CN109040161B - Cloud manufacturing service management system, device and method - Google Patents
Cloud manufacturing service management system, device and method Download PDFInfo
- Publication number
- CN109040161B CN109040161B CN201711010506.0A CN201711010506A CN109040161B CN 109040161 B CN109040161 B CN 109040161B CN 201711010506 A CN201711010506 A CN 201711010506A CN 109040161 B CN109040161 B CN 109040161B
- Authority
- CN
- China
- Prior art keywords
- service
- key
- consumer
- calling request
- provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses cloud manufacturing service management system includes: the key management system comprises a key management center, a service consumer, a service provider, a service center and an access controller, wherein the service center stores a service list, and the service list comprises the service provider and a corresponding service address; the key management center generates and stores a corresponding key when receiving a key application service sent by a service consumer; the service consumer sends a service calling request to the service provider corresponding to the service address; the service provider sends the received service calling request; the service center receives the service calling request and sends a verification application for verifying the service calling request to the access controller; and the access controller receives the verification application, verifies whether the service calling request is legal according to whether the secret key of the service calling request is overdue or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Description
Technical Field
The application belongs to the field of cloud manufacturing, and particularly relates to a cloud manufacturing service management system, a cloud manufacturing service management device and a cloud manufacturing service management method.
Background
Cloud manufacturing is a new concept developed by taking the cloud computing idea as reference on the basis of the concept of manufacturing as a service. Cloud manufacturing is a product of cross fusion of advanced information technology, manufacturing technology, emerging internet technology and the like, is an embodiment of a manufacturing-as-a-service concept, and is an emerging internet manufacturing mode which utilizes a network and a cloud computing technology to construct an enterprise industry-wide chain collaborative manufacturing platform and provides manufacturing services and manufacturing resources for enterprises as required.
Based on the cloud manufacturing service generated as described above, it is possible to provide a service of high added value, low cost and global manufacturing for products in a wide network resource environment supporting the manufacturing industry. Therefore, solving the problems of release, scheduling, authorization, authentication and the like generated by the cloud manufacturing service becomes a technical problem which needs to be solved urgently, but at present, only registration and scheduling management of the service is realized, and service authentication and authorization management is lacked.
In summary, the prior art fails to provide a solution for implementing service authentication and authorization management.
Disclosure of Invention
In view of this, the present application provides a cloud manufacturing service management system, a cloud manufacturing service management apparatus, and a cloud manufacturing service management method, so as to implement service authentication and authorization management.
In order to solve the above technical problem, the present application discloses a cloud manufacturing service management system, including:
the system comprises a key management center, a service consumer, a service provider, a service center and an access controller, wherein the service center stores a service list, and the service list comprises the service provider and a corresponding service address;
the key management center is used for generating and storing a corresponding key when receiving a key application service sent by a service consumer, and sending the key to the service consumer; the key management center is also used for judging whether the key corresponding to the verification application is overdue or not according to the stored key;
the service consumer is used for acquiring a service address according to a service list provided by the service center and sending a service calling request to a service provider corresponding to the service address; the service calling request comprises a secret key and a service consumer ID corresponding to the service consumer;
the service provider is used for sending the received service calling request;
the service center is used for receiving the service calling request and sending a verification application for verifying the service calling request to the access controller;
and the access controller is used for receiving a verification application, verifying whether the service calling request is legal according to whether a secret key of the service calling request is expired, and judging that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
In order to solve the technical problem, the present application further discloses a cloud manufacturing service management method, including:
when receiving a key application service sent by a service consumer, a key management center generates a corresponding key and sends the key to the service consumer;
the service consumer acquires a service address according to a service list provided by a service center and sends a service calling request to a service provider corresponding to the service address; the service calling request comprises a secret key and a service consumer ID corresponding to the service consumer;
the service provider sends the received service calling request;
the service center receives the service calling request and sends a verification application for verifying the service calling request to the access controller;
the access controller receives the verification application and requests the key management center for key verification;
the key management center judges whether the key corresponding to the verification application is overdue or not according to the stored key; and the access controller checks whether the service calling request is legal or not according to whether the secret key of the service calling request is expired or not, and judges that the service consumer corresponding to the ID of the service consumer is legal under the condition that the service calling request is legal.
Optionally, the cloud manufacturing service management method further includes: and the service agent receives and forwards the service call request sent by the service provider.
Optionally, if the service invocation request further includes a service provider ID corresponding to the service provider requested to be invoked, the determining, by the access controller, that the service consumer corresponding to the service consumer ID is legal further includes: and sending a calling instruction to a legal service consumer, wherein the calling instruction is used for indicating that the service provider corresponding to the service provider ID can be called.
Optionally, the generating a corresponding key by the key management center includes:
determining service usage parameters of the service consumer;
and encrypting the service use parameters to obtain a corresponding key.
