dividing multiple historical intercepting extended tracking behaviors into a plurality of original intercepting extended tracking behavior libraries, obtaining the shared extended tracking behavior of the first historical intercepted extended tracking behavior and the second historical intercepted extended tracking behavior; determining the behavior participation weight according to the difference between the behavior participation degree of the shared extended tracking behavior in the first historical intercepted extended tracking behavior and the behavior participation degree of the shared extended tracking behavior in the second historical intercepted extended tracking behavior; if the behavior participation weight is less than the first preset number of clusters , then combine the first historical interception extension tracing behavior and the second history interception extension tracing behavior into an original interception extension tracing behavior library.

Optionally, when executing any extended tracking behavior among the plurality of historical interception extended tracking behaviors, and determining the response interception behavior to which each extended tracking behavior in the plurality of historical interception extended tracking behavior clusters respectively belongs according to the response interception behaviors to which each of the multiple historical interception extended tracking behavior clusters belongs, the number of extended tracking times of any of the extended tracking behaviors in each response interception behavior and the total number of extended tracking times of the any extended tracking behavior in all response interception behaviors can be counted according to the response interception behaviors to which each of the multiple historical interception extended tracking behavior clusters belongs; If the value is greater than the preset ratio, the response interception behavior corresponding to the maximum number of extended tracking times is used as the response interception behavior to which any of the extended tracking behaviors belongs.

Optionally, when performing the extended update of the routing security protection policy based on the established association relationship information, so as to send the expanded and updated routing security protection policy to the wireless network device for automatic response configuration, search for a policy rule set corresponding to each extended tracking behavior according to each extended tracking behavior in the established association relationship information and the response interception behavior to which each extended tracking behavior belongs, and after obtaining corresponding rules to be updated from the policy rule set according to the response interception behavior to which each extended tracking behavior belongs, then update the routing security protection policy based on the rules to be updated. The routing security protection policy with updated rules is sent to the wireless network device for automatic response configuration.

This embodiment also provides a wireless network device configuration system, the system includes a first mobile terminal and a wireless network device.

The first mobile terminal is configured to scan a first identification code on the wireless network device to obtain a first WiFi name, a first WiFi password, a first management address, and a first management account password prestored by the wireless network device; access a wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password; respond to a user operation, obtain network configuration information set by the user, and the network configuration information includes an updated second WiFi name, second WiFi password, second management address or second management account password; Send a configuration request carrying the first management account password and the network configuration information to the first management address .

The wireless network device is configured to verify the configuration request according to the pre-stored password of the first management account, and apply the network configuration information after the verification is passed.

In some possible implementation manners, the system further includes a second mobile terminal.

The first mobile terminal is also used to acquire the communication identification, network use time and speed limit policy of the second mobile terminal; encrypt the communication identification of the second mobile terminal, the network use time and the speed limit policy according to the second management account password to obtain encrypted information; generate a second identification code according to the encrypted information and the second management address of the wireless network device;

The second mobile terminal is configured to obtain the second management address and the encrypted information by scanning the second identification code, and send networking configuration information carrying the encrypted information to the second management address;

The wireless network device is further configured to decrypt the encrypted information in the received networking configuration information according to the second management account password, and obtain the communication identification of the second mobile terminal, the network usage time, and the speed limit policy; add the second mobile terminal to a whitelist for allowing Internet access according to the communication identification of the second mobile terminal, and limit the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

In some possible implementation manners, the first mobile terminal is further configured to obtain the current time as the authorization time.

The first mobile terminal is specifically used to obtain the current time as the authorization time; use the second management account password to encrypt the authorization time, the communication identification of the second mobile terminal, the network usage time and the speed limit policy to obtain the encrypted information;

The wireless network device is specifically configured to decrypt the encrypted information in the networking configuration information received this time according to the second management account password, and obtain the communication identifier of the second mobile terminal, the network usage time, the speed limit policy, and the authorization time; detect whether historical networking configuration information with the same authorization time as the networking configuration information received this time has been received; if so, do not process the networking configuration information this time; A step of adding a whitelist allowing Internet access, and restricting the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy.

To sum up, the wireless network device configuration method and system provided by the present application enable the mobile terminal to automatically complete actions such as WiFi access and network configuration of the wireless network device by scanning the identification code set on the wireless network device through the mobile terminal, without requiring the user to perform a large number of complicated manual operations, thereby improving the efficiency of wireless network device configuration and reducing the possibility of configuration errors.

In the embodiments provided in this application, it should be understood that the disclosed devices and methods may also be implemented in other ways. The device embodiments described above are only illustrative. For example, the flowcharts and block diagrams in the accompanying drawings show the architecture, functions and operations of possible implementations of devices, methods and computer program products according to multiple embodiments of the present application. In this regard, each block in the flowchart or block diagram may represent a module, program segment, or a portion of code that includes one or more executable instructions for implementing specified logical functions. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It should also be noted that each block in the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or actions, or by combinations of special purpose hardware and computer instructions.

In addition, each functional module in each embodiment of the present application may be integrated to form an independent part, each module may exist independently, or two or more modules may be integrated to form an independent part.

