WO2010031234A1 - System and method for managing network element right - Google Patents

System and method for managing network element right Download PDF

Info

Publication number
WO2010031234A1
WO2010031234A1 PCT/CN2008/073874 CN2008073874W WO2010031234A1 WO 2010031234 A1 WO2010031234 A1 WO 2010031234A1 CN 2008073874 W CN2008073874 W CN 2008073874W WO 2010031234 A1 WO2010031234 A1 WO 2010031234A1
Authority
WO
WIPO (PCT)
Prior art keywords
network element
control board
user password
configuration file
password
Prior art date
Application number
PCT/CN2008/073874
Other languages
French (fr)
Chinese (zh)
Inventor
杨帆
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010031234A1 publication Critical patent/WO2010031234A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • H04L41/0856Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Definitions

  • the present invention relates to the field of communications, and in particular, to a network element rights management system and method.
  • operators need to manage many communication devices in the same management network at the same time.
  • the network element management system manages the network elements.
  • the network element management system needs to have six functions: security management function, alarm management function, performance management function, system management function, configuration management function, extension Park management function.
  • the security of the network element is implemented in the following manner: First, the network element management side (that is, the network element management system) sets the user password; the network element side (that is, the control board) goes to the network element management side. After the connection is established, the NE management side receives the login password of the local management user, and completes the NE authority information authentication (also called authentication) on the NE management side. The NE authority information is successfully authenticated. After that, the network element is managed. As can be seen from the above description, the network element authority information authentication is performed on the network element management side. However, since the network element management side and the database are installed locally, the authentication security is low.
  • the main object of the present invention is to provide an improved network element rights management scheme to solve the above problems. At least one.
  • a network element rights management system including: a network element management side, and a network element side connected thereto, where the network element management side includes: User password setting module and login password setting for setting user password message and login password Module; a data configuration module for converting user password messages into user password profiles.
  • the network element rights management system according to the present invention further includes: a network element side, comprising: a database component, configured to store a user password configuration file; and an authentication module, configured to authenticate the network element login password and the user password configuration file.
  • the network side also includes: a standby control board corresponding to the main control board, which is used to save the user password configuration file.
  • the main control board and the corresponding standby control board include: The data synchronization module of the active and standby control boards is used to write the user password configuration file saved by the main control board to the corresponding standby control board.
  • the authentication module is set in the database component.
  • a network element authority management method is provided.
  • the network element rights management method according to the present invention includes: S1: The network element management side receives the user password message, and saves it to the network element side after being converted into the configuration file; S2, the network element side receives the login password from the network element management side. And authenticate the login password and configuration file.
  • Step S1 includes: saving the configuration file to one or more selected main control boards.
  • Step S1 includes: The main control board synchronizes the configuration file to the corresponding standby control board.
  • FIG. 1 is a block diagram showing an implementation of a network element authority management system according to an embodiment of the present invention
  • 2 is a schematic diagram of an implementation of a network element rights management system according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a network element rights management method according to an embodiment of the present invention.
  • the authentication module is set on the network element side, and the network
  • the meta-side and its database components are not set locally, which can improve the authentication security, and set up the functional components that are split and delivered to the multiple main control boards on the NE side, thus enabling writing to multiple main control boards. Enter the password to improve efficiency.
  • FIG. 1 is a block diagram of an implementation of a network element rights management system according to an embodiment of the present invention
  • FIG. 2 is a network element authority according to an embodiment of the present invention.
  • Schematic diagram of the management system implementation, as shown in FIG. 1 and FIG. 2, the network element rights management system of the present invention includes the network element management side and the network element side connected to each other.
  • the network element management system 100 is used on the network element side, including: a network element user password setting module 110 (referred to as a user password setting module), a network element login password setting module 120 (referred to as a login password setting module), and a network element data configuration module.
  • the function module 140 includes at least one main control board 200.
  • the main control board 200 includes: a network element interface module 210, a database component 220, and an authentication module 230.
  • the user password setting module 110 is configured to set a user password message, and includes: a setting unit 111 and a tampering unit 112, wherein the setting unit 111 is configured to set the user password 4, the modification list
  • the element 112 is used to modify the user password message
  • the login password setting module 120 is configured to set a login password
  • the network element data configuration module 130 is configured to convert the user password message into a user password configuration file, and write the user password configuration file.
  • the network element data configuration module 130 includes a converting unit 131 and a writing unit 132.
  • the converting unit 131 is configured to convert the user password into a user password configuration file, and the writing unit 132 is configured to use the user password configuration file.
  • the data is stored in the database component 220.
  • the function component 140 is configured to split the user password configuration file to the selected main control board 100.
  • the network element interface module 210 is configured to provide an internal and external interface, and is responsible for interface conversion;