Optionally, the service usage parameter includes at least one of: service usage object, service lifetime, service usage scope, and service type.
Optionally, the service list further includes a service description, where the service description is used to indicate a service type and a corresponding access controller; the service provider also sends the service invocation request to a corresponding access controller according to the service type.
In order to solve the above technical problem, the present application further discloses a cloud manufacturing service management system, including:
the key management center is used for generating a corresponding key when receiving a key application service sent by a service consumer;
the service center is used for receiving a service calling request, wherein the service calling request comprises the secret key and a service consumer ID corresponding to the service consumer;
and the access controller is used for verifying whether the service calling request is legal according to whether the secret key is expired or not and judging that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, the service invocation request further includes a service provider ID corresponding to the service provider requested to be invoked; the access controller is further operable to: and sending a calling instruction to a legal service consumer, wherein the calling instruction is used for indicating that the service provider corresponding to the service provider ID can be called.
Optionally, the key management center includes:
a determining unit for determining service usage parameters of the service consumer;
and the generating unit is used for encrypting the service use parameters to obtain corresponding keys.
Optionally, the service usage parameter includes at least one of: service usage object, service lifetime, service usage scope, and service type.
In order to solve the technical problem, the present application further discloses a cloud manufacturing service management method, including:
when receiving a key application service sent by a service consumer, generating a corresponding key;
receiving a service calling request, wherein the service calling request comprises the secret key and a service consumer ID corresponding to a service consumer;
and verifying whether the service calling request is legal according to whether the secret key is expired or not, and judging that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, the service invocation request further includes a service provider ID corresponding to the service provider requested to be invoked; sending a calling instruction to a legal service consumer, wherein the calling instruction is used for indicating that the service provider corresponding to the service provider ID can be called.
Optionally, the generating the corresponding key includes:
determining service usage parameters of the service consumer;
and encrypting the service use parameters to obtain a corresponding key.
Optionally, the service usage parameter includes at least one of: service usage object, service lifetime, service usage scope, and service type.
Compared with the prior art, the application can obtain the following technical effects:
the embodiment of the application realizes a public service authorization and scheduling model suitable for cloud manufacturing, can flexibly, efficiently and stably meet the requirement of a user for using the cloud manufacturing service, and solves the problems of unified registration, release, authentication, authorization and call verification of various services. The cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service.
Of course, it is not necessary for any one product to achieve all of the above-described technical effects simultaneously.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic flow diagram of a cloud manufacturing service management system provided by certain embodiments of the present application;
FIG. 2 is a schematic flow diagram of a cloud manufacturing service management system provided by certain embodiments of the present application;
FIG. 3 is a schematic flow diagram of a cloud manufacturing service management system provided by certain embodiments of the present application;
FIG. 4 is a schematic flow chart of a cloud manufacturing service management apparatus according to some embodiments of the present disclosure;
fig. 5 is a flowchart illustrating a cloud manufacturing service management apparatus according to some embodiments of the present disclosure.
Detailed Description
Embodiments of the present application will be described in detail with reference to the drawings and examples, so that how to implement technical means to solve technical problems and achieve technical effects of the present application can be fully understood and implemented.
Referring to fig. 1, a system module diagram of a cloud manufacturing Service management system according to some embodiments of the present disclosure is shown, where the cloud manufacturing Service management system includes a Key management center Key Manager, a Service Consumer Provider, a Service center Manager, and an access controller access resolution Manager. The service center stores a service list, and the service list comprises a service provider and a corresponding service address. The roles of the various modules in the system are explained below.
Consumer: the service consumer who invokes the remote service supports a plurality of modes for invoking, and the invoking can be a browser or Java, PHP and other development languages.
Service Provider: exposing the service provider of the service. The service can be in various forms, such as a storage service DFS, a message service MQ, a search service Solr, a cache service Redis, a log service Kafka and the like, and can also be a self-defined user registration service, a geographic information service and the like. The supported protocols include RPC, RMI, HTTP, WebService, Hesssian, etc.
Service Manager: the service center is mainly used for registering and discovering services, and the core of the service center is a directory service on which a service list is stored. Optionally, the service manifest is saved in the form of an LDAP service directory. The service list includes a service provider and a corresponding service address.
Key Manager: the key management center is mainly used for generating keys, distributing the keys, storing the keys and verifying the keys for a limited period.
Access precision Manager: and the access controller is mainly used for a service authorization and verification management center.
The principle of operation of the various parts of the system is as follows, according to the block diagram of the system shown in fig. 1.
The key management center is used for generating and storing a corresponding key when receiving a key application service sent by a service consumer, and sending the key to the service consumer; and the key management center is also used for judging whether the key corresponding to the verification application is expired or not according to the stored key.
The service consumer (sometimes also called as a user) is used for acquiring a service address according to a service list provided by a service center and sending a service calling request to a service provider corresponding to the service address; the service calling request comprises a secret key and a service consumer ID corresponding to the service consumer.
