CN107547563A - A kind of authentication method and device - Google Patents
A kind of authentication method and device Download PDFInfo
- Publication number
- CN107547563A CN107547563A CN201710876599.9A CN201710876599A CN107547563A CN 107547563 A CN107547563 A CN 107547563A CN 201710876599 A CN201710876599 A CN 201710876599A CN 107547563 A CN107547563 A CN 107547563A
- Authority
- CN
- China
- Prior art keywords
- server
- certificate server
- certificate
- priority
- master
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The application, which provides a kind of authentication method and device, this method, may include:The priority of each certificate server is calculated according to the load parameter of each certificate server;A certificate server of highest priority is selected as master assurance server;Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is authenticated to terminal.The method provided using the application, the efficiency of user authentication can be effectively improved.
Description
Technical field
The application is related to computer communication field, more particularly to a kind of authentication method and device.
Background technology
RADIUS (Remote Authentication Dial-In User Service, remote authentication dialing user clothes
Business) it is a kind of distributed, client terminal/server structure IT policy, network can be protected not by unauthorized access
Interference, often apply in not only requiring higher-security but also allowing the various network environments of remote user access.It is awarded by certification
Weigh to provide access service, collect by charging, record use of the user to Internet resources.
The structure of authentication mechanism generally use radius client and radius server based on radius protocol,
Radius client is usually placed in NAS (Network Access Server, network access server) equipment.RADIUS
Server can generally be arranged multiple, and one is master assurance server, and others are from certificate server.But master and slave certification clothes
Business device is all pre-configured by developer.But, on the one hand, when in online peak period, the master authentication of human configuration
Server can bear the request of a large number of users moment;On the other hand, only when master assurance server is unreachable, user asks
Can be sent to state be Active (active) from server, so as to cause master assurance server process performance insufficient, influence
The efficiency of user authentication.
The content of the invention
In view of this, the application provides a kind of authentication method and device, to improve the authentication efficiency of user.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the application, there is provided a kind of authentication method, methods described are applied to network access server NAS
Equipment, methods described include:
The priority of each certificate server is calculated according to the load parameter of each certificate server;
A certificate server of highest priority is selected as master assurance server;
Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is to terminal
It is authenticated.
According to the second aspect of the application, there is provided a kind of authentication device, described device are applied to network access server NAS
Equipment, described device include:
Computing unit, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit, for selecting a certificate server of highest priority as master assurance server;
Transmitting element, the certification request for self terminal in future are sent to the master assurance server, so that the master recognizes
Card server is authenticated to terminal.
The application proposes a kind of authentication method, and NAS device can calculate each certification according to the load parameter of each certificate server
The priority of server, and a certificate server of highest priority may be selected as master assurance server.NAS device can incite somebody to action
The certification request for carrying out self terminal is sent to the master assurance server, so that the master assurance server is authenticated to terminal.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set
It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to
Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request the master being adapted to its process performance
Certificate server.Therefore, during user authentication, the process performance of each server can be made full use of, is greatly improved
The efficiency of user authentication.
Brief description of the drawings
Fig. 1 be a kind of user, radius client and radius server shown in the exemplary embodiment of the application one it
Between interaction flow;
Fig. 2 is the certification group-network construction figure shown in the exemplary embodiment of the application one;
Fig. 3 is the flow chart of the authentication method shown in the exemplary embodiment of the application one;
Fig. 4 is a kind of hardware structure diagram of authentication device place NAS device shown in the exemplary embodiment of the application one;
Fig. 5 is a kind of block diagram of authentication device shown in the exemplary embodiment of the application one.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
It is only merely for the purpose of description specific embodiment in term used in this application, and is not intended to be limiting the application.
" one kind " of singulative used in the application and appended claims, " described " and "the" are also intended to including majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped
Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
The structure of authentication mechanism generally use radius client and radius server based on radius protocol.