  • the database component 220 is configured to store the user password configuration file;
  • the authentication module 230 is configured to use the network element login password and the user stored in the database component 220.
  • the password profile is used for authentication.
  • the authentication module 230 can be integrated within the database component 220.
  • the main control board 200 in this embodiment provides an initial configuration of the network element, receives the command on the network management side and analyzes the information, and issues an instruction to each board of the network element through the internal communication interface, performs corresponding operations, and simultaneously performs each board.
  • the reported message is forwarded to the network management side; the database component 220 is responsible for accessing the interface command to the database table, and the database management function.
  • the NE login password entered by the user is the same as the password stored in the database module of the main control board of the NE.
  • the authentication succeeds.
  • the NE is successfully logged in the topology view.
  • the authentication fails by the NE interface module. Sends a broken link packet to the NMS.
  • the NE in the NMS displays the login failure prompt message and the NE connection is disconnected.
  • the system allows the NE user password to be authenticated on the NE side.
  • Password setting and network element authority authentication improve the efficiency of network element management and increase the security of network element management.
  • the network side further includes a standby control board 300 corresponding to the main control board 200, and the standby control board 300 is configured to save the user password configuration file.
  • the main control board 200 and the corresponding standby control board 300 are provided with an active/standby control board data synchronization module 400 for writing the user password configuration file saved by the main control board 200 to the corresponding standby control board 300.
  • the password data of the NEs of the active and standby control boards is the same.
  • the structure of the standby control board 300 is the same as that of the main control board 200.
  • the standby control board 300 further includes: a standby control board network element interface module 210, a standby control board database component 220, and a standby control board. Right module 230.
  • the design of the control board is such that the main control board and the standby control board are added one by one to protect the main control board and the standby control board.
  • FIG. 3 is a schematic flowchart of a network element rights management method according to an embodiment of the present invention. As shown in FIG. 3, the following steps are included (step 10). - Step 30): 10: The NE management side receives the user password and saves it to the network element side after being converted into a configuration file.
  • the step 10 includes:
  • This process can further include the step of modifying the user password.
  • the user password When the user password is modified, only the network management user can modify the login user information of the NE. This step restricts only You can modify the NEs operated by the currently logged in user. 12. Whether it is split and sent to the network element selected by the user; if yes, proceed to step 13 , if no, go to step 14.
  • Step 13 Perform the splitting and sending to the NE selected by the user, and send the password of the NE user to the selected multiple NE devices. Go to Step 15.
  • Step 14 Perform the splitting to the device components and send the NE user password to the specified single NE device. Go to Step 15.
  • the function component converts the user password packet sent by the user password setting module into a configuration file, and writes the network element main control board database component.
  • the user can choose to set the password of the single NE user or the password of the user with multiple NEs according to the actual needs.
  • the function component sets the password of the NE user to 4 ⁇ .
  • the text is split and sent to the network element selected by the user.
  • the design can increase network efficiency by setting network element management rights for multiple network elements at the same time.
  • the network element side receives the login password from the network element management side, and authenticates the login password and the configuration file.
  • the user enters the login password of the network element.
  • the main control board After receiving the command, the main control board performs authentication according to the configuration file of the user password to determine whether the network element is allowed to access. If the login password and the configuration file are consistent, the authentication succeeds. Proceed to step 23; otherwise, proceed to step 30.
  • the step may further include the following processing: 24. Perform remote login to query the user password. This step produces two results. If successful, proceed to step 25. Otherwise, the jump ends and exit the system directly.
  • step 26 Perform the synchronization of the password data of the NE user of the active and standby control boards. This step produces two kinds of results. If successful, proceed to step 27. Otherwise, the jump ends and exit the system directly.
  • step 27 Synchronize the user password data of the active and standby control boards, and synchronize the user password data between the active and standby control boards.
  • the user password configuration file saved on the main control board 200 is written to the corresponding standby control board 300.
  • the network element user password can be authenticated on the network element side, and the multi-network element user password setting and the network element authority authentication can be simultaneously performed, thereby improving efficiency.
  • the invention expands the network element security management function in the TDS0225 People's Republic of China communication industry standard - SDH transmission network management technical specification - EMS system function.
  • the system has a simple structure and high reliability; it is simple to implement in practical applications and has practical application value.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software. It should be understood that the specific embodiments provided above are merely illustrative of the invention and are not It is to be understood that the invention may be modified or altered by the above description, and all such modifications and changes are intended to be a range.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system and a method for managing a network element right are provided. The system includes a network element managing side and a network element side connected to it, wherein the network element managing side includes an user password setting module for setting a user password message and a logging password setting model for setting a logging password, a data configuring module for conversing the user password message into an user password configuration file; the network element side includes a database for storing the user password configuration file, and an authentication module for authenticating the network element logging password and the user password configuration file.