And the service provider is used for sending the received service calling request.
And the service center is used for receiving the service calling request and sending a verification application for verifying the service calling request to the access controller.
And the access controller is used for receiving a verification application, verifying whether the service calling request is legal according to whether a secret key of the service calling request is expired, and judging that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, the service invocation request further includes a service provider ID corresponding to the service provider requested to be invoked, and the access controller is specifically configured to further: and sending a calling instruction to a legal service consumer, wherein the calling instruction is used for indicating that the service provider corresponding to the service provider ID can be called.
Based on the system, some embodiments of the present application further provide a cloud manufacturing service management method, which is as follows. 100. The Key is initialized. The Service Consumer Consumer sends a Key application Service to a Key management center (Key Manager), wherein the Key application Service comprises a Service provider ID (Service ID) which is requested to be called.
101. The Key management center Key Manager receives a Key application service sent by a service Consumer Consumer, generates a corresponding Key Key, and sends the Key Key to the service Consumer Consumer. Specifically, the Key management center Key Manager may generate the Key by using an SHA encryption method.
102. The Service Consumer Provider Manager acquires a Service address according to a Service list provided by a Service center Service Manager, and sends a Service calling request to a Service Provider corresponding to the Service address; the service calling request comprises a Key and a service Consumer ID (Consumer ID) corresponding to the service Consumer.
103. And the Service Provider sends the received Service calling request.
104. And the Service center Service Manager receives the Service calling request and sends a verification application for verifying the Service calling request to the access controller Access decision Manager.
105. And the access controller AccessDecision Manager receives the verification application and requests the key management center KeyManager for key verification.
And the Key management center Key Manager judges whether the Key Key corresponding to the verification application is expired according to the stored Key. And the access controller access decision Manager checks whether the service calling request is legal according to whether the key of the service calling request is expired or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, when the service invocation request includes the service provider ID corresponding to the service provider requested to be invoked, the access controller, access resolution Manager in 105 further sends an invocation instruction to the valid service consumer, where the invocation instruction is used to indicate that the service provider corresponding to the service provider ID can be invoked.
The embodiment of the application realizes a public service authorization and scheduling model suitable for cloud manufacturing, can flexibly, efficiently and stably meet the requirement of a user for using the cloud manufacturing service, and solves the problems of unified registration, release, authentication, authorization and call verification of various services. The cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service.
Referring to fig. 2, some embodiments of the present application provide a cloud manufacturing service management system, which is substantially the same as the management system provided in the previous embodiments, except that the cloud manufacturing service management system further includes: and the Service Proxy is used for receiving and forwarding the Service call request sent by the Service provider.
After the Service agent Service Proxy is set, the Service Consumer Provider does not directly access the Service Provider, the Service Provider Service Proxy provides services after the authority verification, and each Service Provider corresponds to one Service agent Service Proxy instance. Therefore, the access pressure of the Service Provider is greatly reduced, and the Service Consumer can smoothly call the Service requested to be called under the authorization condition.
Based on the system embodiment described in fig. 2, some embodiments of the present application further provide a cloud manufacturing service management method, which is described in detail below.
200. The Key is initialized. The Service Consumer Consumer sends a Key application Service to a Key management center (Key Manager), wherein the Key application Service comprises a Service provider ID (Service ID) which is requested to be called.
201. The Key management center Key Manager receives a Key application service sent by a service Consumer Consumer, generates a corresponding Key Key, and sends the Key Key to the service Consumer Consumer. Specifically, the Key management center Key Manager may generate the Key by using an SHA encryption method.
202. The Service Consumer Provider Manager acquires a Service address according to a Service list provided by a Service center Service Manager, and sends a Service calling request to a Service Provider corresponding to the Service address; the service calling request comprises a Key and a service Consumer ID (Consumer ID) corresponding to the service Consumer.
203. The Service Provider sends the received Service call request to the Service Proxy Service. The Service agent Service Proxy forwards the Service call request to the Service center ServiceManager.
204. And the Service center Service Manager receives the Service calling request and sends a verification application for verifying the Service calling request to the access controller Access decision Manager.
205. And the access controller AccessDecision Manager receives the verification application and requests the key management center KeyManager for key verification. And the Key management center Key Manager judges whether the Key Key corresponding to the verification application is expired or not according to the stored Key, optionally, the Key Key can be verified in a character string comparison mode, and when the Key Key is completely matched with the stored Key, the Key is judged to be unexpired. And the access controller access decision Manager checks whether the service calling request is legal according to whether the key of the service calling request is expired or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, when the service invocation request includes the service provider ID corresponding to the service provider requested to be invoked, the access controller, access resolution Manager in 205 further sends an invocation instruction to the valid service consumer, where the invocation instruction is used to indicate that the service provider corresponding to the service provider ID can be invoked. Optionally, when the Key Manager determines that the Key is not expired and the access controller determines that the Service invocation request is legal, the Service Provider selects one Service Provider to be invoked by the Service Consumer Provider based on a soft load balancing algorithm. And if the calling fails, another one is selected again for calling.