Wherein, radius client is usually placed in NAS (Network Access Server, network access server)
In equipment, whole network can be spread all over, transmitting subscriber information can be responsible for the radius server specified, then can be according to from clothes
The information that device returns of being engaged in carries out respective handling (such as receiving/refusal user access).
The radius server is typically operated on central computer or work station, can safeguard correlation user authentication and
Network service access information, it is responsible for receiving user's connection request and certification user, then returns to institute's letter in need to client
Breath is (such as receiving/refusal certification request).
Referring to Fig. 1, Fig. 1 be a kind of user terminal shown in the exemplary embodiment of the application one, radius client and
Interaction flow between radius server.The interaction flow is as follows:
Step 101:User initiates certification request, and username and password is sent to radius client.
Step 102:Radius client sends certification request according to the username and password of acquisition to radius server
Bag, password therein are encrypted in the presence of shared key by MD5 algorithms.
Step 103:Radius server is authenticated to username and password.
Step 104:If certification success, radius server sends certification to radius client and receives bag;If recognize
Card fails, then return authentication refusal bag.Because radius protocol incorporates certification and the process authorized, therefore certification receives in bag
It also contains the authorization message of user.
Step 105:Radius client accesses according to the authentication result received/refuse user.
Step 106:If allowing user to access, radius client sends accounting start request to radius server
Bag.
Step 107:Radius server returns to charging and begins to respond to wrap, and starts charging.
Step 108:User starts to access Internet resources;
Step 109:User's request disconnects;
Step 110:Radius client sends accounting stop request bag to radius server.
Step 111:Radius server returns to charging and terminates response bag, and stops charging.
Step 112:Radius client notifies user to terminate to access Internet resources.
User terminal can complete the access to Internet resources by the interaction of above-mentioned steps 101 to step 112.
However, in order to safeguard certification, mandate and the stability of billing function, in the above-mentioned group-network construction based on RADIUS
In, it generally can configure multiple radius servers.Developer can be manually configured one of radius server and recognize as master
Server is demonstrate,proved, other radius servers are used as from certificate server.Generally, when NAS device receives user terminal transmission
After certification request, the certification request can be sent to master assurance server, the certification request is recognized by master assurance server
The processing such as card, mandate and charging.
But in online peak period, on the one hand, send to master assurance server when there is substantial amounts of user authentication request
During row processing, because master assurance server moment bears the certification request of a large number of users;On the other hand, only in master authentication service
When device is unreachable, user request can just be sent to state be Active (active) from server, cause master assurance server
Process performance deficiency, and then cause the efficiency of user authentication process to substantially reduce.
In view of this, the application proposes a kind of authentication method, and NAS device can be according to the load parameter meter of each certificate server
The priority of each certificate server is calculated, and a certificate server of highest priority may be selected as master assurance server.NAS
Equipment can future self terminal certification request be sent to the master assurance server so that the master assurance server is entered to terminal
Row certification.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set
It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to
Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request the master being adapted to its process performance
Certificate server.Therefore, during user authentication, the process performance of each server can be made full use of, is greatly improved
The efficiency of user authentication.
Referring to Fig. 2, Fig. 2 is the certification group-network construction figure shown in the exemplary embodiment of the application one.In the group-network construction,
It generally may include user terminal, NAS device and radius server.
Wherein, above-mentioned user terminal can be authenticated by NAS device on radius server, is obtained and is accessed other
The right of network or the right for obtaining some Internet resources.
Radius client is installed, NAS device can be responsible for transmitting subscriber information to specifying on above-mentioned NAS device
Radius server, respective handling then can be carried out according to the information returned from server (as receiving/refusal user accesses).