Description

网元权限管理系统和方法  Network element authority management system and method
技术领域 本发明涉及通信领域, 尤其涉及的是, 一种网元权限管理系统和方法。 背景技术 目前, 随着通信行业的高速发展, 运营商在同一个管理网络中需要同时 管理很多通信设备, 随着运营商的不断发展以及用户数量的不断增加, 运营 商对网元设备的管理数量以及网元管理安全性的要求不断增高。 在网络管理架构中, 由网元管理系统对网元进行管理, 其中, 网元管理 系统需要具备六大功能: 安全管理功能、 告警管理功能、 性能管理功能、 系 统管理功能、 配置管理功能、 拓朴管理功能。 在相关技术中, 保证网元的安 全是通过如下方式实现的: 首先, 网元管理侧 (即, 网元管理系统)设置用户密码; 网元侧 (即, 控制单板) 向网元管理侧发送建立连接的请求; 在连接建立后, 网元管理侧 接收本地管理用户的登录密码, 并在网元管理侧完成网元权限信息认证(也 称为鉴权), 在网元权限信息认证成功后, 对网元进行管理。 从上述描述可以看出, 网元权限信息认证在网元管理侧进行, 但是, 由 于网元管理侧以及数据库安装在本地, 会导致认证地安全性较低。 此外, 在 设置网元管理权限时, 同一时间只能够对单个网元设置网元用户密码, 因此, 只能逐一设置网元用户密码, 从而导致了操作效率较低。 发明内容 考虑到相关技术中存在的认证地安全性和操作效率较低的问题而 丈出 本发明, 为此, 本发明的主要目的在于提供一种改进的网元权限管理方案, 以解决上述问题至少之一。 为了实现上述目的, 才艮据本发明的一个方面, 提供了一种网元权限管理 系统, 包括: 网元管理侧, 和与之连接的网元侧, 其中, 网元管理侧包括: 分别用于设置用户密码报文和登录密码的用户密码设置模块和登录密码设置 模块; 用于将用户密码报文转换为用户密码配置文件的数据配置模块。 根据本发明的网元权限管理系统还包括: 网元侧, 包括: 数据库构件, 用于存储用户密码配置文件; 鉴权模块, 用于对网元登录密码和用户密码配 置文件进行鉴权。 此外, 网络侧还包括: 与主控制单板相应的备控制单板, 用于保存用户 密码配置文件。 此外, 主控制单板和与之相应的备控制单板均包括: 主备控制板数据同 步模块,用于将主控制单板保存的用户密码配置文件写入相应的备控制单板。 其中, 鉴权模块设置在数据库构件中。 为了实现上述目的, 才艮据本发明的另一方面, 提供了一种网元权限管理 方法。 根据本发明的网元权限管理方法包括: S 1、 网元管理侧接收用户密码报 文, 并在转换为配置文件之后保存至网元侧; S2、 网元侧从网元管理侧接收 登录密码, 并对该登录密码和配置文件进行鉴权。 其中, 步骤 S1 包括: 将配置文件保存至一个或多个已选定的主控制单 板。 其中, 步骤 S1包括: 主控制单板将配置文件同步到相应的备控制单板。 借助于本发明的上述技术方案至少之一, 通过将鉴权模块设置在网元 侧, 并将网元侧及其数据库构件不设置在本地, 与现有技术相比, 解决了相 关技术中存在的认证的安全性和操作效率较低的问题。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 图 1是根据本发明实施例的网元权限管理系统的实现框图; 图 2是才艮据本发明实施例的网元权限管理系统实现的示意图; 图 3是根据本发明实施例的网元权限管理方法的流程示意图。 具体实施方式 功能相克述 如上所述,在相关技术中,存在的认证地安全性和操作效率较低的问题, 在本发明的技术方案中, 将鉴权模块设置在网元侧, 并且, 网元侧及其数据 库构件不设置在本地, 进而可以提高认证地安全性, 并且设置了向网元侧多 个主控制单板分拆下发的功能构件, 实现了对多个主控制单板写入密码, 可 以提高效率。 以下结合附图对本发明的优选实施例进行说明, 应当理解, 此处所描述 的优选实施例仅用于说明和解释本发明, 并不用于限定本发明。 在以下的描述中, 为了解释的目的, 描述了多个特定的细节, 以提供对 本发明的透彻理解。 然而, 艮显然, 在没有这些特定细节的情况下, 也可以 实现本发明, 此外, 在不背离所附权利要求阐明的精神和范围的情况下, 下 述实施例以及实施例中得各个细节可以进行各种组合。 系统实施例 根据本发明的实施例,提供了一种网元权限管理系统, 图 1是根据本 发明实施例的网元权限管理系统的实现框图, 图 2是根据本发明实施例的 网元权限管理系统实现的示意图, 如图 1和图 2所示, 本发明的网元权限管 理系统, 包括相互连接的网元管理侧和网元侧。 具体地, 网元侧采用网元管理系统 100, 包括: 网元用户密码设置模块 110 (简称用户密码设置模块)、 网元登录密码设置模块 120 (简称登录密码 设置模块)、 网元数据配置模块 130、 功能构件 140; 网元侧至少包括一个主控制单板 200, 其中, 主控制单板 200包括: 网 元接口模块 210、 数据库构件 220、 鉴权模块 230。 用户密码设置模块 110用于设置用户密码报文, 包括: 设置单元 111和 爹改单元 112 , 其中, 设置单元 111 用于对用户密码 4艮文进行设置, 修改单 元 112用于对用户密码报文进行修改; 登录密码设置模块 120用于设置登录 密码;网元数据配置模块 130用于将用户密码报文转换为用户密码配置文件, 并将用户密码配置文件写入数据库构件 220, 网元数据配置模块 130 包括转 换单元 131和写入单元 132 , 转换单元 131用于将用户密码 4艮文转换为用户 密码配置文件,写入单元 132用于将用户密码配置文件写入数据库构件 220; 在网络侧有多个主控制单板 100时, 功能构件 140用于将所述用户密码配置 文件拆分下发到选定的主控制单板 100。 网元接口模块 210用于提供对内和对外接口, 负责接口转换; 数据库构 件 220用于存储所述用户密码配置文件; 鉴权模块 230用于对网元登录密码 和数据库构件 220内存储的用户密码配置文件进行鉴权。 优选地, 可以将鉴 权模块 230集成在数据库构件 220的内部。 该实施方式中的主控制单板 200, 提供对网元的初始配置, 接收网管侧 的命令并加以分析, 通过内部通信接口对网元各个单板发布指令, 执行相应 操作, 同时将各个单板的上报消息转发给网管侧; 数据库构件 220负责接口 命令到数据库表的存取, 数据库管理功能。 工作时, 用户输入的网元登录密 码与保存在网元主控制单板数据库构件中的密码一致, 鉴权成功, 在网管拓 朴图中显示网元成功登录; 鉴权失败由网元接口模块给网管发送断链报文, 网管中的网元显示登录失败提示信息, 网元连接断开; 通过该系统, 能够将 网元用户密码在网元侧进行信息认证, 可同时进行多网元用户密码设置、 网 元权限鉴权, 提高了网元管理效率, 增加了网元管理的安全性。 进一步地, 网络侧还包括与主控制单板 200相应的备控制单板 300 , 备 控制单板 300用于保存所述用户密码配置文件。 主控制单板 200和与之相应 的备控制单板 300 皆设有主备控制板数据同步模块 400, 用于将主控制单板 200 保存的用户密码配置文件写入相应的备控制单板 300 , 以实现主备控制 单板网元用户密码数据一致。 备被控制单板 300的结构与主控被控制单板 200相同, 备控制单板 300 内还包括: 备控制单板网元接口模块 210、 备控制单板数据库构件 220、 备 控制单板鉴权模块 230。 被控制单板该设计使得网元侧形成主控制单板和备 用控制单板一加一的单板保护功能, 实现主控制单板、备控制单板保护机制。 方法实施例 根据本发明的实施例, 提供了一种网元权限管理方法, 图 3是根据本发 明实施例的网元权限管理方法的流程示意图,如图 3所示, 包括以下步骤(步 骤 10 -步骤 30 ): 10、 网元管理侧接收用户密码 4艮文, 并在转换为配置文件之后保存至网 元侧, 该步骤 10包括: TECHNICAL FIELD The present invention relates to the field of communications, and in particular, to a network element rights management system and method. At present, with the rapid development of the communication industry, operators need to manage many communication devices in the same management network at the same time. With the continuous development of operators and the increasing number of users, the number of management devices of the network elements by operators As well as the security requirements of network element management, the requirements are constantly increasing. In the network management architecture, the network element management system manages the network elements. The network element management system needs to have six functions: security management function, alarm management function, performance management function, system management function, configuration management function, extension Park management function. In the related art, the security of the network element is implemented in the following manner: First, the network element management side (that is, the network element management system) sets the user password; the network element side (that is, the control board) goes to the network element management side. After the connection is established, the NE management side receives the login password of the local management user, and completes the NE authority information authentication (also called authentication) on the NE management side. The NE authority information is successfully authenticated. After that, the network element is managed. As can be seen from the above description, the network element authority information authentication is performed on the network element management side. However, since the network element management side and the database are installed locally, the authentication security is low. In addition, when the NE management rights are set, only the NE user password can be set for a single NE at the same time. Therefore, the NE user password can only be