The embodiment of the application realizes a public service authorization and scheduling model suitable for cloud manufacturing, can flexibly, efficiently and stably meet the requirement of a user for using the cloud manufacturing service, and solves the problems of unified registration, release, authentication, authorization and call verification of various services. The cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service.
In addition, after the Service broker Service Proxy is set, the Service Consumer Provider does not directly access the Service Provider, the Service Provider provides services after the permission verification, and each Service Provider corresponds to one Service broker Service Proxy instance. Therefore, the access pressure of the Service Provider is greatly reduced, and the Service Consumer can smoothly call the Service requested to be called under the authorization condition.
Some embodiments of the present application further provide a cloud manufacturing service management system, which is substantially the same as the foregoing embodiments, except that: the key management center provided by the embodiment of the application comprises a determining unit and a generating unit. Specifically, the determining unit is configured to determine a service usage parameter of the service consumer. And the generating unit is used for encrypting the service use parameters to obtain corresponding keys.
Specifically, the service usage parameter may include at least one of: service usage object, service lifetime, service usage scope, and service type. Optionally, the service usage parameter further includes a classification of the service consumers, and may be used to indicate services invoked by the service consumers of each category.
Based on the foregoing embodiments, some embodiments of the present application further provide a cloud manufacturing service management method, where the generating a corresponding key by the key management center includes:
determining service usage parameters of the service consumer;
and encrypting the service use parameters to obtain a corresponding key.
Because the generated key includes the service use parameter, after the key is verified to be legal, the access controller can know the service content called by the service consumer, and can accurately control the use object, the use duration and the like of the service, for example, which users can use the service, and the duration and the range of the service.
Substantially the same as the foregoing embodiments, some embodiments of the present application further provide a cloud manufacturing service management system, where the service list stored in the service center further includes a service description, and the service description is used to indicate a service type and a corresponding access controller;
the service provider is further configured to send the service invocation request to a corresponding access controller according to the service type.
Based on the foregoing embodiments, in a cloud manufacturing service management method provided in some embodiments of the present application, the service provider further sends the service invocation request to a corresponding access controller according to a service type.
According to the embodiment of the application, the service description is set in the service list, so that the service provider can send the service calling request to the corresponding access controller for verification. The classification setting idea of the embodiment of the application can greatly improve the checking efficiency and reduce the system pressure.
Referring to fig. 3, based on any one of the foregoing embodiments, some embodiments of the present application provide a possible application scenario of a cloud manufacturing Service management system, where the system includes a Service Consumer Provider, a Service Proxy, a Service operation Container, a Service center, a Key Manager, an access controller, access resolution Manager, and a monitoring center Monitor. The roles of the nodes are explained below.
Consumer: the service consumer who invokes the remote service supports a plurality of modes for invoking, and the invoking can be a browser or Java, PHP and other development languages.
Service Provider: exposing the service provider of the service. The service can be in various forms, such as a storage service DFS, a message service MQ, a search service Solr, a cache service Redis, a log service Kafka and the like, and can also be a self-defined user registration service, a geographic information service and the like. The supported protocols include RPC, RMI, HTTP, WebService, Hesssian, etc.
Service Proxy: the Service agent and the Provider do not directly access the Service Provider, the Service agent provides services after authority verification, and each Service Provider corresponds to one Service Proxy instance.
Container: the service operation container can be various, and can be a Web container or a monitoring container.
Service Manager: the service center is mainly used for registering and discovering services, and the core is a directory service. The system comprises a service list, wherein the service list comprises a service provider, a corresponding service address and a Key Manager: the key management center is mainly used for generating keys, distributing the keys, storing the keys and verifying the keys for a limited period.
Access precision Manager: and the access controller is mainly used for a service authorization and verification management center.
Monitor: and the monitoring center is mainly used for counting the calling times and calling time of the services.
Based on the system, the cloud manufacturing service management method provided by some embodiments of the present application specifically includes the following steps.
300. The Service operation Container starts, loads and operates the Service Provider.
301. When the Service Provider is started, the Service Provider registers the Service provided by the Service Provider Service Manager.
302. The Service Consumer Consumer subscribes the required Service to the Service center Service Manager.
303. The Service center Service Manager acquires the Key from the Key management center Key Manager, distributes the Key to the Service Consumer Provider, and returns the Service Provider Service address list to the Consumer.
304. And the Service Consumer Consumer sends a Service calling request to the Service Provider corresponding to the Service address.
305. The Service Provider sends the received Service call request to the Service Proxy Service. The Service agent Service Proxy forwards the Service call request to the Service center ServiceManager.
And the Service center Service Manager receives the Service calling request and sends a verification application for verifying the Service calling request to the access controller Access decision Manager.