Above-mentioned certificate server, typically operate on central computer or work station, can safeguard correlation user authentication and
Network service access information, it is responsible for receiving user's connection request and certification user, then returns to institute's letter in need to client
Breath is (such as receiving/refusal certification request).In the group-network construction of certification described herein, above-mentioned certificate server can be disposed with
It is multiple.Unlike correlation technique, in the related art, the master and slave role of certificate server is pre-configured, and
In the application, the role of certificate server is selected according to the load dynamic of the certificate server by NAS device.NAS device
According to the load of each certificate server, the selected master assurance server of dynamic, user authentication request is carried out by master assurance server
Processing, so as to take full advantage of the resource of each certificate server, substantially increases authentication efficiency.
In addition, above-mentioned certificate server, can include the server with functions such as certification, mandate, chargings, can include
Radius server, merely just certificate server is exemplarily illustrated, it not carried out specifically defined.
Before authentication method described herein is introduced, first to it is used herein to noun explain.
The priority of certificate server, the performance of the certification request of certificate server processing user can be characterized, this is preferential
Level is related to the load of certificate server.Certificate server load is lower, shows the performance of certificate server processing user's request
Higher, the priority of certificate server is higher.
The load parameter of certificate server, can include the CPU usage of certificate server, and the internal memory of certificate server makes
With rate and the remaining load value of the certificate server etc., exemplary theory merely just is carried out to the parameter that load specifically includes
It is bright, it is not carried out specifically defined.
The remaining load value of certificate server, it can be understood as the current also supported certification number of users of certificate server
Amount.
The optimal load value of certificate server, it can be configured in advance on certificate server by developer, this is most
Excellent load value can characterize the theoretical value of the supported certification user total amount of certificate server.
The current load value of certificate server, it can be understood as certificate server is currently authenticated the user of processing
Quantity.
The remaining load value of above-mentioned certificate server is the optimal load value and certificate server of above-mentioned certificate server
The difference of current load value.
Below so that above-mentioned certificate server is RADIUS authentication server as an example, above-mentioned authentication method is carried out in detail
It is bright.For other kinds of certificate server, its authentication method with it is described below identical, repeat no more herein.
Referring to Fig. 3, Fig. 3 is the flow chart of the authentication method shown in the exemplary embodiment of the application one.Authentication method master
It may include step as described below.
Step 301:NAS device calculates the priority of each certificate server according to the load parameter of each certificate server;
In the embodiment of the present application, NAS device can obtain the load parameter of each radius server, then according to each
The load parameter of radius server calculates the priority of each server.
Generally, before being authenticated, network management personnel can carry out some configurations on each radius server, such as open
Hair personnel can configure the IP address of radius server, configure the certification end slogan and the RADIUS service of radius server
The optimal load value of device.
For example, it is assumed that there are two radius servers, respectively server A and server B in networking.
The IP address that network management personnel can configure server A be 10.0.0.1, and certification end slogan is 1812 and optimal
Load value is 8000.
The IP address that network management personnel also configures server B is 20.0.0.1, and certification end slogan is 1813, optimal load
It is worth for 1000.
It should be noted that when configuring the optimal load value of radius server, network management personnel can basis
The performance of radius server, such as the theoretical value of the accessible user's number of radius server, to configure radius server
Optimal load value.
In the embodiment of the present application, NAS device can establish NETCONF between radius server and be connected, and NAS device can
Connected by NETCONF, periodically obtain the load parameter of radius server, CPU usage such as radius server,
Memory usage and remaining load value.
Certainly, NAS device also sends the instruction for obtaining load parameter to each certificate server.Each certificate server connects
After receiving the instruction, the load parameter of the certificate server can be returned to NAS device.Here NAS device is not obtained and respectively recognized
The load parameter of card server is especially limited.
When calculating the priority of radius server according to the load parameter of radius server, NAS device can be
After a cycle terminates, this week of the radius server is calculated based on the load of the radius server got in the cycle
The priority of phase, and record the priority in RADIUS each cycles.