If the functions are implemented in the form of software function modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on such an understanding, the technical solution of the present application is essentially or part of the contribution to the prior art or a part of the technical solution can be embodied in the form of a software product, the computer software product is stored in a storage medium, and includes several instructions to make a computer device (which can be a personal computer, server, or network device, etc.) execute all or part of the steps of the method described in each embodiment of the application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, and other media that can store program codes.

It should be noted that in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements but also other elements not expressly listed or which are inherent to such process, method, article or apparatus. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

The above are just various implementations of the present application, but the scope of protection of the present application is not limited thereto. Anyone skilled in the art within the technical scope disclosed in this application can easily think of changes or substitutions, which should be covered within the scope of protection of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims (7)

1. A wireless network device configuration method, characterized in that the method comprises: The first mobile terminal obtains the first WiFi name, the first WiFi password, the first management address and the first management account password pre-stored in the wireless network device by scanning the first identification code on the wireless network device; The first mobile terminal accesses the wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password; The first mobile terminal responds to user operations and obtains network configuration information set by the user, the network configuration information including the updated second WiFi name, second WiFi password, second management address or second management account password; The first mobile terminal sends a configuration request carrying the first management account password and the network configuration information to the first management address; The wireless network device verifies the configuration request according to the pre-stored password of the first management account, and applies the network configuration information after the verification is passed; The method also includes: The first mobile terminal acquires the communication identification, network usage time and speed limit policy of the second mobile terminal; The first mobile terminal encrypts the communication identification of the second mobile terminal, the network usage time and the speed limit policy according to the second management account password to obtain encrypted information; The first mobile terminal generates a second identification code according to the encrypted information and the second management address of the wireless network device; The second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends networking configuration information carrying the encrypted information to the second management address; The wireless network device decrypts the encrypted information in the received networking configuration information according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time, and the speed limit policy; The wireless network device adds the second mobile terminal to a whitelist allowing the Internet access according to the communication identification of the second mobile terminal, and limits the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit strategy; The first mobile terminal encrypts the communication identification of the second mobile terminal, the network usage time and the speed limit policy according to the second management account password to obtain encrypted information, including: The first mobile terminal obtains the current time as the authorization time; The first mobile terminal uses the second management account password to encrypt the authorization time, the communication identification of the second mobile terminal, the network usage time and the speed limit policy to obtain the encrypted information; The wireless network device decrypts the received encrypted information according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time and the speed limit policy, including: The wireless network device decrypts the encrypted information in the networking configuration information received this time according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time, the speed limit policy and the authorization time; The wireless network device detects whether it has ever received historical networking configuration information with the same authorization time as the networking configuration information received this time; If so, the networking configuration information described this time will not be processed; If not, then record the networking configuration information received this time as historical networking configuration information, and then perform the step of adding the second mobile terminal to the whitelist of allowing Internet access, and limiting the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit policy. 2. The method according to claim 1, wherein the first mobile terminal scans the first identification code on the wireless network device to obtain the first WiFi name, the first WiFi password, the first management address and the first management account password prestored by the wireless network device, including: The first mobile terminal obtains the identity of the wireless network device by scanning the first identification code on the wireless network device; The first mobile terminal sends a login information acquisition request to the server, and the login information acquisition request carries the identity of the wireless network device; The server searches for the first WiFi name, the first WiFi password, the first management address and the first management account password corresponding to the wireless network device according to the identity of the wireless network device in the received login information acquisition request and sends them to the first mobile terminal. 3. The method according to claim 2, wherein the method further comprises: The server pre-records the corresponding relationship between the identity of the user who purchased the wireless network device and the identity of the wireless network device; The step of the first mobile terminal sending a login information acquisition request to the server includes: The first mobile terminal sends a login information acquisition request carrying the identity of the user logged in on the first mobile terminal and the identity of the wireless network device to the server; The server searches for the initial first WiFi name, first WiFi password, first management address and first management account password of the wireless network device according to the identity of the wireless network device in the received login information acquisition request and sends them to the first mobile terminal, including: The server verifies whether the identity of the user in the login information acquisition request matches the identity of the wireless network device according to the pre-stored correspondence; If they match, search for the first WiFi name, first WiFi password, first management address and first management account password corresponding to the identity of the wireless network device and send them to the first mobile terminal. 4. The method according to claim 1, wherein, before the first mobile terminal obtains the communication identification of the second mobile terminal, the network usage time and the speed limit strategy, the method further comprises: The second mobile terminal obtains the identity of the wireless network device and the address of the server by scanning the first identification code set on the wireless network device; The second mobile terminal sends the wireless network device networking application information according to the address of the server, and the networking application information includes the communication identifier of the second mobile terminal and the identity identifier of the wireless network device; The server searches for a first mobile terminal having management authority for the wireless network device according to the identity of the wireless network device, and sends the networking application information to the first mobile terminal. 