And the access controller AccessDecision Manager receives the verification application and requests the key management center KeyManager for key verification.
And the Key management center Key Manager judges whether the Key Key corresponding to the verification application is expired or not according to the stored Key, optionally, the Key Key can be verified in a character string comparison mode, and when the Key Key is completely matched with the stored Key, the Key is judged to be unexpired.
And the access controller access decision Manager checks whether the service calling request is legal according to whether the key of the service calling request is expired or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
When the Key Manager judges that the Key is not expired and the access controller judges that the Service calling request is legal, the Service Provider selects one Service Provider to be called by the Service Consumer Provider based on a soft load balancing algorithm. And if the calling fails, another one is selected again for calling.
306. And the Service Consumer Provider and the Service Provider accumulate the calling times and calling time in the memory, and send the statistical data to the Monitor center Monitor at regular time every minute.
307. The Service center Service Manager is responsible for registering and searching Service addresses, and is equivalent to directory Service, the Service Consumer Provider and the Service Provider interact with the Service center Service Manager only when the Service Consumer Provider and the Service Provider are started, the Service center Service Manager does not forward requests, and pressure is low.
In order to better understand the embodiments of the present application, the above 300, 301,302 describes the registration issue of the service.
303,304,305 is a service call authentication authorization flow.
The service call logging process is described above at 306.
The above 307 explains how the service is discovered.
The whole process is explained from service registration, release, discovery, invocation and authentication authorization.
Referring to fig. 4, some embodiments of the present application provide a cloud manufacturing service management apparatus, including: a Key management center Key Manager, a Service center Service Manager and an access controller access decision Manager. The service center stores a service list, and the service list comprises a service provider and a corresponding service address. The roles of the modules in the present apparatus are explained below.
Service Manager: the service center is mainly used for registering and discovering services, and the core of the service center is a directory service on which a service list is stored. Optionally, the service manifest is saved in the form of an LDAP service directory. The service list includes a service provider and a corresponding service address.
KeyManager: the key management center is mainly used for generating keys, distributing the keys, storing the keys and verifying the keys for a limited period.
Access precision Manager: and the access controller is mainly used for a service authorization and verification management center.
The operation of the various parts of the apparatus according to the block diagram of the apparatus shown in fig. 4 is as follows.
The key management center is used for generating and storing a corresponding key when receiving a key application service sent by a service consumer; the key management center is also used for judging whether the key corresponding to the verification application is overdue or not according to the stored key;
the service center is used for receiving a service calling request and sending a verification application for verifying the service calling request to the access controller, wherein the service calling request comprises the secret key and a service consumer ID corresponding to the service consumer;
and the access controller is used for receiving a verification application, verifying whether the service calling request is legal according to whether a secret key of the service calling request is expired, and judging that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, the service invocation request further includes a service provider ID corresponding to the service provider requested to be invoked, and the access controller is specifically configured to further: and sending a calling instruction to a legal service consumer, wherein the calling instruction is used for indicating that the service provider corresponding to the service provider ID can be called.
Based on the above apparatus, some embodiments of the present application further provide a cloud manufacturing service management method, which is as follows. 400. The Key is initialized. The Service Consumer Consumer sends a Key application Service to a Key management center (Key Manager), wherein the Key application Service comprises a Service provider ID (Service ID) which is requested to be called.
401. The Key management center Key Manager receives a Key application service sent by a service Consumer Consumer, generates a corresponding Key Key, and sends the Key Key to the service Consumer Consumer. Specifically, the Key management center Key Manager may generate the Key by using an SHA encryption method.
402. The Service Consumer Provider Manager acquires a Service address according to a Service list provided by a Service center Service Manager, and sends a Service calling request to a Service Provider corresponding to the Service address; the service calling request comprises a Key and a service Consumer ID (Consumer ID) corresponding to the service Consumer.
403. And the Service Provider sends the received Service calling request.
404. And the Service center Service Manager receives the Service calling request and sends a verification application for verifying the Service calling request to the access controller Access decision Manager.
405. And the access controller AccessDecision Manager receives the verification application and requests the key management center KeyManager for key verification.
And the Key management center Key Manager judges whether the Key Key corresponding to the verification application is expired according to the stored Key. And the access controller access decision Manager checks whether the service calling request is legal according to whether the key of the service calling request is expired or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, when the service invocation request includes a service provider ID corresponding to a service provider requested to be invoked, the access controller, access resolution Manager in 405 further sends an invocation instruction to a valid service consumer, where the invocation instruction is used to indicate that the service provider corresponding to the service provider ID can be invoked.
The embodiment of the application realizes a public service authorization and scheduling model suitable for cloud manufacturing, can flexibly, efficiently and stably meet the requirement of a user for using the cloud manufacturing service, and solves the problems of unified registration, release, authentication, authorization and call verification of various services. The cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service.