For example, it is assumed that the above-mentioned cycle is 10 minutes, NAS device receives the load that each radius server is sent for every 10 minutes
Parameter.For example, 9:00-9:10 be a cycle, and NAS device can be based on 9:00-9:Each radius server received in 10
Load parameter, calculate 9:00-9:The priority of each radius server in 10 this cycle, and record.In another example 9:10-
9:20 be another cycle, and NAS device can be based on 9:10-9:The load parameter of each radius server received in 20, meter
Calculate 9:10-9:The priority of each radius server in 20 this cycle, and record.
Certainly, NAS device can also calculate the cycle where current time when receiving the certification request of user terminal transmission
Upper a cycle radius server priority.
For example, still so that the above-mentioned cycle is 10 minutes as an example, 9:00-9:10 be a cycle, 9:10-9:20 be another week
Phase.Assuming that (i.e. current time) is 9 at the time of NAS device receives the certification request of user terminal transmission:15, then NAS device
Can be according to the cycle (i.e. 9 where current time:10-9:20 this cycle) upper a cycle (i.e. 9:00-9:10 this cycle)
The load parameter of each radius server got, each radius server is calculated 9:00-9:10 this cycle it is preferential
Level.
It should be noted that merely just to the exemplary illustration for calculating radius server priority, not to calculating
The sequential of radius server priority carries out specifically defined.
When calculating the priority of radius server, in a kind of optional implementation, NAS device can first foundation
The load parameter of radius server calculates the priority correction factor X of the radius server, then again according to the RADIUS
The optimal load value M of server, the priority correction factor X and all radius servers of the radius server by with
The optimal load value sum N put, calculate the priority of the certificate server.
For example, the priority (%) of the radius server can be calculated using equation below:
Wherein, AiFor the priority of i-th of radius server, MiFor the optimal load value of i-th of radius server, N
The optimal load value sum being configured for all certificate servers, XiFor the priority correction factor of i-th of radius server.
Wherein, above-mentioned priority correction factor X be the CPU usage based on radius server, memory usage and
Remaining load value is calculated.CPU usage, the memory usage of radius server are higher, illustrate the RADIUS service
Device is busier, and the process performance of certification request is poorer, then the priority factor of the radius server calculated is relatively low.It is remaining
Load value is higher, show radius server can receive authentication processing user's number it is more, then the RADIUS that calculates clothes
The priority factor of business device is then higher.In actually calculating, to consider three and be calculated.
Therefore, when calculating priority correction factor X, it is corresponding that the above-mentioned CPU usage being pre-configured with can be read in NAS device
Weighted value F1, weighted value F2 corresponding to above-mentioned memory usage and above-mentioned remaining load value corresponding to weighted value F3, so as to
Determine above-mentioned F1, F2 and F3.
For each radius server, NAS device can make according to CPU usage, the internal memory of the radius server
With rate, remaining load value and above-mentioned F1, F2, F3, the priority factor X of the radius server is calculated.
According to the load parameter of radius server, such as can be used according to CPU usage, the internal memory of radius server
Rate and remaining load value and CPU usage, memory usage and weighted value corresponding to remaining load value difference, to calculate this
The priority correction factor of radius server.
Step 302:One certificate server of NAS device selection highest priority is as master assurance server;
Step 303:The certification request of NAS device self terminal in future is sent to the master assurance server, so that the master
Certificate server is authenticated to terminal.
In the embodiment of the present application, if NAS device calculating each radius server load parameter is in each cycle
After end, the priority of radius server is calculated according to the load parameter of each radius server received in the cycle,
Then NAS device is each corresponding to the upper a cycle in cycle where current time may be selected when receiving the certification request of user
The priority of radius server, it is alternatively that the foundation of master assurance server.
If NAS device is when receiving the certification request of user, the upper a cycle in cycle where calculating current time
Radius server priority, then NAS device can be by the foundation of the result of calculation alternatively master assurance server.
It is determined that after the selection gist of selection master assurance server, the RADIUS clothes of highest priority may be selected in NAS device
Business device, as master assurance server.
