CN107547563A - A kind of authentication method and device - Google Patents

A kind of authentication method and device Download PDF

Info

Publication number
CN107547563A
CN107547563A CN201710876599.9A CN201710876599A CN107547563A CN 107547563 A CN107547563 A CN 107547563A CN 201710876599 A CN201710876599 A CN 201710876599A CN 107547563 A CN107547563 A CN 107547563A
Authority
CN
China
Prior art keywords
server
certificate server
certificate
priority
master
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710876599.9A
Other languages
Chinese (zh)
Inventor
夏添
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201710876599.9A priority Critical patent/CN107547563A/en
Publication of CN107547563A publication Critical patent/CN107547563A/en
Pending legal-status Critical Current

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The application, which provides a kind of authentication method and device, this method, may include:The priority of each certificate server is calculated according to the load parameter of each certificate server;A certificate server of highest priority is selected as master assurance server;Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is authenticated to terminal.The method provided using the application, the efficiency of user authentication can be effectively improved.

Description

A kind of authentication method and device
Technical field
The application is related to computer communication field, more particularly to a kind of authentication method and device.
Background technology
RADIUS (Remote Authentication Dial-In User Service, remote authentication dialing user clothes Business) it is a kind of distributed, client terminal/server structure IT policy, network can be protected not by unauthorized access Interference, often apply in not only requiring higher-security but also allowing the various network environments of remote user access.It is awarded by certification Weigh to provide access service, collect by charging, record use of the user to Internet resources.
The structure of authentication mechanism generally use radius client and radius server based on radius protocol, Radius client is usually placed in NAS (Network Access Server, network access server) equipment.RADIUS Server can generally be arranged multiple, and one is master assurance server, and others are from certificate server.But master and slave certification clothes Business device is all pre-configured by developer.But, on the one hand, when in online peak period, the master authentication of human configuration Server can bear the request of a large number of users moment;On the other hand, only when master assurance server is unreachable, user asks Can be sent to state be Active (active) from server, so as to cause master assurance server process performance insufficient, influence The efficiency of user authentication.
The content of the invention
In view of this, the application provides a kind of authentication method and device, to improve the authentication efficiency of user.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the application, there is provided a kind of authentication method, methods described are applied to network access server NAS Equipment, methods described include:
The priority of each certificate server is calculated according to the load parameter of each certificate server;
A certificate server of highest priority is selected as master assurance server;
Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is to terminal It is authenticated.
According to the second aspect of the application, there is provided a kind of authentication device, described device are applied to network access server NAS Equipment, described device include:
Computing unit, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit, for selecting a certificate server of highest priority as master assurance server;
Transmitting element, the certification request for self terminal in future are sent to the master assurance server, so that the master recognizes Card server is authenticated to terminal.
The application proposes a kind of authentication method, and NAS device can calculate each certification according to the load parameter of each certificate server The priority of server, and a certificate server of highest priority may be selected as master assurance server.NAS device can incite somebody to action The certification request for carrying out self terminal is sent to the master assurance server, so that the master assurance server is authenticated to terminal.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request the master being adapted to its process performance Certificate server.Therefore, during user authentication, the process performance of each server can be made full use of, is greatly improved The efficiency of user authentication.
Brief description of the drawings
Fig. 1 be a kind of user, radius client and radius server shown in the exemplary embodiment of the application one it Between interaction flow;
Fig. 2 is the certification group-network construction figure shown in the exemplary embodiment of the application one;
Fig. 3 is the flow chart of the authentication method shown in the exemplary embodiment of the application one;