Referring to fig. 5, some embodiments of the present application provide a cloud manufacturing service management apparatus, which is substantially the same as the management apparatus provided in the previous embodiments, except that the cloud manufacturing service management apparatus further includes: and the Service Proxy is used for receiving and forwarding the Service call request sent by the Service provider.
After the Service agent Service Proxy is set, the Service Consumer Provider does not directly access the Service Provider, the Service Provider Service Proxy provides services after the authority verification, and each Service Provider corresponds to one Service agent Service Proxy instance. Therefore, the access pressure of the Service Provider is greatly reduced, and the Service Consumer can smoothly call the Service requested to be called under the authorization condition.
Based on the apparatus embodiment illustrated in fig. 5, some embodiments of the present application further provide a cloud manufacturing service management method, which is as follows.
400. The Key is initialized. The Service Consumer Consumer sends a Key application Service to a Key management center (Key Manager), wherein the Key application Service comprises a Service provider ID (Service ID) which is requested to be called.
401. The Key management center Key Manager receives a Key application service sent by a service Consumer Consumer, generates a corresponding Key Key, and sends the Key Key to the service Consumer Consumer. Specifically, the Key management center Key Manager may generate the Key by using an SHA encryption method.
402. The Service Consumer Provider Manager acquires a Service address according to a Service list provided by a Service center Service Manager, and sends a Service calling request to a Service Provider corresponding to the Service address; the service calling request comprises a Key and a service Consumer ID (Consumer ID) corresponding to the service Consumer.
403. The Service Provider sends the received Service call request to the Service Proxy Service. The Service agent Service Proxy forwards the Service call request to the Service center ServiceManager.
404. And the Service center Service Manager receives the Service calling request and sends a verification application for verifying the Service calling request to the access controller Access decision Manager.
405. And the access controller AccessDecision Manager receives the verification application and requests the key management center KeyManager for key verification. And the Key management center Key Manager judges whether the Key Key corresponding to the verification application is expired or not according to the stored Key, optionally, the Key Key can be verified in a character string comparison mode, and when the Key Key is completely matched with the stored Key, the Key is judged to be unexpired. And the access controller access decision Manager checks whether the service calling request is legal according to whether the key of the service calling request is expired or not, and judges that the service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal.
Optionally, when the service invocation request includes a service provider ID corresponding to a service provider requested to be invoked, the access controller, access resolution Manager in 405 further sends an invocation instruction to a valid service consumer, where the invocation instruction is used to indicate that the service provider corresponding to the service provider ID can be invoked. Optionally, when the Key Manager determines that the Key is not expired and the access controller determines that the Service invocation request is legal, the Service Provider selects one Service Provider to be invoked by the Service Consumer Provider based on a soft load balancing algorithm. And if the calling fails, another one is selected again for calling.
The embodiment of the application realizes a public service authorization and scheduling model suitable for cloud manufacturing, can flexibly, efficiently and stably meet the requirement of a user for using the cloud manufacturing service, and solves the problems of unified registration, release, authentication, authorization and call verification of various services. The cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service.
In addition, after the Service broker Service Proxy is set, the Service Consumer Provider does not directly access the Service Provider, the Service Provider provides services after the permission verification, and each Service Provider corresponds to one Service broker Service Proxy instance. Therefore, the access pressure of the Service Provider is greatly reduced, and the Service Consumer can smoothly call the Service requested to be called under the authorization condition.
Some embodiments of the present application further provide a cloud manufacturing service management apparatus, which is substantially the same as the foregoing embodiments, except that: the key management center provided by the embodiment of the application comprises a determining unit and a generating unit. Specifically, the determining unit is configured to determine a service usage parameter of the service consumer. And the generating unit is used for encrypting the service use parameters to obtain corresponding keys.
Specifically, the service usage parameter may include at least one of: service usage object, service lifetime, service usage scope, and service type. Optionally, the service usage parameter further includes a classification of the service consumers, and may be used to indicate services invoked by the service consumers of each category.
Based on the foregoing embodiments, some embodiments of the present application further provide a cloud manufacturing service management method, where the generating a corresponding key by the key management center includes:
determining service usage parameters of the service consumer;
and encrypting the service use parameters to obtain a corresponding key.
Because the generated key includes the service use parameter, after the key is verified to be legal, the access controller can know the service content called by the service consumer, and can accurately control the use object, the use duration and the like of the service, for example, which users can use the service, and the duration and the range of the service.