For example, it is assumed that there is two certificate servers in above-mentioned certification networking, respectively server A and server B, NAS is set
During for the certification request sent in the terminal device for receiving user 1, it is assumed that week where the current time that NAS device is calculated
The priority of the server A in the upper cycle of phase is 80%, and the priority of server B is 60%, then NAS device selection server
A is used as from certificate server as master assurance server, server B.
After NAS receives the certification request of terminal transmission of user 2, it is assumed that the current time that NAS device is calculated
The priority of the server A in a upper cycle in place cycle is 55%, and the priority of server B is 65%, then NAS device selects
Server B is used as from certificate server as master assurance server, server A.
In the embodiment of the present application, it is determined that after master assurance server, the certification request of user can be sent to by NAS device
Master assurance server, user terminal is authenticated by master assurance server.
Generally, due to there may be the reasons such as master assurance server network connection status is bad, master assurance server may
The situation of authentication response time-out occurs, now, in order to improve the response speed of user authentication request, in master assurance server certification
After time-out, the certification request can be sent to priority in other radius servers except the master assurance server by NAS device
Highest radius server, user request is handled by the radius server.
In the embodiment of the present application, NAS device, which can detect, is sending the certification request of the user to the master authentication service
Whether authentication response that the master assurance server return is received in preset duration after device.If NAS device detects
The certification request of the user is being sent to being not received by the master authentication in the preset duration after the master assurance server
The authentication response that server returns, then select again from other radius servers in addition to the master assurance server excellent
First one radius server of level highest, the master assurance server is updated to the radius server of the selection, and return
Return above-mentioned steps 303, will the certification request be sent to master assurance server.
For example, it is assumed that above-mentioned certification networking includes 3 radius servers, respectively server A, server B kimonos
Be engaged in device C.
Assuming that the priority for server A, server B and the server C that NAS device calculates is respectively 80%, 70% and
60%.After user authentication request is received, the certification request of user can be sent to server A by NAS device, by server A
It is authenticated handling.
Now, whether the detectable server A of NAS device returns to the certification for the certification request in above-mentioned preset duration
Response.If not, NAS device can select the radius server of highest priority (i.e. from other servers except server A
Server B), the certification request can be sent to server B by NAS device, and the certification request is handled by server B.
Whether the also detectable server B of NAS device returns to the certification sound for the certification request in above-mentioned preset duration
Should.If not, NAS device can select the RADIUS of highest priority to take from except other of server A and server B server
The certification request can be sent to server C, the certification request is entered by server C by business device (i.e. server C), NAS device
Row processing, by that analogy, until receiving the authentication response for the certification request.
In view of this, the application proposes a kind of authentication method, and NAS device can be according to the load parameter meter of each certificate server
The priority of each certificate server is calculated, and a certificate server of highest priority may be selected as master assurance server.NAS
Equipment can future self terminal certification request be sent to the master assurance server so that the master assurance server is entered to terminal
Row certification.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set
It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to
Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request to be recognized with what its process performance was adapted to
Demonstrate,prove server.Therefore, during user authentication, the process performance of each server can be made full use of, is substantially increased
The efficiency of user authentication.
Referring to Fig. 4, the application also provides a kind of hardware architecture diagram of NAS device, and the NAS device includes:Communication interface
401st, processor 402, memory 403 and bus 404;Wherein, communication interface 401, processor 402 and memory 403 are by total
Line 404 completes mutual communication.
Wherein, communication interface 401, for being communicated with certificate server and forwarding unit.Processor 402 can be one
CPU, memory 403 can be nonvolatile memory (non-volatile memory), and is stored with memory 403
The logical order of certification, processor 402 can perform the logical order of the certification stored in memory 403, to realize above-mentioned Fig. 3
The function of certification in shown flow.
So far, the hardware configuration description shown in Fig. 4 is completed.
Fig. 5 is refer to, Fig. 5 is a kind of authentication device block diagram shown in the exemplary embodiment of the application one, and the device can answer
With on NAS device, the device may include unit as follows.
Computing unit 501, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit 502, for selecting a certificate server of highest priority as master assurance server;
Transmitting element 503, the certification request for self terminal in future are sent to the master assurance server, so that the master
Certificate server is authenticated to terminal.
Optionally, the computing unit 501, specifically for for each certificate server, according to the certificate server
Load parameter calculates the priority correction factor X of the certificate server;The optimal load value being configured according to the certificate server
M, the optimal load value sum N that the X and all certificate servers are configured calculates the priority of the certificate server.
Optionally, the load parameter of the certificate server includes CPU usage, memory usage and remaining load
Value;The remaining load value is certificate server currently also supported certification number of users;
The computing unit is calculating the priority amendment of the certificate server according to the load parameter of the certificate server
During coefficient X, it is further used for determining weighted value F1 corresponding to the CPU usage, weighted value corresponding to the memory usage
Weighted value F3 corresponding to F2 and the remaining load value;According to the CPU usage, the memory usage, the residue
Load value and described F1, F2, F3, calculate the priority correction factor X.
Optionally, the computing unit 501 be configured according to the certificate server optimal load value M, the X, with
And the optimal load value sum N that is configured of all certificate servers is further used for when calculating the priority of the certificate server
Calculate the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
Optionally, described device further comprises:
Gravity treatment unit 504, for detecting when sending the certification request to default after the master assurance server
Whether authentication response that the master assurance server return is received in long, if it is not, then again from except the master assurance server
Outside other certificate servers in select highest priority a certificate server, the master assurance server is updated to
The certificate server of the selection, and the step of the certification request for returning to self terminal in future is sent to the master assurance server.
Optionally, described device further comprises:
Acquiring unit 505, load parameter is sent for periodically receiving each certificate server;Or taken to each certification
Business device is sent for obtaining the instruction of load parameter, and is received each certificate server and returned to load parameter according to the instruction.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus
Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method
Apply the part explanation of example.Device embodiment described above is only schematical, wherein described be used as separating component
The unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, not limiting the application, all essences in the application
God any modification, equivalent substitution and improvements done etc., should be included within the scope of the application protection with principle.
Claims (12)
1. a kind of authentication method, it is characterised in that methods described is applied to network access server NAS device, methods described bag
Include:
The priority of each certificate server is calculated according to the load parameter of each certificate server;
A certificate server of highest priority is selected as master assurance server;
Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is carried out to terminal
Certification.
2. according to the method for claim 1, it is characterised in that described to be calculated respectively according to the load parameter of each certificate server
The priority of certificate server, including:
For each certificate server, the priority amendment of the certificate server is calculated according to the load parameter of the certificate server
Coefficient X;
Optimal load value M, the X and all certificate servers being configured according to the certificate server are configured optimal
Load value sum N calculates the priority of the certificate server.
3. according to the method for claim 2, it is characterised in that the load parameter of the certificate server takes including CPU
Rate, memory usage and remaining load value;The remaining load value is certificate server currently also supported certification user
Quantity;
The load parameter according to the certificate server calculates the priority correction factor X of the certificate server, including:
Determine weighted value F1 corresponding to the CPU usage, weighted value F2 corresponding to the memory usage and the residue
Weighted value F3 corresponding to load value;
According to the CPU usage, the memory usage, the remaining load value and described F1, F2, F3, described in calculating
Priority correction factor X.
4. according to the method for claim 2, it is characterised in that the optimal load being configured according to the certificate server
The optimal load value sum N that value M, the X and all certificate servers are configured calculates the priority of the certificate server,
Including:
Calculate the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
5. according to the method for claim 1, it is characterised in that methods described further comprises:
Detection is sending the certification request to whether receiving the master in the preset duration after the master assurance server
The authentication response that certificate server returns,
If it is not, a certification of highest priority is then selected from other certificate servers in addition to the master assurance server
Server, using the certificate server of selection as master assurance server.
6. according to the method for claim 1, it is characterised in that respectively recognize being calculated according to the load parameter of each certificate server
Before the priority for demonstrate,proving server, in addition to:
Periodically receive each certificate server and send load parameter;Or
The instruction for obtaining load parameter is sent to each certificate server, and receives each certificate server and load is returned to according to the instruction
Parameter.
7. a kind of authentication device, it is characterised in that described device is applied to network access server NAS device, described device bag
Include:
Computing unit, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit, for selecting a certificate server of highest priority as master assurance server;
Transmitting element, the certification request for self terminal in future are sent to the master assurance server, so that the master authentication takes
Business device is authenticated to terminal.
8. device according to claim 7, it is characterised in that the computing unit is specifically used for being directed to each authentication service
Device, the priority correction factor X of the certificate server is calculated according to the load parameter of the certificate server;According to the authentication service
The optimal load value sum N that optimal load value M, the X and all certificate servers that device is configured are configured, which calculates this, to be recognized
Demonstrate,prove the priority of server.
9. device according to claim 8, it is characterised in that the load parameter of the certificate server takes including CPU
Rate, memory usage and remaining load value;The remaining load value is certificate server currently also supported certification user
Quantity;
The computing unit is calculating the priority correction factor X of the certificate server according to the load parameter of the certificate server
When, be further used for determining weighted value F1 corresponding to the CPU usage, weighted value F2 corresponding to the memory usage, with
And weighted value F3 corresponding to the remaining load value;According to the CPU usage, the memory usage, the remaining load
Value and described F1, F2, F3, calculate the priority correction factor X.
10. device according to claim 8, it is characterised in that the computing unit according to the certificate server by with
The optimal load value sum N that optimal load value M, the X and all certificate servers put are configured calculates the authentication service
During the priority of device, it is further used for calculating the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
11. device according to claim 7, it is characterised in that described device further comprises:
Gravity treatment unit, for detect send the certification request in the preset duration after the master assurance server whether
The authentication response that the master assurance server returns is received, if it is not, then again from its in addition to the master assurance server
A certificate server of highest priority is selected in his certificate server, the master assurance server is updated to the selection
Certificate server, and the step of the certification request for returning to self terminal in future is sent to the master assurance server.
12. device according to claim 7, it is characterised in that described device also includes:
Acquiring unit, load parameter is sent for periodically receiving each certificate server;Or sent to each certificate server
For obtaining the instruction of load parameter, and receive each certificate server and load parameter is returned to according to the instruction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710876599.9A CN107547563A (en) | 2017-09-25 | 2017-09-25 | A kind of authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710876599.9A CN107547563A (en) | 2017-09-25 | 2017-09-25 | A kind of authentication method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107547563A true CN107547563A (en) | 2018-01-05 |
Family
ID=60964756
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710876599.9A Pending CN107547563A (en) | 2017-09-25 | 2017-09-25 | A kind of authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107547563A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740162A (en) * | 2019-08-30 | 2020-01-31 | 上海连尚网络科技有限公司 | Communication link establishing method, device, electronic equipment and medium |