Fig. 4 is a kind of hardware structure diagram of authentication device place NAS device shown in the exemplary embodiment of the application one;
Fig. 5 is a kind of block diagram of authentication device shown in the exemplary embodiment of the application one.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
It is only merely for the purpose of description specific embodiment in term used in this application, and is not intended to be limiting the application. " one kind " of singulative used in the application and appended claims, " described " and "the" are also intended to including majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
The structure of authentication mechanism generally use radius client and radius server based on radius protocol.
Wherein, radius client is usually placed in NAS (Network Access Server, network access server) In equipment, whole network can be spread all over, transmitting subscriber information can be responsible for the radius server specified, then can be according to from clothes The information that device returns of being engaged in carries out respective handling (such as receiving/refusal user access).
The radius server is typically operated on central computer or work station, can safeguard correlation user authentication and Network service access information, it is responsible for receiving user's connection request and certification user, then returns to institute's letter in need to client Breath is (such as receiving/refusal certification request).
Referring to Fig. 1, Fig. 1 be a kind of user terminal shown in the exemplary embodiment of the application one, radius client and Interaction flow between radius server.The interaction flow is as follows:
Step 101:User initiates certification request, and username and password is sent to radius client.
Step 102:Radius client sends certification request according to the username and password of acquisition to radius server Bag, password therein are encrypted in the presence of shared key by MD5 algorithms.
Step 103:Radius server is authenticated to username and password.
Step 104:If certification success, radius server sends certification to radius client and receives bag;If recognize Card fails, then return authentication refusal bag.Because radius protocol incorporates certification and the process authorized, therefore certification receives in bag It also contains the authorization message of user.
Step 105:Radius client accesses according to the authentication result received/refuse user.
Step 106:If allowing user to access, radius client sends accounting start request to radius server Bag.
Step 107:Radius server returns to charging and begins to respond to wrap, and starts charging.
Step 108:User starts to access Internet resources;
Step 109:User's request disconnects;
Step 110:Radius client sends accounting stop request bag to radius server.
Step 111:Radius server returns to charging and terminates response bag, and stops charging.
Step 112:Radius client notifies user to terminate to access Internet resources.
User terminal can complete the access to Internet resources by the interaction of above-mentioned steps 101 to step 112.
However, in order to safeguard certification, mandate and the stability of billing function, in the above-mentioned group-network construction based on RADIUS In, it generally can configure multiple radius servers.Developer can be manually configured one of radius server and recognize as master Server is demonstrate,proved, other radius servers are used as from certificate server.Generally, when NAS device receives user terminal transmission After certification request, the certification request can be sent to master assurance server, the certification request is recognized by master assurance server The processing such as card, mandate and charging.
But in online peak period, on the one hand, send to master assurance server when there is substantial amounts of user authentication request During row processing, because master assurance server moment bears the certification request of a large number of users;On the other hand, only in master authentication service When device is unreachable, user request can just be sent to state be Active (active) from server, cause master assurance server Process performance deficiency, and then cause the efficiency of user authentication process to substantially reduce.
In view of this, the application proposes a kind of authentication method, and NAS device can be according to the load parameter meter of each certificate server The priority of each certificate server is calculated, and a certificate server of highest priority may be selected as master assurance server.NAS Equipment can future self terminal certification request be sent to the master assurance server so that the master assurance server is entered to terminal Row certification.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request the master being adapted to its process performance Certificate server.Therefore, during user authentication, the process performance of each server can be made full use of, is greatly improved The efficiency of user authentication.
Referring to Fig. 2, Fig. 2 is the certification group-network construction figure shown in the exemplary embodiment of the application one.In the group-network construction, It generally may include user terminal, NAS device and radius server.
Wherein, above-mentioned user terminal can be authenticated by NAS device on radius server, is obtained and is accessed other The right of network or the right for obtaining some Internet resources.
Radius client is installed, NAS device can be responsible for transmitting subscriber information to specifying on above-mentioned NAS device Radius server, respective handling then can be carried out according to the information returned from server (as receiving/refusal user accesses).
Above-mentioned certificate server, typically operate on central computer or work station, can safeguard correlation user authentication and Network service access information, it is responsible for receiving user's connection request and certification user, then returns to institute's letter in need to client Breath is (such as receiving/refusal certification request).In the group-network construction of certification described herein, above-mentioned certificate server can be disposed with It is multiple.Unlike correlation technique, in the related art, the master and slave role of certificate server is pre-configured, and In the application, the role of certificate server is selected according to the load dynamic of the certificate server by NAS device.NAS device According to the load of each certificate server, the selected master assurance server of dynamic, user authentication request is carried out by master assurance server Processing, so as to take full advantage of the resource of each certificate server, substantially increases authentication efficiency.
In addition, above-mentioned certificate server, can include the server with functions such as certification, mandate, chargings, can include Radius server, merely just certificate server is exemplarily illustrated, it not carried out specifically defined.
Before authentication method described herein is introduced, first to it is used herein to noun explain.
The priority of certificate server, the performance of the certification request of certificate server processing user can be characterized, this is preferential Level is related to the load of certificate server.Certificate server load is lower, shows the performance of certificate server processing user's request Higher, the priority of certificate server is higher.
The load parameter of certificate server, can include the CPU usage of certificate server, and the internal memory of certificate server makes With rate and the remaining load value of the certificate server etc., exemplary theory merely just is carried out to the parameter that load specifically includes It is bright, it is not carried out specifically defined.
The remaining load value of certificate server, it can be understood as the current also supported certification number of users of certificate server Amount.
The optimal load value of certificate server, it can be configured in advance on certificate server by developer, this is most Excellent load value can characterize the theoretical value of the supported certification user total amount of certificate server.
The current load value of certificate server, it can be understood as certificate server is currently authenticated the user of processing Quantity.
The remaining load value of above-mentioned certificate server is the optimal load value and certificate server of above-mentioned certificate server The difference of current load value.
Below so that above-mentioned certificate server is RADIUS authentication server as an example, above-mentioned authentication method is carried out in detail It is bright.For other kinds of certificate server, its authentication method with it is described below identical, repeat no more herein.
Referring to Fig. 3, Fig. 3 is the flow chart of the authentication method shown in the exemplary embodiment of the application one.Authentication method master It may include step as described below.
Step 301:NAS device calculates the priority of each certificate server according to the load parameter of each certificate server;
In the embodiment of the present application, NAS device can obtain the load parameter of each radius server, then according to each The load parameter of radius server calculates the priority of each server.
Generally, before being authenticated, network management personnel can carry out some configurations on each radius server, such as open Hair personnel can configure the IP address of radius server, configure the certification end slogan and the RADIUS service of radius server The optimal load value of device.
For example, it is assumed that there are two radius servers, respectively server A and server B in networking.
The IP address that network management personnel can configure server A be 10.0.0.1, and certification end slogan is 1812 and optimal Load value is 8000.
The IP address that network management personnel also configures server B is 20.0.0.1, and certification end slogan is 1813, optimal load It is worth for 1000.
It should be noted that when configuring the optimal load value of radius server, network management personnel can basis The performance of radius server, such as the theoretical value of the accessible user's number of radius server, to configure radius server Optimal load value.
In the embodiment of the present application, NAS device can establish NETCONF between radius server and be connected, and NAS device can Connected by NETCONF, periodically obtain the load parameter of radius server, CPU usage such as radius server, Memory usage and remaining load value.
Certainly, NAS device also sends the instruction for obtaining load parameter to each certificate server.Each certificate server connects After receiving the instruction, the load parameter of the certificate server can be returned to NAS device.Here NAS device is not obtained and respectively recognized The load parameter of card server is especially limited.
When calculating the priority of radius server according to the load parameter of radius server, NAS device can be After a cycle terminates, this week of the radius server is calculated based on the load of the radius server got in the cycle The priority of phase, and record the priority in RADIUS each cycles.
For example, it is assumed that the above-mentioned cycle is 10 minutes, NAS device receives the load that each radius server is sent for every 10 minutes Parameter.For example, 9:00-9:10 be a cycle, and NAS device can be based on 9:00-9:Each radius server received in 10 Load parameter, calculate 9:00-9:The priority of each radius server in 10 this cycle, and record.In another example 9:10- 9:20 be another cycle, and NAS device can be based on 9:10-9:The load parameter of each radius server received in 20, meter Calculate 9:10-9:The priority of each radius server in 20 this cycle, and record.
Certainly, NAS device can also calculate the cycle where current time when receiving the certification request of user terminal transmission Upper a cycle radius server priority.
For example, still so that the above-mentioned cycle is 10 minutes as an example, 9:00-9:10 be a cycle, 9:10-9:20 be another week Phase.Assuming that (i.e. current time) is 9 at the time of NAS device receives the certification request of user terminal transmission:15, then NAS device Can be according to the cycle (i.e. 9 where current time:10-9:20 this cycle) upper a cycle (i.e. 9:00-9:10 this cycle) The load parameter of each radius server got, each radius server is calculated 9:00-9:10 this cycle it is preferential Level.
It should be noted that merely just to the exemplary illustration for calculating radius server priority, not to calculating The sequential of radius server priority carries out specifically defined.
When calculating the priority of radius server, in a kind of optional implementation, NAS device can first foundation The load parameter of radius server calculates the priority correction factor X of the radius server, then again according to the RADIUS The optimal load value M of server, the priority correction factor X and all radius servers of the radius server by with The optimal load value sum N put, calculate the priority of the certificate server.
For example, the priority (%) of the radius server can be calculated using equation below:
Wherein, AiFor the priority of i-th of radius server, MiFor the optimal load value of i-th of radius server, N The optimal load value sum being configured for all certificate servers, XiFor the priority correction factor of i-th of radius server.
Wherein, above-mentioned priority correction factor X be the CPU usage based on radius server, memory usage and Remaining load value is calculated.CPU usage, the memory usage of radius server are higher, illustrate the RADIUS service Device is busier, and the process performance of certification request is poorer, then the priority factor of the radius server calculated is relatively low.It is remaining Load value is higher, show radius server can receive authentication processing user's number it is more, then the RADIUS that calculates clothes The priority factor of business device is then higher.In actually calculating, to consider three and be calculated.
Therefore, when calculating priority correction factor X, it is corresponding that the above-mentioned CPU usage being pre-configured with can be read in NAS device Weighted value F1, weighted value F2 corresponding to above-mentioned memory usage and above-mentioned remaining load value corresponding to weighted value F3, so as to Determine above-mentioned F1, F2 and F3.
For each radius server, NAS device can make according to CPU usage, the internal memory of the radius server With rate, remaining load value and above-mentioned F1, F2, F3, the priority factor X of the radius server is calculated.
According to the load parameter of radius server, such as can be used according to CPU usage, the internal memory of radius server Rate and remaining load value and CPU usage, memory usage and weighted value corresponding to remaining load value difference, to calculate this The priority correction factor of radius server.
Step 302:One certificate server of NAS device selection highest priority is as master assurance server;
Step 303:The certification request of NAS device self terminal in future is sent to the master assurance server, so that the master Certificate server is authenticated to terminal.
In the embodiment of the present application, if NAS device calculating each radius server load parameter is in each cycle After end, the priority of radius server is calculated according to the load parameter of each radius server received in the cycle, Then NAS device is each corresponding to the upper a cycle in cycle where current time may be selected when receiving the certification request of user The priority of radius server, it is alternatively that the foundation of master assurance server.
If NAS device is when receiving the certification request of user, the upper a cycle in cycle where calculating current time Radius server priority, then NAS device can be by the foundation of the result of calculation alternatively master assurance server.
It is determined that after the selection gist of selection master assurance server, the RADIUS clothes of highest priority may be selected in NAS device Business device, as master assurance server.
For example, it is assumed that there is two certificate servers in above-mentioned certification networking, respectively server A and server B, NAS is set During for the certification request sent in the terminal device for receiving user 1, it is assumed that week where the current time that NAS device is calculated The priority of the server A in the upper cycle of phase is 80%, and the priority of server B is 60%, then NAS device selection server A is used as from certificate server as master assurance server, server B.
After NAS receives the certification request of terminal transmission of user 2, it is assumed that the current time that NAS device is calculated The priority of the server A in a upper cycle in place cycle is 55%, and the priority of server B is 65%, then NAS device selects Server B is used as from certificate server as master assurance server, server A.
In the embodiment of the present application, it is determined that after master assurance server, the certification request of user can be sent to by NAS device Master assurance server, user terminal is authenticated by master assurance server.
Generally, due to there may be the reasons such as master assurance server network connection status is bad, master assurance server may The situation of authentication response time-out occurs, now, in order to improve the response speed of user authentication request, in master assurance server certification After time-out, the certification request can be sent to priority in other radius servers except the master assurance server by NAS device Highest radius server, user request is handled by the radius server.
In the embodiment of the present application, NAS device, which can detect, is sending the certification request of the user to the master authentication service Whether authentication response that the master assurance server return is received in preset duration after device.If NAS device detects The certification request of the user is being sent to being not received by the master authentication in the preset duration after the master assurance server The authentication response that server returns, then select again from other radius servers in addition to the master assurance server excellent First one radius server of level highest, the master assurance server is updated to the radius server of the selection, and return Return above-mentioned steps 303, will the certification request be sent to master assurance server.
For example, it is assumed that above-mentioned certification networking includes 3 radius servers, respectively server A, server B kimonos Be engaged in device C.
Assuming that the priority for server A, server B and the server C that NAS device calculates is respectively 80%, 70% and 60%.After user authentication request is received, the certification request of user can be sent to server A by NAS device, by server A It is authenticated handling.
Now, whether the detectable server A of NAS device returns to the certification for the certification request in above-mentioned preset duration Response.If not, NAS device can select the radius server of highest priority (i.e. from other servers except server A Server B), the certification request can be sent to server B by NAS device, and the certification request is handled by server B.
Whether the also detectable server B of NAS device returns to the certification sound for the certification request in above-mentioned preset duration Should.If not, NAS device can select the RADIUS of highest priority to take from except other of server A and server B server The certification request can be sent to server C, the certification request is entered by server C by business device (i.e. server C), NAS device Row processing, by that analogy, until receiving the authentication response for the certification request.
In view of this, the application proposes a kind of authentication method, and NAS device can be according to the load parameter meter of each certificate server The priority of each certificate server is calculated, and a certificate server of highest priority may be selected as master assurance server.NAS Equipment can future self terminal certification request be sent to the master assurance server so that the master assurance server is entered to terminal Row certification.
Because master assurance server is no longer by being developer's pre-configured certificate server by hand, but NAS is set It is standby according to the load of the certificate server master assurance server that has been each certification request dynamic select, by master assurance server to Family terminal is authenticated so that when surfing the Net peak, NAS device can distribute to certification request to be recognized with what its process performance was adapted to Demonstrate,prove server.Therefore, during user authentication, the process performance of each server can be made full use of, is substantially increased The efficiency of user authentication.
Referring to Fig. 4, the application also provides a kind of hardware architecture diagram of NAS device, and the NAS device includes:Communication interface 401st, processor 402, memory 403 and bus 404;Wherein, communication interface 401, processor 402 and memory 403 are by total Line 404 completes mutual communication.
Wherein, communication interface 401, for being communicated with certificate server and forwarding unit.Processor 402 can be one CPU, memory 403 can be nonvolatile memory (non-volatile memory), and is stored with memory 403 The logical order of certification, processor 402 can perform the logical order of the certification stored in memory 403, to realize above-mentioned Fig. 3 The function of certification in shown flow.
So far, the hardware configuration description shown in Fig. 4 is completed.
Fig. 5 is refer to, Fig. 5 is a kind of authentication device block diagram shown in the exemplary embodiment of the application one, and the device can answer With on NAS device, the device may include unit as follows.
Computing unit 501, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit 502, for selecting a certificate server of highest priority as master assurance server;
Transmitting element 503, the certification request for self terminal in future are sent to the master assurance server, so that the master Certificate server is authenticated to terminal.
Optionally, the computing unit 501, specifically for for each certificate server, according to the certificate server Load parameter calculates the priority correction factor X of the certificate server;The optimal load value being configured according to the certificate server M, the optimal load value sum N that the X and all certificate servers are configured calculates the priority of the certificate server.
Optionally, the load parameter of the certificate server includes CPU usage, memory usage and remaining load Value;The remaining load value is certificate server currently also supported certification number of users;
The computing unit is calculating the priority amendment of the certificate server according to the load parameter of the certificate server During coefficient X, it is further used for determining weighted value F1 corresponding to the CPU usage, weighted value corresponding to the memory usage Weighted value F3 corresponding to F2 and the remaining load value;According to the CPU usage, the memory usage, the residue Load value and described F1, F2, F3, calculate the priority correction factor X.
Optionally, the computing unit 501 be configured according to the certificate server optimal load value M, the X, with And the optimal load value sum N that is configured of all certificate servers is further used for when calculating the priority of the certificate server Calculate the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
Optionally, described device further comprises:
Gravity treatment unit 504, for detecting when sending the certification request to default after the master assurance server Whether authentication response that the master assurance server return is received in long, if it is not, then again from except the master assurance server Outside other certificate servers in select highest priority a certificate server, the master assurance server is updated to The certificate server of the selection, and the step of the certification request for returning to self terminal in future is sent to the master assurance server.
Optionally, described device further comprises:
Acquiring unit 505, load parameter is sent for periodically receiving each certificate server;Or taken to each certification Business device is sent for obtaining the instruction of load parameter, and is received each certificate server and returned to load parameter according to the instruction.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Device embodiment described above is only schematical, wherein described be used as separating component The unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, not limiting the application, all essences in the application God any modification, equivalent substitution and improvements done etc., should be included within the scope of the application protection with principle.

Claims (12)

1. a kind of authentication method, it is characterised in that methods described is applied to network access server NAS device, methods described bag Include:
The priority of each certificate server is calculated according to the load parameter of each certificate server;
A certificate server of highest priority is selected as master assurance server;
Future, the certification request of self terminal was sent to the master assurance server, so that the master assurance server is carried out to terminal Certification.
2. according to the method for claim 1, it is characterised in that described to be calculated respectively according to the load parameter of each certificate server The priority of certificate server, including:
For each certificate server, the priority amendment of the certificate server is calculated according to the load parameter of the certificate server Coefficient X;
Optimal load value M, the X and all certificate servers being configured according to the certificate server are configured optimal Load value sum N calculates the priority of the certificate server.
3. according to the method for claim 2, it is characterised in that the load parameter of the certificate server takes including CPU Rate, memory usage and remaining load value;The remaining load value is certificate server currently also supported certification user Quantity;
The load parameter according to the certificate server calculates the priority correction factor X of the certificate server, including:
Determine weighted value F1 corresponding to the CPU usage, weighted value F2 corresponding to the memory usage and the residue Weighted value F3 corresponding to load value;
According to the CPU usage, the memory usage, the remaining load value and described F1, F2, F3, described in calculating Priority correction factor X.
4. according to the method for claim 2, it is characterised in that the optimal load being configured according to the certificate server The optimal load value sum N that value M, the X and all certificate servers are configured calculates the priority of the certificate server, Including:
Calculate the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
5. according to the method for claim 1, it is characterised in that methods described further comprises:
Detection is sending the certification request to whether receiving the master in the preset duration after the master assurance server The authentication response that certificate server returns,
If it is not, a certification of highest priority is then selected from other certificate servers in addition to the master assurance server Server, using the certificate server of selection as master assurance server.
6. according to the method for claim 1, it is characterised in that respectively recognize being calculated according to the load parameter of each certificate server Before the priority for demonstrate,proving server, in addition to:
Periodically receive each certificate server and send load parameter;Or
The instruction for obtaining load parameter is sent to each certificate server, and receives each certificate server and load is returned to according to the instruction Parameter.
7. a kind of authentication device, it is characterised in that described device is applied to network access server NAS device, described device bag Include:
Computing unit, for calculating the priority of each certificate server according to the load parameter of each certificate server;
Selecting unit, for selecting a certificate server of highest priority as master assurance server;
Transmitting element, the certification request for self terminal in future are sent to the master assurance server, so that the master authentication takes Business device is authenticated to terminal.
8. device according to claim 7, it is characterised in that the computing unit is specifically used for being directed to each authentication service Device, the priority correction factor X of the certificate server is calculated according to the load parameter of the certificate server;According to the authentication service The optimal load value sum N that optimal load value M, the X and all certificate servers that device is configured are configured, which calculates this, to be recognized Demonstrate,prove the priority of server.
9. device according to claim 8, it is characterised in that the load parameter of the certificate server takes including CPU Rate, memory usage and remaining load value;The remaining load value is certificate server currently also supported certification user Quantity;
The computing unit is calculating the priority correction factor X of the certificate server according to the load parameter of the certificate server When, be further used for determining weighted value F1 corresponding to the CPU usage, weighted value F2 corresponding to the memory usage, with And weighted value F3 corresponding to the remaining load value;According to the CPU usage, the memory usage, the remaining load Value and described F1, F2, F3, calculate the priority correction factor X.
10. device according to claim 8, it is characterised in that the computing unit according to the certificate server by with The optimal load value sum N that optimal load value M, the X and all certificate servers put are configured calculates the authentication service During the priority of device, it is further used for calculating the M and the N ratio;
The product of the X and the ratio is calculated, obtains the priority of the certificate server.
11. device according to claim 7, it is characterised in that described device further comprises:
Gravity treatment unit, for detect send the certification request in the preset duration after the master assurance server whether The authentication response that the master assurance server returns is received, if it is not, then again from its in addition to the master assurance server A certificate server of highest priority is selected in his certificate server, the master assurance server is updated to the selection Certificate server, and the step of the certification request for returning to self terminal in future is sent to the master assurance server.
12. device according to claim 7, it is characterised in that described device also includes:
Acquiring unit, load parameter is sent for periodically receiving each certificate server;Or sent to each certificate server For obtaining the instruction of load parameter, and receive each certificate server and load parameter is returned to according to the instruction.
CN201710876599.9A 2017-09-25 2017-09-25 A kind of authentication method and device Pending CN107547563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710876599.9A CN107547563A (en) 2017-09-25 2017-09-25 A kind of authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710876599.9A CN107547563A (en) 2017-09-25 2017-09-25 A kind of authentication method and device

Publications (1)

Publication Number Publication Date
CN107547563A true CN107547563A (en) 2018-01-05

Family

ID=60964756

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710876599.9A Pending CN107547563A (en) 2017-09-25 2017-09-25 A kind of authentication method and device

Country Status (1)

Country Link
CN (1) CN107547563A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740162A (en) * 2019-08-30 2020-01-31 上海连尚网络科技有限公司 Communication link establishing method, device, electronic equipment and medium
CN116599777A (en) * 2023-07-18 2023-08-15 北京睿芯高通量科技有限公司 Multi-terminal multi-stage authentication method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938504A (en) * 2009-06-30 2011-01-05 深圳市融创天下科技发展有限公司 Cluster server intelligent dispatching method and system
CN103118076A (en) * 2013-01-11 2013-05-22 烽火通信科技股份有限公司 Upgraded server cluster system and load balancing method thereof
WO2013086380A1 (en) * 2011-12-08 2013-06-13 Oracle International Corporation Techniques for more efficient usage of memory - to - cpu bandwidth
US20150149524A1 (en) * 2013-11-27 2015-05-28 Sharp Kabushiki Kaisha Network system, constant connection method, electronic device, server, and program
CN105516369A (en) * 2016-02-04 2016-04-20 城云科技(杭州)有限公司 Video cloud platform load balancing method and video cloud platform load balancing dispatcher
CN106302565A (en) * 2015-05-12 2017-01-04 浙江格林蓝德信息技术有限公司 The dispatching method of service server and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938504A (en) * 2009-06-30 2011-01-05 深圳市融创天下科技发展有限公司 Cluster server intelligent dispatching method and system
WO2013086380A1 (en) * 2011-12-08 2013-06-13 Oracle International Corporation Techniques for more efficient usage of memory - to - cpu bandwidth
CN103118076A (en) * 2013-01-11 2013-05-22 烽火通信科技股份有限公司 Upgraded server cluster system and load balancing method thereof
US20150149524A1 (en) * 2013-11-27 2015-05-28 Sharp Kabushiki Kaisha Network system, constant connection method, electronic device, server, and program
CN106302565A (en) * 2015-05-12 2017-01-04 浙江格林蓝德信息技术有限公司 The dispatching method of service server and system
CN105516369A (en) * 2016-02-04 2016-04-20 城云科技(杭州)有限公司 Video cloud platform load balancing method and video cloud platform load balancing dispatcher

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张前进等: ""基于应用层负载均衡策略的分析与研究"", 《计算机工程与应用》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740162A (en) * 2019-08-30 2020-01-31 上海连尚网络科技有限公司 Communication link establishing method, device, electronic equipment and medium
CN110740162B (en) * 2019-08-30 2022-12-02 上海尚往网络科技有限公司 Communication link establishing method, device, electronic equipment and medium
CN116599777A (en) * 2023-07-18 2023-08-15 北京睿芯高通量科技有限公司 Multi-terminal multi-stage authentication method
CN116599777B (en) * 2023-07-18 2023-09-26 北京睿芯高通量科技有限公司 Multi-terminal multi-stage authentication method

Similar Documents

Publication Publication Date Title
CN108881232B (en) Sign-on access method, apparatus, storage medium and the processor of operation system
Walfish et al. DDoS defense by offense
CN101217482B (en) A method traversing NAT sending down strategy and a communication device
CN106302346A (en) The safety certifying method of API Calls, device, system
CN101527655B (en) Dynamic profiling system for data access control
CN101895442B (en) Network quality active monitoring method and system in credible Internet
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
JP2000515282A (en) Method and system for allocating costs in a distributed processing network
US8694993B1 (en) Virtualization platform for secured communications between a user device and an application server
US20110191223A1 (en) Internet Control Management and Accounting in a Utility Computing Environment
CN101083660A (en) Session control based IP network authentication method of dynamic address distribution protocol
CN109818997A (en) A kind of load-balancing method, system and storage medium
CN1835514B (en) Management method of broadband access of DHCP customer's terminal mode
CA2357444A1 (en) System and methods for automatic negotiation in distributed computing
CN109510878A (en) A kind of long connection session keeping method and device
CN102573111A (en) Method and device for releasing transfer control protocol resources
CN107547563A (en) A kind of authentication method and device
CN108156092A (en) message transmission control method and device
CN107645474A (en) Log in the method for open platform and log in the device of open platform
CN104994520A (en) Method for mobile terminal traffic sharing, and mobile terminals
CN107682473A (en) A kind of IP address distribution method and device
CN105591869B (en) A kind of method and apparatus selecting L2TP Network Server
CN100596071C (en) Method for implementing conversation control and duration collection through DHCP extension
CN103001931A (en) Communication system of terminals interconnected among different networks
CN104902497B (en) A kind of method and device of managing mobile phone hot spot connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180105