5. The method according to claim 1, wherein the step of generating a second identification code by the first mobile terminal according to the encrypted information and the second management address of the wireless network device comprises: The first mobile terminal generates the second identification code according to the encrypted information, the second WiFi name of the wireless network device, the second WiFi password, and the second management address; The second mobile terminal obtains the second management address and the encrypted information by scanning the second identification code, and sends the networking configuration information carrying the encrypted information to the second management address, including: The second mobile terminal obtains the second WiFi name, the second WiFi password, the second management address and the encrypted information by scanning the second identification code; The second mobile terminal accesses the wireless local area network provided by the wireless network device according to the second WiFi name and the second WiFi password, and sends networking configuration information carrying the encrypted information to the second management address through the wireless local area network. 6. The method according to any one of claims 1-5, wherein the wireless network device is also communicatively connected to a network security server, and the method further comprises: When the wireless network device receives an unknown information access request for updating the current network configuration information, it intercepts when the unknown information access request does not match a whitelist member in the trusted white list, and sends the access configuration information in the unknown information access request to the network security server while intercepting; The network security server acquires a set of historical network events corresponding to each access configuration attribute in the access configuration information, and after finding a target network attack event related to the routing operation environment of the wireless network device in the set of historical network events, update the routing security protection policy of the wireless network device on the network security server based on the preset update policy of the target network attack event, and simulate network security attack event information in the virtual security protection environment of the wireless network device based on the updated routing security protection policy; Obtaining response interception behavior objects of multiple response interception behaviors in response to the network security attack event information in the virtual security protection environment of the wireless network device, and acquiring multiple historical interception extension tracking behaviors related to the multiple response interception behaviors, any historical interception extension tracking behavior includes an extension tracking object and an extension tracking path set; According to the extended tracking object of each historical interception extended tracking action and the response interception action objects of multiple response interception actions, determine the response interception behavior to which each historical interception extended tracking action belongs; According to the set of extended tracing paths of each historical interception extended tracing behavior and the response interception behavior to which each historical interception extended tracing behavior belongs, the multiple historical interception extended tracing behaviors are clustered to obtain the response interception behaviors to which the multiple historical interception extended tracing behavior clusters respectively belong; According to the response interception behaviors to which the plurality of historical interception extended tracking behavior clusters respectively belong, determine the response interception behavior to which each extended tracking behavior in the plurality of historical interception extended tracking behaviors belongs, and after establishing an association relationship between each extended tracking behavior and the response interception behavior to which each extended tracking behavior belongs, perform an extended update on the routing security protection policy based on the established association relationship information, so as to send the expanded and updated routing security protection policy to the wireless network device for automatic response configuration. 7. A wireless network device configuration system, characterized in that the system includes a first mobile terminal and a wireless network device; The first mobile terminal is configured to scan a first identification code on the wireless network device to obtain a first WiFi name, a first WiFi password, a first management address, and a first management account password prestored by the wireless network device; access a wireless local area network provided by the wireless network device according to the first WiFi name and the first WiFi password; respond to a user operation, obtain network configuration information set by the user, and the network configuration information includes an updated second WiFi name, second WiFi password, second management address or second management account password; Send a configuration request carrying the first management account password and the network configuration information to the first management address ; The wireless network device is configured to verify the configuration request according to the pre-stored password of the first management account, and apply the network configuration information after the verification is passed; The system also includes a second mobile terminal; The first mobile terminal is also used to acquire the communication identification, network use time and speed limit policy of the second mobile terminal; encrypt the communication identification of the second mobile terminal, the network use time and the speed limit policy according to the second management account password to obtain encrypted information; generate a second identification code according to the encrypted information and the second management address of the wireless network device; The second mobile terminal is configured to obtain the second management address and the encrypted information by scanning the second identification code, and send networking configuration information carrying the encrypted information to the second management address; The wireless network device is further configured to decrypt the encrypted information in the received networking configuration information according to the second management account password, and obtain the communication identifier of the second mobile terminal, the network usage time and the speed limit policy; add the second mobile terminal to a whitelist for allowing Internet access according to the communication identifier of the second mobile terminal, and limit the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit strategy; The first mobile terminal encrypts the communication identification of the second mobile terminal, the network usage time, and the speed limit policy according to the second management account password to obtain encrypted information, including: The first mobile terminal obtains the current time as the authorization time; The first mobile terminal uses the second management account password to encrypt the authorization time, the communication identification of the second mobile terminal, the network usage time and the speed limit policy to obtain the encrypted information; The wireless network device decrypts the received encrypted information according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time and the speed limit policy, including: The wireless network device decrypts the encrypted information in the networking configuration information received this time according to the second management account password, and obtains the communication identification of the second mobile terminal, the network usage time, the speed limit policy and the authorization time; The wireless network device detects whether it has ever received historical networking configuration information with the same authorization time as the networking configuration information received this time; If so, the networking configuration information described this time will not be processed; If not, then record the networking configuration information received this time as historical networking configuration information, and then perform the operation of adding the second mobile terminal to the whitelist of allowing Internet access, and restricting the Internet access time and speed of the second mobile terminal according to the network usage time and the speed limit strategy.