To sum up, the embodiment of the present application can achieve the following technical effects:
the cloud manufacturing service can be uniformly registered and issued through the service center, whether the service consumer is legal or not is judged through the access controller and the key management center, the service application of the service consumer or the user is centrally authorized, and the user can use safe, reliable and stable service, so that the legal service consumer or the legal user can schedule, monitor and manage the cloud manufacturing service, and uniform service is provided for the outside. According to the cloud manufacturing service registration and scheduling management method and device, registration and scheduling management can be achieved for the cloud manufacturing service, authentication and authorization management can be achieved for the cloud manufacturing service, and a user can be guaranteed to use safe, reliable and stable service. According to the technical scheme, the public service authorization and scheduling model suitable for cloud manufacturing is realized, the requirement of a user for using the cloud manufacturing service can be flexibly, efficiently and stably met, and the problems of unified registration, release, authentication and authorization and calling verification of various services are solved. The embodiment of the application belongs to a core method for scheduling and managing cloud manufacturing services, and a provider, a consumer and a service authorization verification manager of the services are separated, so that a good cloud manufacturing service ecological environment is constructed, and authorization scheduling management and control are performed on the cloud manufacturing services. The number of times and the time that the user used the service are also all recorded.
In addition, after the Service broker Service Proxy is set, the Service Consumer Provider does not directly access the Service Provider, the Service Provider provides services after the permission verification, and each Service Provider corresponds to one Service broker Service Proxy instance. Therefore, the access pressure of the Service Provider is greatly reduced, and the Service Consumer can smoothly call the Service requested to be called under the authorization condition.
In addition, since the generated key includes the service use parameter, after the key is verified, the access controller can know the content of the service requested to be called by the service consumer, and can accurately control the use object, the use duration, and the like of the service, for example, which users can use the service, and the duration and range of using the service.
Further, the service description is set in the service list, so that the service provider can send the service call request to the corresponding access controller for verification. The classification setting idea of the embodiment of the application can greatly improve the checking efficiency and reduce the system pressure.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As used in the specification and in the claims, certain terms are used to refer to particular components. As one skilled in the art will appreciate, manufacturers may refer to a component by different names. This specification and claims do not intend to distinguish between components that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. "substantially" means within an acceptable error range, and a person skilled in the art can solve the technical problem within a certain error range to substantially achieve the technical effect. Furthermore, the term "coupled" is intended to encompass any direct or indirect electrical coupling. Thus, if a first device couples to a second device, that connection may be through a direct electrical coupling or through an indirect electrical coupling via other devices and couplings. The description which follows is a preferred embodiment of the present application, but is made for the purpose of illustrating the general principles of the application and not for the purpose of limiting the scope of the application. The protection scope of the present application shall be subject to the definitions of the appended claims.
It is also noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a commodity or system that includes the element.
The foregoing description shows and describes several preferred embodiments of the invention, but as aforementioned, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. A cloud manufacturing service management system, comprising: the system comprises a key management center, a service consumer, a service provider, a service center and an access controller, wherein the service center stores a service list, and the service list comprises the service provider and a corresponding service address;
the key management center is used for generating and storing a corresponding key when receiving a key application service sent by a service consumer, and sending the key to the service consumer; the key management center is also used for judging whether the key corresponding to the verification application is overdue or not according to the stored key;
the key management center includes:
a determining unit for determining service usage parameters of the service consumer; wherein the service usage parameters include at least one of: service use object, service use period, service use range and service type;
the generating unit is used for encrypting the service use parameters to obtain corresponding keys;
the service consumer is used for acquiring a service address according to a service list provided by the service center and sending a service calling request to a service provider corresponding to the service address; the service calling request comprises a secret key, a service consumer ID corresponding to a service consumer and a service provider ID corresponding to a service provider requested to be called;
the service provider is used for sending the received service calling request to the service agent, and the service agent forwards the service calling request to the service center; wherein each service provider corresponds to a service agent instance;
the service center is used for receiving the service calling request and sending a verification application for verifying the service calling request to the access controller;
the access controller is used for receiving a verification application, verifying whether the service calling request is legal according to whether a key of the service calling request is expired or not, judging that a service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal, and sending a calling instruction to the legal service consumer, wherein the calling instruction is used for indicating that a service provider corresponding to the service provider ID can be called; when the key management center judges that the key corresponding to the verification application is not overdue and the access controller judges that the service calling request is legal, the service provider selects one service provider to be called by the service consumer based on a soft load balancing algorithm; and if the calling fails, another one is selected again for calling.
2. The cloud manufacturing service management system of claim 1, further comprising a service broker configured to receive and forward service invocation requests sent by service providers.
3. The cloud manufacturing service management system according to any one of claims 1 to 2, wherein the service manifest further includes a service description, the service description being used to represent a service type and a corresponding access controller;
the service provider is further configured to send the service invocation request to a corresponding access controller according to the service type.