CN116599777A (en) * | 2023-07-18 | 2023-08-15 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938504A (en) * | 2009-06-30 | 2011-01-05 | 深圳市融创天下科技发展有限公司 | Cluster server intelligent dispatching method and system |
CN103118076A (en) * | 2013-01-11 | 2013-05-22 | 烽火通信科技股份有限公司 | Upgraded server cluster system and load balancing method thereof |
WO2013086380A1 (en) * | 2011-12-08 | 2013-06-13 | Oracle International Corporation | Techniques for more efficient usage of memory - to - cpu bandwidth |
US20150149524A1 (en) * | 2013-11-27 | 2015-05-28 | Sharp Kabushiki Kaisha | Network system, constant connection method, electronic device, server, and program |
CN105516369A (en) * | 2016-02-04 | 2016-04-20 | 城云科技(杭州)有限公司 | Video cloud platform load balancing method and video cloud platform load balancing dispatcher |
CN106302565A (en) * | 2015-05-12 | 2017-01-04 | 浙江格林蓝德信息技术有限公司 | The dispatching method of service server and system |
-
2017
- 2017-09-25 CN CN201710876599.9A patent/CN107547563A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938504A (en) * | 2009-06-30 | 2011-01-05 | 深圳市融创天下科技发展有限公司 | Cluster server intelligent dispatching method and system |
WO2013086380A1 (en) * | 2011-12-08 | 2013-06-13 | Oracle International Corporation | Techniques for more efficient usage of memory - to - cpu bandwidth |
CN103118076A (en) * | 2013-01-11 | 2013-05-22 | 烽火通信科技股份有限公司 | Upgraded server cluster system and load balancing method thereof |
US20150149524A1 (en) * | 2013-11-27 | 2015-05-28 | Sharp Kabushiki Kaisha | Network system, constant connection method, electronic device, server, and program |
CN106302565A (en) * | 2015-05-12 | 2017-01-04 | 浙江格林蓝德信息技术有限公司 | The dispatching method of service server and system |
CN105516369A (en) * | 2016-02-04 | 2016-04-20 | 城云科技(杭州)有限公司 | Video cloud platform load balancing method and video cloud platform load balancing dispatcher |
Non-Patent Citations (1)
Title |
---|
张前进等: ""基于应用层负载均衡策略的分析与研究"", 《计算机工程与应用》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740162A (en) * | 2019-08-30 | 2020-01-31 | 上海连尚网络科技有限公司 | Communication link establishing method, device, electronic equipment and medium |
CN110740162B (en) * | 2019-08-30 | 2022-12-02 | 上海尚往网络科技有限公司 | Communication link establishing method, device, electronic equipment and medium |
CN116599777A (en) * | 2023-07-18 | 2023-08-15 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
CN116599777B (en) * | 2023-07-18 | 2023-09-26 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108881232B (en) | Sign-on access method, apparatus, storage medium and the processor of operation system | |
Walfish et al. | DDoS defense by offense | |
CN101217482B (en) | A method traversing NAT sending down strategy and a communication device | |
CN106302346A (en) | The safety certifying method of API Calls, device, system | |
CN101527655B (en) | Dynamic profiling system for data access control | |
CN101895442B (en) | Network quality active monitoring method and system in credible Internet | |
CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
JP2000515282A (en) | Method and system for allocating costs in a distributed processing network | |
US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
US20110191223A1 (en) | Internet Control Management and Accounting in a Utility Computing Environment | |
CN101083660A (en) | Session control based IP network authentication method of dynamic address distribution protocol | |
CN109818997A (en) | A kind of load-balancing method, system and storage medium | |
CN1835514B (en) | Management method of broadband access of DHCP customer's terminal mode | |
CA2357444A1 (en) | System and methods for automatic negotiation in distributed computing | |
CN109510878A (en) | A kind of long connection session keeping method and device | |
CN102573111A (en) | Method and device for releasing transfer control protocol resources | |
CN107547563A (en) | A kind of authentication method and device | |
CN108156092A (en) | message transmission control method and device | |
CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
CN104994520A (en) | Method for mobile terminal traffic sharing, and mobile terminals | |
CN107682473A (en) | A kind of IP address distribution method and device | |
CN105591869B (en) | A kind of method and apparatus selecting L2TP Network Server | |
CN100596071C (en) | Method for implementing conversation control and duration collection through DHCP extension | |
CN103001931A (en) | Communication system of terminals interconnected among different networks | |
CN104902497B (en) | A kind of method and device of managing mobile phone hot spot connection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180105 |