set one by one, resulting in low operation efficiency. SUMMARY OF THE INVENTION The present invention has been made in view of the problems of low authentication security and low operational efficiency existing in the related art. Therefore, the main object of the present invention is to provide an improved network element rights management scheme to solve the above problems. At least one. In order to achieve the above object, according to an aspect of the present invention, a network element rights management system is provided, including: a network element management side, and a network element side connected thereto, where the network element management side includes: User password setting module and login password setting for setting user password message and login password Module; a data configuration module for converting user password messages into user password profiles. The network element rights management system according to the present invention further includes: a network element side, comprising: a database component, configured to store a user password configuration file; and an authentication module, configured to authenticate the network element login password and the user password configuration file. In addition, the network side also includes: a standby control board corresponding to the main control board, which is used to save the user password configuration file. In addition, the main control board and the corresponding standby control board include: The data synchronization module of the active and standby control boards is used to write the user password configuration file saved by the main control board to the corresponding standby control board. The authentication module is set in the database component. In order to achieve the above object, according to another aspect of the present invention, a network element authority management method is provided. The network element rights management method according to the present invention includes: S1: The network element management side receives the user password message, and saves it to the network element side after being converted into the configuration file; S2, the network element side receives the login password from the network element management side. And authenticate the login password and configuration file. Step S1 includes: saving the configuration file to one or more selected main control boards. Step S1 includes: The main control board synchronizes the configuration file to the corresponding standby control board. By means of at least one of the above-mentioned technical solutions of the present invention, by setting the authentication module on the network element side and not setting the network element side and its database component locally, compared with the prior art, the related art is solved. The issue of authentication security and operational efficiency is low. Other features and advantages of the invention will be set forth in the description which follows, and The objectives and other advantages of the invention will be realized and attained by the <RTI BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a block diagram showing an implementation of a network element authority management system according to an embodiment of the present invention; 2 is a schematic diagram of an implementation of a network element rights management system according to an embodiment of the present invention; FIG. 3 is a schematic flowchart of a network element rights management method according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS As described above, in the related art, there is a problem that the authentication security and the operation efficiency are low. In the technical solution of the present invention, the authentication module is set on the network element side, and the network The meta-side and its database components are not set locally, which can improve the authentication security, and set up the functional components that are split and delivered to the multiple main control boards on the NE side, thus enabling writing to multiple main control boards. Enter the password to improve efficiency. The preferred embodiments of the present invention are described in the following with reference to the accompanying drawings, which are intended to illustrate and illustrate the invention. In the following description, numerous specific details are set forth However, it is apparent that the present invention may be practiced without these specific details. Further, various details may be obtained in the following embodiments and examples without departing from the spirit and scope of the appended claims. Make various combinations. System Embodiments According to an embodiment of the present invention, a network element rights management system is provided. FIG. 1 is a block diagram of an implementation of a network element rights management system according to an embodiment of the present invention, and FIG. 2 is a network element authority according to an embodiment of the present invention. Schematic diagram of the management system implementation, as shown in FIG. 1 and FIG. 2, the network element rights management system of the present invention includes the network element management side and the network element side connected to each other. Specifically, the network element management system 100 is used on the network element side, including: a network element user password setting module 110 (referred to as a user password setting module), a network element login password setting module 120 (referred to as a login password setting module), and a network element data configuration module. The function module 140 includes at least one main control board 200. The main control board 200 includes: a network element interface module 210, a database component 220, and an authentication module 230. The user password setting module 110 is configured to set a user password message, and includes: a setting unit 111 and a tampering unit 112, wherein the setting unit 111 is configured to set the user password 4, the modification list The element 112 is used to modify the user password message; the login password setting module 120 is configured to set a login password; the network element data configuration module 130 is configured to convert the user password message into a user password configuration file, and write the user password configuration file. Into the database component 220, the network element data configuration module 130 includes a converting unit 131 and a writing unit 132. The converting unit 131 is configured to convert the user password into a user password configuration file, and the writing unit 132 is configured to use the user password configuration file. The data is stored in the database component 220. When there are multiple main control boards 100 on the network side, the function component 140 is configured to split the user password configuration file to the selected main control board 100. The network element interface module 210 is configured to provide an internal and external interface, and is responsible for interface conversion; the database component 220 is configured to store the user password configuration file; and the authentication module 230 is configured to use the network element login password and the user stored in the database component 220. The password profile is used for authentication. Preferably, the authentication module 230 can be integrated within the database component 220. The main control board 200 in this embodiment provides an initial configuration of the network element, receives the command on the network management side and analyzes the information, and issues an instruction to each board of the network element through the internal communication interface, performs corresponding operations, and simultaneously performs each board. The reported message is forwarded to the network management side; the database component 220 is responsible for accessing the interface command to the database table, and the database management function. During the operation, the NE login password entered by the user is the same as the password stored in the database module of the main control board of the NE. The authentication succeeds. The NE is successfully logged in the topology view. The authentication fails by the NE interface module. Sends a broken link packet to the NMS. The NE in the NMS displays the login failure prompt message and the NE connection is disconnected. The system allows the NE user password to be authenticated on the NE side. Password setting and network element authority authentication improve the efficiency of network element management and increase the security of network element management. Further, the network side further includes a standby control board 300 corresponding to the main control board 200, and the standby control board 300 is configured to save the user password configuration file. The main control board 200 and the corresponding standby control board 300 are provided with an active/standby control board data synchronization module 400 for writing the user password configuration file saved by the main control board 200 to the corresponding standby control board 300. The password data of the NEs of the active and standby control boards is the same. The structure of the standby control board 300 is the same as that of the main control board 200. The standby control board 300 further includes: a standby control board network element interface module 210, a standby control board database component 220, and a standby control board. Right module 230. The design of the control board is such that the main control board and the standby control board are added one by one to protect the main control board and the standby control board. Method Embodiments According to an embodiment of the present invention, a network element rights management method is provided. FIG. 3 is a schematic flowchart of a network element rights management method according to an embodiment of the present invention. As shown in FIG. 3, the following steps are included (step 10). - Step 30): 10: The NE management side receives the user password and saves it to the network element side after being converted into a configuration file. The step 10 includes:
11、 设置网元用户密码 (以下简称用户密码 ); 本流程可以进一步包括 修改用户密码的步骤, 修改用户密码时, 限制了只有网管用户可以修改网元 的登录用户信息, 而本步骤限制了只能修改当前登录用户所操作的网元。 12、 是否分拆下发到用户选定的网元; 如果是, 则进行到步骤 13 , 否 贝l , 进行到步骤 14。 11. Set the NE user password (hereinafter referred to as the user password). This process can further include the step of modifying the user password. When the user password is modified, only the network management user can modify the login user information of the NE. This step restricts only You can modify the NEs operated by the currently logged in user. 12. Whether it is split and sent to the network element selected by the user; if yes, proceed to step 13 , if no, go to step 14.
13、执行分拆下发到用户选定的网元, 将网元用户密码下发到所选定的 多个网元设备, 进行到步骤 15。 13. Perform the splitting and sending to the NE selected by the user, and send the password of the NE user to the selected multiple NE devices. Go to Step 15.
14、执行不分拆下发到各个设备构件, 将网元用户密码下发到指定的单 个网元设备, 进行到步骤 15。 14. Perform the splitting to the device components and send the NE user password to the specified single NE device. Go to Step 15.
15、 功能构件将用户密码设置模块下发的用户密码报文, 转换为配置文 件, 并写入网元主控制单板数据库构件。 步骤 12至步骤 14在应用时,用户可以根据实际需要自行选择进行单网 元用户密码设置或多网元用户密码同时设置; 在进行多网元设置时, 功能构 件将网元用户密码设置 4艮文, 分拆下发到用户选定的网元。 该设计能够在在 同一时间同时对多个网元设置网元管理权限, 从而提高了效率。 15. The function component converts the user password packet sent by the user password setting module into a configuration file, and writes the network element main control board database component. When the application is performed, the user can choose to set the password of the single NE user or the password of the user with multiple NEs according to the actual needs. When the multi-network element is set, the function component sets the password of the NE user to 4艮. The text is split and sent to the network element selected by the user. The design can increase network efficiency by setting network element management rights for multiple network elements at the same time.
20、 网元侧从网元管理侧接收登录密码, 并对该登录密码和所述配置文 件进行鉴权。 20. The network element side receives the login password from the network element management side, and authenticates the login password and the configuration file.
21、 用户输入网元登录密码。 22、 主控板接收到此命令后, 根据用户密码的配置文件进行鉴权, 判断 此网元是否允许接入。在进行鉴权时,根据登录密码和配置文件的对比结果, 判断是否有执行权限; 如果登录密码和配置文件一致, 则判断为鉴权成功, 进行到步骤 23; 否则, 进行到步骤 30。 21. The user enters the login password of the network element. After receiving the command, the main control board performs authentication according to the configuration file of the user password to determine whether the network element is allowed to access. If the login password and the configuration file are consistent, the authentication succeeds. Proceed to step 23; otherwise, proceed to step 30.
23、如果有执行权限,则鉴权成功,执行对该网元的查询或者配置操作; 如果网元用户密码配置文件是初始状态为空, 则可以登录网元; 该步骤可以 进一步包括以下处理: 24、 执行远程登录查询用户密码, 该步骤产生两种结果, 如果成功, 则 进行到步骤 25 , 否则, 跳转结束, 直接退出系统。 If the authorization is successful, the authentication is successful, and the query or configuration operation is performed on the network element. If the network user password configuration file is empty, the network element can be logged in. The step may further include the following processing: 24. Perform remote login to query the user password. This step produces two results. If successful, proceed to step 25. Otherwise, the jump ends and exit the system directly.
25、 执行远程登录查询用户密码, 查询密码成功。 25. Perform remote login to query the user password and query the password successfully.
26、 执行主备控制板网元用户密码数据同步; 该步骤产生两种结果, 如 果成功, 则进行到步骤 27, 否则, 跳转结束, 直接退出系统。 27、执行主备控制板用户密码数据同步, 将主备控制板之间的用户密码 数据同步。 将主控制单板 200保存的用户密码配置文件写入相应的备控制单 板 300, 以实现主备控制单板网元用户密码数据一致。 通过上述处理能够使 得网元侧形成主控制单板和备用控制单板一加一的单板保护功能, 实现主控 制单板、 备控制单板保护机制。 30、如果没有执行权限,则返回鉴权失败提示信息至网管侧,跳转结束, 返回错误代码"鉴权失败,不允许登录"。 综上所述, 借助于本发明实施例的技术方案, 能够将网元用户密码在网 元侧进行信息认证, 并可同时进行多网元用户密码设置、 网元权限鉴权, 提 高了效率, 本发明对 TDS0225中华人民共和国通信行业标准— SDH传送网网 管技术规范 -EMS 系统功能中的网元安全管理功能进行了扩充。 另夕卜, 本系 统的结构简单, 可靠性高; 在实际应用中实施简单, 具有实际应用价值。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 应当理解的是, 以上所提供的具体实施方式只是对本发明的说明, 而不 应当理解为对本发明的限制, 对本领域的普通技术人员来说, 可以根据上述 说明加以改进或变换, 而所有这些改进和变换都应为本发明所揭示的原理和 特征, 均属本发明的保护范围。 26. Perform the synchronization of the password data of the NE user of the active and standby control boards. This step produces two kinds of results. If successful, proceed to step 27. Otherwise, the jump ends and exit the system directly. 27. Synchronize the user password data of the active and standby control boards, and synchronize the user password data between the active and standby control boards. The user password configuration file saved on the main control board 200 is written to the corresponding standby control board 300. Through the above-mentioned processing, the protection function of the main control board and the standby control board can be realized by forming the board protection function of the main control board and the standby control board one by one. 30. If there is no execution permission, return the authentication failure prompt message to the network management side, the jump ends, and the error code "authentication failure, login is not allowed" is returned. In summary, with the technical solution of the embodiment of the present invention, the network element user password can be authenticated on the network element side, and the multi-network element user password setting and the network element authority authentication can be simultaneously performed, thereby improving efficiency. The invention expands the network element security management function in the TDS0225 People's Republic of China communication industry standard - SDH transmission network management technical specification - EMS system function. In addition, the system has a simple structure and high reliability; it is simple to implement in practical applications and has practical application value. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. It should be understood that the specific embodiments provided above are merely illustrative of the invention and are not It is to be understood that the invention may be modified or altered by the above description, and all such modifications and changes are intended to be a range.

Claims

权 利 要 求 书 Claims
1. 一种网元权限管理系统, 包括网元管理侧, 和与之连接的网元侧, 其 中, 所述网元管理侧包括: 分别用于设置用户密码报文和登录密码的 用户密码设置模块和登录密码设置模块, 用于将所述用户密码报文转 换为用户密码配置文件的数据配置模块, 其特征在于, 所述网元侧包 括: A network element rights management system, including a network element management side, and a network element side connected thereto, wherein the network element management side includes: user password settings for setting a user password message and a login password, respectively The module and the login password setting module are configured to convert the user password packet into a data configuration module of the user password configuration file, where the network element side includes:
数据库构件 , 用于存储所述用户密码配置文件;  a database component, configured to store the user password configuration file;
鉴权模块, 用于对所述网元登录密码和所述用户密码配置文件进 行鉴权。  The authentication module is configured to authenticate the network element login password and the user password configuration file.
2. 根据权利要求 1所述的系统, 其特征在于, 所述网络侧还包括: 2. The system according to claim 1, wherein the network side further comprises:
与所述主控制单板相应的备控制单板, 所述备控制单板用于保存 所述用户密码配置文件。  The standby control board corresponding to the main control board, where the standby control board is used to save the user password configuration file.
3. 根据权利要求 2所述的系统, 其特征在于, 所述主控制单板和与之相 应的所述备控制单板均包括: The system according to claim 2, wherein the main control board and the standby control board corresponding thereto both include:
主备控制板数据同步模块, 用于将所述主控制单板保存的所述用 户密码配置文件写入相应的备控制单板。  The data synchronization module of the active and standby control boards is configured to write the user password configuration file saved by the main control board to the corresponding standby control board.
4. 根据权利要求 1 所述的系统, 其特征在于, 所述鉴权模块设置于所述 数据库构件中。 4. The system according to claim 1, wherein the authentication module is disposed in the database component.
5. 一种网元权限管理方法, 其特征在于, 包括: A network element authority management method, comprising:
51、 网元管理侧接收用户密码报文, 并在转换为配置文件之后保 存至网元 #1;  51. The network management side receives the user password packet, and saves it to the network element #1 after being converted into the configuration file.
52、 所述网元侧从所述网元管理侧接收登录密码, 并对该登录密 码和所述配置文件进行鉴权。  52. The network element side receives a login password from the network element management side, and authenticates the login password and the configuration file.
6. 才艮据权利要求 5所述的方法, 其特征在于, 所述步骤 S 1包括: 将所述 配置文件保存至一个或多个已选定的主控制单板。 The method of claim 5, wherein the step S1 comprises: saving the configuration file to one or more selected main control boards.
7. 根据权利要求 5所述的方法, 其特征在于, 所述步骤 S 1包括: 所述主 控制单板将所述配置文件同步到相应的备控制单板。 The method according to claim 5, wherein the step S1 comprises: the main control board synchronizing the configuration file to a corresponding standby control board.
PCT/CN2008/073874 2008-09-19 2008-12-30 System and method for managing network element right WO2010031234A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2008102161784A CN101677275B (en) 2008-09-19 2008-09-19 System and method of managing network element authority
CN200810216178.4 2008-09-19

Publications (1)

Publication Number Publication Date
WO2010031234A1 true WO2010031234A1 (en) 2010-03-25

Family

ID=42029699

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073874 WO2010031234A1 (en) 2008-09-19 2008-12-30 System and method for managing network element right

Country Status (2)

Country Link
CN (1) CN101677275B (en)
WO (1) WO2010031234A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752780A (en) * 2012-06-11 2012-10-24 中兴通讯股份有限公司 Method and device for managing system user
CN103078757B (en) * 2013-01-04 2016-06-15 中兴通讯股份有限公司 Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device
CN112671565B (en) * 2020-12-16 2023-02-21 中盈优创资讯科技有限公司 5G core network topology discovery method and device based on signaling link
CN114500034B (en) * 2022-01-24 2023-01-31 北京新桥信通科技股份有限公司 Data service security management and control method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018155A (en) * 2007-02-08 2007-08-15 华为技术有限公司 Network element management method, system and network element
CN101197711A (en) * 2007-12-06 2008-06-11 华为技术有限公司 Method, device and system for implementing unified authentication management
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018155A (en) * 2007-02-08 2007-08-15 华为技术有限公司 Network element management method, system and network element
CN101197711A (en) * 2007-12-06 2008-06-11 华为技术有限公司 Method, device and system for implementing unified authentication management
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof

Also Published As

Publication number Publication date
CN101677275A (en) 2010-03-24
CN101677275B (en) 2012-05-23

Similar Documents

Publication Publication Date Title
WO2018127199A1 (en) Method for generating offline verification code based on smart door lock system, and system thereof
US10069630B2 (en) Synchronizing credential hashes between directory services
US20070022470A1 (en) Universal security management system, device and method for network management
CN101399671B (en) Cross-domain authentication method and system thereof
CN109995792B (en) Safety management system of storage equipment
US20080201454A1 (en) Multi-Level Thin-Clients Management System and Method
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
EP2658207B1 (en) Authorization method and terminal device
JP2008060692A (en) Management computer, computer system, and switch
CN101183940A (en) Method for multi-application system to perform authentication to user identification
CN107749885B (en) Intelligent equipment remote password management method and Lora intelligent equipment networking system
US20090319661A1 (en) Cluster node control apparatus of file server
CN113221093B (en) Single sign-on system, method, equipment and product based on block chain
WO2014114065A1 (en) License management authentication method and system for passive optical network device
US20070157308A1 (en) Fail-safe network authentication
WO2014086149A1 (en) Server account number and password management method and system, and server
TW201349133A (en) Cloud control the access control management system and the authentication method
CN109660514A (en) A kind of implementation method of smart machine system, smart machine control method and system
KR102533536B1 (en) A method, an apparatus, an electronic device and a storage medium for communicating between private networks
WO2010031234A1 (en) System and method for managing network element right
JP2009245268A (en) Business management system
CN112702736B (en) Industrial equipment authorization service system and method based on blockchain gateway
CN113992406A (en) Authority access control method for alliance chain cross-chain
CN101599834B (en) Method for identification and deployment and management equipment thereof
CN101060519B (en) A control method and its device for the user to dial with the specified dialing program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08876967

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08876967

Country of ref document: EP

Kind code of ref document: A1