4. A cloud manufacturing service management method, comprising:
when receiving a key application service sent by a service consumer, a key management center determines service use parameters of the service consumer, encrypts the service use parameters to obtain a corresponding key and sends the key to the service consumer; wherein the service usage parameters include at least one of: service use object, service use period, service use range and service type;
the service consumer acquires a service address according to a service list provided by a service center and sends a service calling request to a service provider corresponding to the service address; the service calling request comprises a secret key, a service consumer ID corresponding to a service consumer and a service provider ID corresponding to a service provider requested to be called;
the service provider sends the received service calling request to the service agent, and the service agent forwards the service calling request to the service center; wherein each service provider corresponds to a service agent instance;
the service center receives the service calling request and sends a verification application for verifying the service calling request to the access controller;
the access controller receives the verification application and requests the key management center for key verification;
the key management center judges whether the key corresponding to the verification application is overdue or not according to the stored key; the access controller checks whether the service calling request is legal or not according to whether a key of the service calling request is expired or not, judges that a service consumer corresponding to the service consumer ID is legal under the condition that the service calling request is legal, and sends a calling instruction to the legal service consumer, wherein the calling instruction is used for indicating that a service provider corresponding to the service provider ID can be called; when the key management center judges that the key corresponding to the verification application is not overdue and the access controller judges that the service calling request is legal, the service provider selects one service provider to be called by the service consumer based on a soft load balancing algorithm; and if the calling fails, another one is selected again for calling.
5. The cloud manufacturing service management method of claim 4, further comprising: and the service agent receives and forwards the service call request sent by the service provider.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711010506.0A CN109040161B (en) | 2017-10-26 | 2017-10-26 | Cloud manufacturing service management system, device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711010506.0A CN109040161B (en) | 2017-10-26 | 2017-10-26 | Cloud manufacturing service management system, device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109040161A CN109040161A (en) | 2018-12-18 |
| CN109040161B true CN109040161B (en) | 2020-03-10 |
Family
ID=64630125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711010506.0A Active CN109040161B (en) | 2017-10-26 | 2017-10-26 | Cloud manufacturing service management system, device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109040161B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831433B (en) * | 2019-01-30 | 2021-05-11 | 重庆农村商业银行股份有限公司 | Third-party-based request encryption method and system between user and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
| CN105516055A (en) * | 2014-09-23 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data access method, data access device, target device, and management server |
| CN105635283A (en) * | 2015-12-30 | 2016-06-01 | 南京邮电大学 | Organization and management and using method and system for cloud manufacturing service |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4304362B2 (en) * | 2002-06-25 | 2009-07-29 | 日本電気株式会社 | PKI-compliant certificate confirmation processing method and apparatus, and PKI-compliant certificate confirmation processing program |
| CN104836664B (en) * | 2015-03-27 | 2019-05-14 | 腾讯科技(深圳)有限公司 | A kind of methods, devices and systems executing business processing |
-
2017
- 2017-10-26 CN CN201711010506.0A patent/CN109040161B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701761A (en) * | 2012-09-28 | 2014-04-02 | 中国电信股份有限公司 | Authentication method for invoking open interface and system |
| CN105516055A (en) * | 2014-09-23 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data access method, data access device, target device, and management server |
| CN105635283A (en) * | 2015-12-30 | 2016-06-01 | 南京邮电大学 | Organization and management and using method and system for cloud manufacturing service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109040161A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9009243B2 (en) | Tracking usage of and sharing data between mobile device applications | |
| US9516394B2 (en) | Methods for monitoring and control of electronic devices | |
| CA2824705C (en) | Communications network, computer architecture, computer-implemented method and computer program product for development and management of femtocell-based applications | |
| CA2840497C (en) | System for multi-point publication syndication | |
| US20110016199A1 (en) | System for electronic device monitoring | |
| CN101895442B (en) | Network quality active monitoring method and system in credible Internet | |
| Al-Moayed et al. | Quality of service attributes in web services | |
| CA2369797A1 (en) | System and method for web service management | |
| KR20080111005A (en) | A system and method for creating, performing and mapping service | |
| JP5838218B2 (en) | Application store system and application development method using the application store system | |
| CN107276970B (en) | Unbinding and binding method and device | |
| WO2009101755A1 (en) | Personal information circulation control system and personal information circulation control method | |
| CN116055524A (en) | Interaction method, processor and device for Internet platform and Internet of things equipment | |
| CA2604113C (en) | System and method of waste management | |
| CN115130075A (en) | Digital signature method and device, electronic equipment and storage medium | |
| Khan et al. | A model-driven approach for access control in internet of things (IoT) applications–an introduction to UMLOA | |
| CN109040161B (en) | Cloud manufacturing service management system, device and method | |
| JP2010165306A (en) | Method and system for providing service, proxy device, program therefor | |
| CN108563514A (en) | Access method, application and the electronic equipment of application configuration service | |
| Maule et al. | Performance and QoS in service-based systems | |
| KR101040891B1 (en) | System for Providing of Complex Service in Wireless Internet | |
| CN112583777B (en) | Method and device for realizing user login | |
| Benedictis et al. | SLAs for cloud applications: agreement protocol and REST-based implementation | |
| CN113300867B (en) | CDN system, information processing method and device, and CDN node | |
| CN115225299B (en) | User authentication method, server and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |