WO2022053055A1 - Method for accessing broadband access server, server, and storage medium - Google Patents

Method for accessing broadband access server, server, and storage medium Download PDF

Info

Publication number
WO2022053055A1
WO2022053055A1 PCT/CN2021/118161 CN2021118161W WO2022053055A1 WO 2022053055 A1 WO2022053055 A1 WO 2022053055A1 CN 2021118161 W CN2021118161 W CN 2021118161W WO 2022053055 A1 WO2022053055 A1 WO 2022053055A1
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
public network
network information
broadband access
access server
Prior art date
Application number
PCT/CN2021/118161
Other languages
French (fr)
Chinese (zh)
Inventor
汤晓琳
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2022053055A1 publication Critical patent/WO2022053055A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security

Definitions

  • the present disclosure relates to the field of communication technologies, and in particular, to an access method for a broadband access server, a server and a storage medium.
  • a firewall is a defense system installed between the internal network and the external network to ensure that the local computer can securely access the Internet. Allow or deny incoming and outgoing network packets according to corresponding policies, so as to realize the security protection of the internal network.
  • Firewalls can effectively isolate internal and external networks, allowing only verified and trusted information to enter.
  • access in some scenarios is restricted, or configuration is troublesome. It is necessary to add a one-to-one mapping table to solve the access of devices outside the wall to devices inside the wall. Therefore, how to solve the access of the portal server (Portal Server) outside the wall to the BRAS (Broadband Remote Access Server, broadband access server) inside the wall is an urgent problem to be solved at present.
  • BRAS Broadband Remote Access Server
  • the embodiments of the present disclosure provide an access method, a server and a storage medium for a broadband access server, aiming at solving the access of an outside-wall portal server to an inside-wall broadband access server.
  • the present disclosure provides a method for accessing a broadband access server.
  • the method includes: acquiring public network information of the broadband access server, and generating a redirection message for a user terminal according to the public network information, where the public network information includes The public network address and port information of the broadband access server; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access based on the public network information Broadband access server.
  • an embodiment of the present disclosure further provides a method for accessing a broadband access server, which is applied to an access system, where the access system includes a user terminal, a broadband access server, and a portal server, and the method includes: the broadband access server
  • the public network information of the access server generates a redirection packet of the user terminal, and sends the redirection packet to the user terminal; the user terminal obtains the redirection packet sent by the broadband access server, and converts the redirection packet in the redirection packet.
  • the public network information is sent to the portal server; the portal server obtains the public network information sent by the user terminal, and accesses the broadband access server according to the public network information.
  • an embodiment of the present disclosure further provides a broadband access server
  • the broadband access server includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a computer program for implementing the relationship between the processor and the memory.
  • a data bus for communication between connections.
  • an embodiment of the present disclosure further provides a storage medium for computer-readable storage.
  • the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of any broadband access server access method provided by the embodiments of the present disclosure.
  • FIG. 1 is a schematic flowchart of a method for accessing a broadband access server according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of another method for accessing a broadband access server according to an embodiment of the present disclosure
  • FIG. 3 is a schematic diagram of a scenario for accessing a data transmission route of a broadband access server according to an embodiment of the present disclosure
  • FIG. 4 is a schematic structural diagram of an access system for a broadband access server according to an embodiment of the present disclosure
  • FIG. 5 is a schematic block diagram of the structure of a broadband access server according to an embodiment of the present disclosure.
  • Embodiments of the present disclosure provide an access method, server, and storage medium for a broadband access server.
  • the access method of the broadband access server can be applied to the server.
  • the server includes a broadband access server, and in some embodiments, the server may be a single server or a server cluster composed of multiple servers.
  • FIG. 1 is a schematic flowchart of a method for accessing a broadband access server according to an embodiment of the present disclosure.
  • the access method of the broadband access server can be applied to the broadband access server, and the method includes the following steps S101 to S102.
  • Step S101 Acquire public network information of the broadband access server, and generate a redirection message of the user terminal according to the public network information, where the public network information includes the public network address and port information of the broadband access server.
  • the public network information includes the public network address and port information of the broadband access server, and the port information includes a data port, a control port, a status port, and the like.
  • the redirection packet before obtaining the public network information of the broadband access server and generating the redirection message of the user terminal according to the public network information, obtain the access request sent by the user terminal, and determine whether the user terminal is unauthenticated according to the access request. user terminal. If the user terminal is an unauthenticated user terminal, the public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information. In this embodiment, in the step of sending the redirection packet to the user terminal, the redirection packet is sent to the user terminal according to the IP address of the user terminal in the access request.
  • the access request may be a request message from the user terminal to the server, and the access request is used to obtain public network information, and the user terminal is connected to a wireless local area network (Wireless Local Area Networks, WLAN).
  • the access request can be selected according to the actual situation, for example, the access request can be an http get request.
  • a global wide area network (World Wide Web, web) website is obtained, the user terminal accesses the global wide area network according to the website, and sends an access request to the broadband access server on the visited page, so that the broadband access server
  • the access request determines whether the user terminal is an unauthenticated user terminal. If the user terminal is an unauthenticated user terminal, the user terminal is authenticated. Whether the user terminal is an authenticated user terminal is determined through the access request, which improves the efficiency of user terminal access.
  • the broadband access server determines whether the user terminal is an unauthenticated user terminal according to the access request, for example, in the following manner.
  • the access request includes a user terminal identification, and it is determined whether the user terminal identification is located in a preset user terminal authentication database. If the user terminal identifier is located in the preset user terminal authentication database, it is determined that the user terminal is an authenticated user terminal. If the user terminal identifier is not located in the preset user terminal authentication database, it is determined that the user terminal is an unauthenticated user terminal.
  • the user terminal identifier is an identifier that distinguishes whether the user terminal is authenticated or unauthenticated, and the user terminal identifier can be set according to the actual situation, which is not specifically limited in this embodiment of the present disclosure.
  • the preset user terminal authentication database may be an authentication database established in advance according to the user terminal identifier, and the establishment of the database may be established according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. Whether the user terminal is an authenticated user terminal is determined through the user terminal identifier, which improves the accuracy and efficiency of verification.
  • acquiring the public network information of the broadband access server may be implemented, for example, in the following manner.
  • the public network information update instruction of the broadband access server is acquired, and the public network information of the bandwidth access server is updated according to the public network information update instruction, and the updated public network information of the broadband access server is acquired.
  • the access security of the broadband access server is improved.
  • the public network information of the bandwidth access server includes public network address and port information
  • updating the public network information of the bandwidth access server includes updating only the public network address, only updating the port information, or updating the public network address and port at the same time. information.
  • acquiring the public network information update instruction of the broadband access server includes sending the update instruction to the broadband access server by the user terminal, so that the broadband access server acquires the update instruction and then updates the public network information.
  • a preset time interval is set to acquire the public network information update instruction of the broadband access server, so as to update the broadband access server according to the update instruction.
  • generating the redirection message of the user terminal according to the public network information may be implemented in the following manner, for example. Encrypt public network information to obtain encrypted public network information. According to the encrypted public network information and the URL address of the authentication page of the portal server, a redirection message of the user terminal is generated. It should be noted that, the manner of encrypting the public network information may be performed according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. For example, by setting the last few digits (such as the last two or three digits) of the URL address on the broadband access server as the private key, and encrypting the public network information according to the private key and the preset encryption algorithm, the encrypted public network information is obtained. . By encrypting the public network information, the security of the public network information of the broadband access server is improved.
  • the broadband access server includes a first broadband access server and a second broadband access server.
  • the first broadband access server fails, obtain first public network information of the second broadband access server, where the first public network information includes the public network address and port information of the first broadband access server.
  • second public network information of the second broadband access server is acquired, where the second public network information includes the public network address and port information of the second broadband access server.
  • the data of the first broadband access server and the second broadband access server are synchronized to ensure that after one of them fails, the other can be accessed, thereby improving system stability.
  • Step S102 Send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information.
  • the broadband access server sends a redirection message to the user terminal, and the user terminal receives the redirection message, and displays the corresponding authentication page according to the URL address in the redirection message, and obtains the authentication page of the user.
  • the information to be authenticated entered on the page, and the public network information of the broadband access server and the information to be authenticated in the URL information are sent to the portal server.
  • the redirection message includes URL information, where the URL is a Uniform Resource Locator (Uniform Resource Locator).
  • the authentication page may be a login page for accessing the portal server, and the information to be authenticated may be a user name and a password.
  • sending a redirection packet to the user terminal may be implemented, for example, in the following manner.
  • the URL information is generated, and the redirection message is generated according to the URL information.
  • the public network information of the broadband access server may be the public network address and port information of the broadband access server, and the settings of the public network address and port information may be set according to actual conditions, which are not specifically limited in this embodiment of the present disclosure.
  • the URL address may be the address for displaying the portal server page, and the address for displaying the portal server page may be obtained by obtaining the address for accessing the portal server. Sending a redirection message to the user terminal according to the access request improves the access efficiency of the broadband access server.
  • the portal server after the portal server receives the public network information and the information to be authenticated of the broadband access server sent by the user terminal, it sends the information to be authenticated to the broadband access server according to the public network information, so that the broadband access The server authenticates the information to be authenticated, and sends the authentication result to the user terminal.
  • the information to be authenticated of the user terminal sent by the portal server based on the public network information is obtained, the information to be authenticated is authenticated, the authentication result of the user terminal is obtained, and the authentication result is sent to the user terminal.
  • authenticating the to-be-authenticated information it is determined whether the access to the broadband access server passes the authentication, which improves the accuracy of judging whether the portal server can access the broadband access server.
  • the authentication information to be authenticated to obtain the authentication result of the user terminal may be implemented in the following manner, for example. Obtain the user name and password in the authentication information, and determine whether the user name and password are in the authentication database of the broadband access server. If it is determined that the user name and password are located in the authentication database of the broadband access server, it is determined that the information to be authenticated has passed the authentication. If it is determined that the user name and password are not located in the authentication database of the broadband access server, it is determined that the information to be authenticated has not passed the authentication. By determining whether the user name and password are located in the authentication database of the broadband access server, and then determining whether the authentication is passed, the efficiency and accuracy of the authentication are improved.
  • the authentication result includes passed authentication and failed. If the authentication result is the authentication passed, the authentication result is sent to the portal server, the portal server sends the authentication result to the user terminal, and the user terminal can pass through the firewall according to the authentication result, and then access the broadband access server in the wall . If the authentication result is that the authentication fails, the authentication failure result is sent to the portal server, and the portal server sends the authentication failure result to the user terminal. The user terminal cannot pass through the firewall according to the authentication failure result, and thus cannot access the wall broadband access server.
  • the public network information of the broadband access server is obtained, and the redirection message of the user terminal is generated according to the public network information, and the public network information includes the public network of the broadband access server. address and port information; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information.
  • the above solution enables the portal server to access the broadband access server based on the public network information by acquiring the public network information of the broadband access server, which greatly improves the user experience.
  • FIG. 2 is a schematic flowchart of another method for accessing a broadband access server according to an embodiment of the present disclosure.
  • the method is applied to an access system, and the access system includes a user terminal, a broadband access server and a portal server, and the method includes the following steps S201 to S203.
  • Step S201 the broadband access server generates a redirection message of the user terminal according to the public network information of the broadband access server, and sends the redirection message to the user terminal.
  • obtain the public network information of the broadband access server obtain the public network information of the broadband access server, generate a redirection message of the user terminal according to the public network information and the URL address of the authentication page of the portal server, and send the redirection message to the user terminal .
  • the information to be authenticated sent by the portal server according to the public network information is received, and the information to be authenticated is authenticated to determine whether the portal server can access the broadband access server.
  • Step S202 the user terminal acquires the redirection message sent by the broadband access server, and sends the public network information in the redirection message to the portal server.
  • the user terminal when the user terminal receives the redirection message sent by the broadband access server, it obtains the URL address in the redirection message, displays the corresponding authentication page according to the URL address, and obtains the waiting list entered by the user on the page. authentication information, and send the information to be authenticated and the public network information of the broadband access server in the redirection message to the portal server.
  • Step S203 the portal server acquires the public network information sent by the user terminal, and accesses the broadband access server according to the public network information.
  • the portal server after the portal server receives the public network information and the information to be authenticated of the broadband access server sent by the user terminal, it sends the information to be authenticated to the broadband access server according to the public network information, so that the broadband access server The information to be authenticated is authenticated, and the authentication result is sent to the user terminal.
  • the public network information is decrypted, and the broadband access server is accessed according to the decrypted public network information.
  • the decryption of the public network information may be performed according to the actual situation, which is not specifically limited in this embodiment of the present disclosure.
  • the decrypted private key is obtained
  • the public network information is decrypted according to the private key
  • the decrypted public network information is obtained.
  • the decrypted public network information is obtained, and the information to be authenticated is sent to the broadband access server, thereby improving the security of authentication.
  • FIG. 3 is a schematic diagram of a scenario of an access data transmission route of a broadband access server according to an embodiment of the present disclosure.
  • the user terminal 301 applies for an IP address to the broadband access server 302 through the transmission line 10 .
  • the broadband access server 302 After receiving the request for applying for an IP address sent by the user terminal 301 , the broadband access server 302 sends the IP address to the user terminal 301 through the transmission line 20 .
  • the user terminal 301 obtains the global wide area network website, and accesses the global wide area network page through the website, and sends the access request to the broadband access server 302 through the transmission line 30, and the broadband access server 302 sends the user terminal 301 through the transmission line 40 based on the access request. Send a redirect message.
  • the user terminal 301 receives the redirection message, and accesses the page of the portal server 304 according to the URL address in the redirection message, and obtains the information to be authenticated entered by the user on the login page.
  • the user terminal 301 sends the information to be authenticated and the public network information to the portal server 304 through the transmission line 50, and the portal server 304 sends the information to be authenticated to the broadband access server 302 through the transmission line 60 according to the public network information.
  • the server 302 authenticates the information to be authenticated, and sends the authentication result to the portal server 304 through the transmission route 70.
  • the portal server 304 sends the authentication result to the user terminal 301 through the transmission route 80, so that the The user terminal 301 knows whether the portal server 304 can access the broadband access server 302 through the firewall 303 or not.
  • the broadband access server In the access method for the broadband access server provided by the above embodiment, the broadband access server generates a redirection message of the user terminal according to the public network information of the broadband access server, and sends the redirection message to the user terminal; the user The terminal obtains the redirection message sent by the broadband access server, and sends the public network information in the redirection message to the portal server; the portal server obtains the public network information sent by the user terminal, and accesses the broadband access server according to the public network information .
  • the above solution enables the portal server to access the broadband access server based on the public network information by acquiring the public network information of the broadband access server, which greatly improves the user experience.
  • FIG. 4 is a schematic structural diagram of an access system for a broadband access server according to an embodiment of the present disclosure.
  • the access system 400 of the broadband access server includes a user terminal 401 , a broadband access server 402 and a portal server 403 .
  • the broadband access server 402 generates a redirection packet of the user terminal 401 according to the public network information of the broadband access server 402 , and sends the redirection packet to the user terminal 401 .
  • the user terminal 402 acquires the redirection message sent by the broadband access server 401 , and sends the public network information in the redirection message to the portal server 403 .
  • the portal server 403 acquires the public network information sent by the user terminal 402, and accesses the broadband access server 401 according to the public network information.
  • FIG. 5 is a schematic block diagram of the structure of a broadband access server according to an embodiment of the present disclosure.
  • the broadband access server 500 includes a processor 501 and a memory 502 , and the processor 501 and the memory 502 are connected through a bus 503 .
  • the bus 503 is, for example, an I2C (Inter-integrated Circuit) bus.
  • the processor 501 may be configured to provide computing and control capabilities to support the operation of the entire broadband access server.
  • the processor 501 can be a central processing unit (Central Processing Unit, CPU), and the processor 501 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC) ), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 502 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) magnetic disk, an optical disk, a U disk, or a removable hard disk, or the like.
  • ROM Read-Only Memory
  • the memory 502 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) magnetic disk, an optical disk, a U disk, or a removable hard disk, or the like.
  • FIG. 5 is only a block diagram of a partial structure related to the solution of the present disclosure, and does not constitute a limitation on the broadband access server to which the solution of the present disclosure is applied.
  • the access server may include more or fewer components than shown, or combine certain components, or have a different arrangement of components.
  • the processor may be configured to run a computer program stored in the memory, and when executing the computer program, implement any one of the access methods for the broadband access server provided by the embodiments of the present disclosure.
  • the processor may be configured to run a computer program stored in a memory and, when executing the computer program, implement the following steps.
  • the public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information, where the public network information includes the public network address and port information of the broadband access server.
  • a redirection message is sent to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information.
  • the processor when generating the redirection message of the user terminal according to the public network information, the processor may be further configured to implement the following steps.
  • a redirection message of the user terminal is generated.
  • the processor when the processor implements that the broadband access server includes a first broadband access server and a second broadband access server, and acquires the public network information of the broadband access server, the processor may be further configured to implement the following steps.
  • the second broadband access server fails, obtain first public network information of the first broadband access server, where the first public network information includes the public network address and port information of the first broadband access server.
  • second public network information of the second broadband access server is acquired, where the second public network information includes the public network address and port information of the second broadband access server.
  • the processor may also be configured to implement the following steps.
  • the public network information update instruction of the broadband access server is acquired, and the public network information of the bandwidth access server is updated according to the public network information update instruction.
  • Acquiring the public network information of the broadband access server includes: acquiring updated public network information of the broadband access server.
  • the processor before the processor acquires the public network information of the broadband access server and generates a redirection message of the user terminal according to the public network information, the processor may be further configured to implement the following steps.
  • the access request sent by the user terminal is acquired, and whether the user terminal is an unauthenticated user terminal is determined according to the access request.
  • the public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information.
  • Sending a redirection packet to the user terminal includes: sending a redirection packet to the user terminal according to the IP address of the user terminal in the access request.
  • the processor may be further configured to implement the following steps.
  • the authentication information is authenticated, the authentication result of the user terminal is obtained, and the authentication result is sent to the user terminal.
  • Embodiments of the present disclosure also provide a storage medium for computer-readable storage.
  • the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of any broadband access server access method provided by the embodiments of the present disclosure.
  • the storage medium may be an internal storage unit of the broadband access server described in the foregoing embodiments, such as a hard disk or a memory of the broadband access server.
  • the storage medium may also be an external storage device of the broadband access server, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, a flash memory, and a plug-in hard disk equipped on the broadband access server. Card (Flash Card), etc.
  • Computer storage media includes both volatile and nonvolatile embodied in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data , removable and non-removable media.
  • Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
  • communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art.
  • the public network information of the broadband access server is obtained, and a redirection message of the user terminal is generated according to the public network information, and the public network information includes: The public network address and port information of the broadband access server; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband connection based on the public network information. into the server.
  • the public network information of the broadband access server is obtained, so that the portal server can access the broadband access server based on the public network information, which greatly improves the user experience.

Abstract

The present disclosure provides a method for accessing a broadband access server, a server, and a storage medium. The method comprises: acquiring public network information of a broadband access server, and generating a redirection packet of a user terminal according to the public network information, the public network information comprising a public network address and port information of the broadband access server; and sending the redirection packet to the user terminal, so that the user terminal sends the public network information in the redirection packet to a portal server and then the portal server can access the broadband access server on the basis of the public network information.

Description

宽带接入服务器的访问方法、服务器及存储介质Access method, server and storage medium for broadband access server
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本申请要求享有2020年09月14日提交的名称为“宽带接入服务器的访问方法、服务器及存储介质”的中国专利申请CN202010963736.4的优先权,其全部内容通过引用并入本申请中。This application claims the priority of Chinese patent application CN202010963736.4 filed on September 14, 2020, entitled "Access Method, Server and Storage Medium for Broadband Access Server", the entire contents of which are incorporated into this application by reference.
技术领域technical field
本公开涉及通信技术领域,尤其涉及一种宽带接入服务器的访问方法、服务器及存储介质。The present disclosure relates to the field of communication technologies, and in particular, to an access method for a broadband access server, a server and a storage medium.
背景技术Background technique
防火墙是为了保障本地计算机能够安全访问互联网而设置在内部网络与外部网络之间的防御系统。根据相应的策略允许或拒绝出入的网络报文,以此来实现对内部网络的安全保护。防火墙可以有效隔离内外网络,仅让核实的、受信任的信息进入。然而随着防火墙的普及,某些场景下的访问受到了限制,或者配置麻烦,需要增加一对一的映射表来解决墙外设备对墙内设备的访问。因此,如何解决墙外门户服务器(Portal Server)对墙内BRAS(Broadband Remote Access Server,宽带接入服务器)的访问是目前亟待解决的问题。A firewall is a defense system installed between the internal network and the external network to ensure that the local computer can securely access the Internet. Allow or deny incoming and outgoing network packets according to corresponding policies, so as to realize the security protection of the internal network. Firewalls can effectively isolate internal and external networks, allowing only verified and trusted information to enter. However, with the popularity of firewalls, access in some scenarios is restricted, or configuration is troublesome. It is necessary to add a one-to-one mapping table to solve the access of devices outside the wall to devices inside the wall. Therefore, how to solve the access of the portal server (Portal Server) outside the wall to the BRAS (Broadband Remote Access Server, broadband access server) inside the wall is an urgent problem to be solved at present.
发明内容SUMMARY OF THE INVENTION
本公开实施例提供了一种宽带接入服务器的访问方法、服务器及存储介质,旨在解决墙外门户服务器对墙内宽带接入服务器的访问。The embodiments of the present disclosure provide an access method, a server and a storage medium for a broadband access server, aiming at solving the access of an outside-wall portal server to an inside-wall broadband access server.
第一方面,本公开提供一种宽带接入服务器的访问方法,该方法包括:获取宽带接入服务器的公网信息,并根据该公网信息生成用户终端的重定向报文,公网信息包括宽带接入服务器的公网地址和端口信息;向用户终端发送重定向报文,以使用户终端向门户服务器发送该重定向报文中的公网信息,使得门户服务器能够基于该公网信息访问宽带接入服务器。In a first aspect, the present disclosure provides a method for accessing a broadband access server. The method includes: acquiring public network information of the broadband access server, and generating a redirection message for a user terminal according to the public network information, where the public network information includes The public network address and port information of the broadband access server; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access based on the public network information Broadband access server.
第二方面,本公开实施例还提供一种宽带接入服务器的访问方法,应用于访问系统,该访问系统包括用户终端、宽带接入服务器和门户服务器,该方法包括:宽带接入服务器根据宽带接入服务器的公网信息,生成用户终端的重定向报文,并向用户终端发送重定向报文;用户终端获取宽带接入服务器发送的重定向报文,并将该重定向报文中的公网信息 发送给门户服务器;门户服务器获取用户终端发送的公网信息,并根据该公网信息访问宽带接入服务器。In a second aspect, an embodiment of the present disclosure further provides a method for accessing a broadband access server, which is applied to an access system, where the access system includes a user terminal, a broadband access server, and a portal server, and the method includes: the broadband access server The public network information of the access server generates a redirection packet of the user terminal, and sends the redirection packet to the user terminal; the user terminal obtains the redirection packet sent by the broadband access server, and converts the redirection packet in the redirection packet. The public network information is sent to the portal server; the portal server obtains the public network information sent by the user terminal, and accesses the broadband access server according to the public network information.
第三方面,本公开实施例还提供一种宽带接入服务器,该宽带接入服务器包括处理器、存储器、存储在存储器上并可被处理器执行的计算机程序以及用于实现处理器与存储器之间的连接通信的数据总线。计算机程序被处理器执行时,实现如本公开实施例提供的任一项宽带接入服务器的访问方法的步骤。In a third aspect, an embodiment of the present disclosure further provides a broadband access server, the broadband access server includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a computer program for implementing the relationship between the processor and the memory. A data bus for communication between connections. When the computer program is executed by the processor, it implements the steps of the access method for any broadband access server provided by the embodiments of the present disclosure.
第四方面,本公开实施例还提供一种存储介质,用于计算机可读存储。该存储介质存储有一个或多个程序,该一个或多个程序可被一个或多个处理器执行,以实现如本公开实施例提供的任一项宽带接入服务器的访问方法的步骤。In a fourth aspect, an embodiment of the present disclosure further provides a storage medium for computer-readable storage. The storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of any broadband access server access method provided by the embodiments of the present disclosure.
附图说明Description of drawings
图1为本公开实施例提供的一种宽带接入服务器的访问方法的流程示意图;FIG. 1 is a schematic flowchart of a method for accessing a broadband access server according to an embodiment of the present disclosure;
图2为本公开实施例提供的另一种宽带接入服务器的访问方法的流程示意图;FIG. 2 is a schematic flowchart of another method for accessing a broadband access server according to an embodiment of the present disclosure;
图3为本公开实施例提供的宽带接入服务器的访问数据传输路线的场景示意图;3 is a schematic diagram of a scenario for accessing a data transmission route of a broadband access server according to an embodiment of the present disclosure;
图4为本公开实施例提供的宽带接入服务器的访问系统的结构示意图;FIG. 4 is a schematic structural diagram of an access system for a broadband access server according to an embodiment of the present disclosure;
图5为本公开实施例提供的一种宽带接入服务器的结构示意性框图。FIG. 5 is a schematic block diagram of the structure of a broadband access server according to an embodiment of the present disclosure.
具体实施方式detailed description
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are part of the embodiments of the present disclosure, but not all of the embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present disclosure.
附图中所示的流程图仅是示例说明,不是必须包括所有的内容和操作/步骤,也不是必须按所描述的顺序执行。例如,有的操作/步骤还可以分解、组合或部分合并,因此实际执行的顺序有可能根据实际情况改变。The flowcharts shown in the figures are for illustration only, and do not necessarily include all contents and operations/steps, nor do they have to be performed in the order described. For example, some operations/steps can also be decomposed, combined or partially combined, so the actual execution order may be changed according to the actual situation.
应当理解,在此本公开说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本公开。如在本公开说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should be understood that the terminology used in the present disclosure herein is for the purpose of describing particular embodiments only and is not intended to limit the present disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural unless the context clearly dictates otherwise.
本公开实施例提供一种宽带接入服务器的访问方法、服务器及存储介质。该宽带接入服务器的访问方法可应用于服务器中。该服务器包括宽带接入服务器,在一些实施例中该 服务器可以是单台服务器也可以多台服务器组成的服务器集群。Embodiments of the present disclosure provide an access method, server, and storage medium for a broadband access server. The access method of the broadband access server can be applied to the server. The server includes a broadband access server, and in some embodiments, the server may be a single server or a server cluster composed of multiple servers.
下面结合附图,对本公开的一些实施方式作详细说明。在不冲突的情况下,下述实施例及实施例中的特征可以相互组合。Some embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. The following embodiments and features in the embodiments may be combined with each other without conflict.
请参照图1,图1为本公开实施例提供的一种宽带接入服务器的访问方法的流程示意图。Please refer to FIG. 1 , which is a schematic flowchart of a method for accessing a broadband access server according to an embodiment of the present disclosure.
如图1所示,该宽带接入服务器的访问方法可应用于宽带接入服务器,该方法包括如下步骤S101至步骤S102。As shown in FIG. 1 , the access method of the broadband access server can be applied to the broadband access server, and the method includes the following steps S101 to S102.
步骤S101、获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文,公网信息包括所述宽带接入服务器的公网地址和端口信息。Step S101: Acquire public network information of the broadband access server, and generate a redirection message of the user terminal according to the public network information, where the public network information includes the public network address and port information of the broadband access server.
换而言之,公网信息包括宽带接入服务器的公网地址和端口信息,该端口信息包括数据端口、控制端口和状态端口等。In other words, the public network information includes the public network address and port information of the broadband access server, and the port information includes a data port, a control port, a status port, and the like.
在一实施例中,在获取宽带接入服务器的公网信息并根据公网信息生成用户终端的重定向报文之前,获取用户终端发送的访问请求,并根据访问请求确定用户终端是否为未认证的用户终端。若用户终端为未认证的用户终端,则获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文。在本实施例中,在向用户终端发送重定向报文的步骤中,根据访问请求中的用户终端的IP地址,向用户终端发送重定向报文。访问请求可以为从用户终端到服务器端的请求消息,该访问请求用于获取公网信息,用户终端连接于无线局域网(Wireless Local Area Networks,WLAN)。该访问请求可以根据实际情况进行选择,例如,该访问请求可以为http get请求。In one embodiment, before obtaining the public network information of the broadband access server and generating the redirection message of the user terminal according to the public network information, obtain the access request sent by the user terminal, and determine whether the user terminal is unauthenticated according to the access request. user terminal. If the user terminal is an unauthenticated user terminal, the public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information. In this embodiment, in the step of sending the redirection packet to the user terminal, the redirection packet is sent to the user terminal according to the IP address of the user terminal in the access request. The access request may be a request message from the user terminal to the server, and the access request is used to obtain public network information, and the user terminal is connected to a wireless local area network (Wireless Local Area Networks, WLAN). The access request can be selected according to the actual situation, for example, the access request can be an http get request.
在一实施例中,获取全球广域网(World Wide Web,web)网址,用户终端根据该网址访问全球广域网,并在访问的页面将访问请求发送至宽带接入服务器,以使宽带接入服务器根据该访问请求确定用户终端是否为未认证的用户终端。若用户终端为未认证的用户终端,则对该用户终端进行认证。通过访问请求确定用户终端是否为认证的用户终端,提高了用户终端接入的效率。In one embodiment, a global wide area network (World Wide Web, web) website is obtained, the user terminal accesses the global wide area network according to the website, and sends an access request to the broadband access server on the visited page, so that the broadband access server The access request determines whether the user terminal is an unauthenticated user terminal. If the user terminal is an unauthenticated user terminal, the user terminal is authenticated. Whether the user terminal is an authenticated user terminal is determined through the access request, which improves the efficiency of user terminal access.
在一实施例中,宽带接入服务器根据该访问请求确定用户终端是否为未认证的用户终端可以例如采取如下方式实现。该访问请求包括用户终端标识,确定该用户终端标识是否位于预设的用户终端认证数据库。若该用户终端标识位于该预设的用户终端认证数据库,则确定该用户终端为认证的用户终端。若该用户终端标识不位于该预设的用户终端认证数据库,则确定该用户终端为未认证的用户终端。该用户终端标识为区别用户终端为已认证和未认证的一个标识,该用户终端标识可以根据实际情况进行设置,本公开实施例对此不 做具体限定。该预设的用户终端认证数据库可以为预先根据用户终端标识建立的认证数据库,该数据库的建立可以根据实际情况进行建立,本公开实施例对此不做具体限定。通过用户终端标识确定用户终端是否为认证用户终端,提高了验证的准确性和效率。In an embodiment, the broadband access server determines whether the user terminal is an unauthenticated user terminal according to the access request, for example, in the following manner. The access request includes a user terminal identification, and it is determined whether the user terminal identification is located in a preset user terminal authentication database. If the user terminal identifier is located in the preset user terminal authentication database, it is determined that the user terminal is an authenticated user terminal. If the user terminal identifier is not located in the preset user terminal authentication database, it is determined that the user terminal is an unauthenticated user terminal. The user terminal identifier is an identifier that distinguishes whether the user terminal is authenticated or unauthenticated, and the user terminal identifier can be set according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. The preset user terminal authentication database may be an authentication database established in advance according to the user terminal identifier, and the establishment of the database may be established according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. Whether the user terminal is an authenticated user terminal is determined through the user terminal identifier, which improves the accuracy and efficiency of verification.
在一实施例中,获取宽带接入服务器的公网信息可以例如采取如下方式实现。获取宽带接入服务器的公网信息更新指令,并根据公网信息更新指令,更新带宽接入服务器的公网信息,获取宽带接入服务器的更新后的公网信息。通过对宽带接入服务器的公网信息进行更新,提高了宽带接入服务器的访问的安全性。In an embodiment, acquiring the public network information of the broadband access server may be implemented, for example, in the following manner. The public network information update instruction of the broadband access server is acquired, and the public network information of the bandwidth access server is updated according to the public network information update instruction, and the updated public network information of the broadband access server is acquired. By updating the public network information of the broadband access server, the access security of the broadband access server is improved.
在一实施例中,带宽接入服务器的公网信息包括公网地址和端口信息,更新带宽接入服务器的公网信息包括只更新公网地址、只更新端口信息或同时更新公网地址和端口信息。通过灵活组合式更新宽接入服务器的公网地址和端口信息,提高了宽带接入服务器的访问的安全性。In one embodiment, the public network information of the bandwidth access server includes public network address and port information, and updating the public network information of the bandwidth access server includes updating only the public network address, only updating the port information, or updating the public network address and port at the same time. information. By flexibly updating the public network address and port information of the broadband access server, the access security of the broadband access server is improved.
在一实施例中,获取宽带接入服务器的公网信息更新指令包括用户终端发送更新指令至宽带接入服务器,以使宽带接入服务器获取该更新指令,进而进行公网信息的更新。在另一些实施例中,设置预设时间间隔获取宽带接入服务器的公网信息更新指令,以根据该更新指令更新宽带接入服务器。In one embodiment, acquiring the public network information update instruction of the broadband access server includes sending the update instruction to the broadband access server by the user terminal, so that the broadband access server acquires the update instruction and then updates the public network information. In some other embodiments, a preset time interval is set to acquire the public network information update instruction of the broadband access server, so as to update the broadband access server according to the update instruction.
在一实施例中,根据公网信息生成用户终端的重定向报文可以例如采取如下方式实现。对公网信息进行加密,得到加密后的公网信息。根据加密后的公网信息和门户服务器的认证页面的URL地址,生成用户终端的重定向报文。需要说明的是,对该公网信息进行加密的方式可以根据实际情况进行,本公开实施例对此不做具体限定。例如,通过将宽带接入服务器设置URL地址后几位(例如后两位或三位)作为私钥,根据该私钥和预设加密算法对该公网信息进行加密,得到加密的公网信息。通过对公网信息进行加密,提高了宽带接入服务器的公网信息的安全性。In an embodiment, generating the redirection message of the user terminal according to the public network information may be implemented in the following manner, for example. Encrypt public network information to obtain encrypted public network information. According to the encrypted public network information and the URL address of the authentication page of the portal server, a redirection message of the user terminal is generated. It should be noted that, the manner of encrypting the public network information may be performed according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. For example, by setting the last few digits (such as the last two or three digits) of the URL address on the broadband access server as the private key, and encrypting the public network information according to the private key and the preset encryption algorithm, the encrypted public network information is obtained. . By encrypting the public network information, the security of the public network information of the broadband access server is improved.
在一实施例中,宽带接入服务器包括第一宽带接入服务器和第二宽带接入服务器。当第一宽带接入服务器出现故障时,获取第二宽带接入服务器的第一公网信息,该第一公网信息包括第一宽带接入服务器的公网地址和端口信息。当第一宽带接入服务器出现故障时,获取第二宽带接入服务器的第二公网信息,该第二公网信息包括第二宽带接入服务器的公网地址和端口信息。第一宽带接入服务器和第二宽带接入服务器的数据是同步的,保证其中一个出现故障后,可以访问另外一个,提高系统稳定性。In one embodiment, the broadband access server includes a first broadband access server and a second broadband access server. When the first broadband access server fails, obtain first public network information of the second broadband access server, where the first public network information includes the public network address and port information of the first broadband access server. When the first broadband access server fails, second public network information of the second broadband access server is acquired, where the second public network information includes the public network address and port information of the second broadband access server. The data of the first broadband access server and the second broadband access server are synchronized to ensure that after one of them fails, the other can be accessed, thereby improving system stability.
步骤S102、向用户终端发送重定向报文,以使用户终端向门户服务器发送重定向报文中的公网信息,使得门户服务器能够基于公网信息访问宽带接入服务器。Step S102: Send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information.
换而言之,宽带接入服务器向用户终端发送重定向报文,用户终端接收到该重定向报 文,并根据该重定向报文中的URL地址显示对应的认证页面,获取用户在该认证页面输入的待认证信息,并将URL信息中的宽带接入服务器的公网信息和待认证信息发送至门户服务器(porta lserver)。重定向报文包括URL信息,该URL为统一资源定位标识符(Uniform Resource Locator)。该认证页面可以为访问门户服务器的登录页面,该待认证信息可以为用户名和密码。In other words, the broadband access server sends a redirection message to the user terminal, and the user terminal receives the redirection message, and displays the corresponding authentication page according to the URL address in the redirection message, and obtains the authentication page of the user. The information to be authenticated entered on the page, and the public network information of the broadband access server and the information to be authenticated in the URL information are sent to the portal server. The redirection message includes URL information, where the URL is a Uniform Resource Locator (Uniform Resource Locator). The authentication page may be a login page for accessing the portal server, and the information to be authenticated may be a user name and a password.
在一实施例中,根据该访问请求中的用户终端的IP地址,向用户终端发送重定向报文可以例如采取如下方式实现。获取宽带接入服务器的公网信息和门户服务器的认证页面的URL地址。根据公网信息和URL地址,生成URL信息,并根据URL信息生成重定向报文。根据访问请求中的用户终端的IP地址向用户终端发送重定向报文。该宽带接入服务器的公网信息可以为宽带接入服务器的公网地址和端口信息,该公网地址和端口信息的设置可以根据实际情况进行设置,本公开实施例对此不做具体限定。该URL地址可以为显示门户服务器页面的地址,该显示门户服务器页面的地址可以为获取需要接入门户服务器的地址得到。根据该访问请求向用户终端发送重定向报文提高了宽带接入服务器的访问的效率。In an embodiment, according to the IP address of the user terminal in the access request, sending a redirection packet to the user terminal may be implemented, for example, in the following manner. Obtain the public network information of the broadband access server and the URL address of the authentication page of the portal server. According to the public network information and the URL address, the URL information is generated, and the redirection message is generated according to the URL information. Send a redirection packet to the user terminal according to the IP address of the user terminal in the access request. The public network information of the broadband access server may be the public network address and port information of the broadband access server, and the settings of the public network address and port information may be set according to actual conditions, which are not specifically limited in this embodiment of the present disclosure. The URL address may be the address for displaying the portal server page, and the address for displaying the portal server page may be obtained by obtaining the address for accessing the portal server. Sending a redirection message to the user terminal according to the access request improves the access efficiency of the broadband access server.
在一实施例中,当门户服务器接收到用户终端发送的宽带接入服务器的公网信息和待认证信息之后,根据该公网信息将待认证信息发送给宽带接入服务器,以使宽带接入服务器对该待认证信息进行认证,并将认证的结果发送至用户终端。In one embodiment, after the portal server receives the public network information and the information to be authenticated of the broadband access server sent by the user terminal, it sends the information to be authenticated to the broadband access server according to the public network information, so that the broadband access The server authenticates the information to be authenticated, and sends the authentication result to the user terminal.
在一实施例中,获取门户服务器基于该公网信息发送的用户终端的待认证信息,对待认证信息进行认证,得到用户终端的认证结果,并向用户终端发送认证结果。通过对待认证信息进行认证,确定宽带接入服务器的访问是否通过认证,提高了判断门户服务器是否能够访问宽带接入服务器的准确性。In one embodiment, the information to be authenticated of the user terminal sent by the portal server based on the public network information is obtained, the information to be authenticated is authenticated, the authentication result of the user terminal is obtained, and the authentication result is sent to the user terminal. By authenticating the to-be-authenticated information, it is determined whether the access to the broadband access server passes the authentication, which improves the accuracy of judging whether the portal server can access the broadband access server.
在一实施例中,对待认证信息进行认证,得到用户终端的认证结果可以例如采取如下方式实现。获取认证信息中的用户名和密码,确定用户名和密码是否位于宽带接入服务器的认证数据库中。若确定用户名和密码位于宽带接入服务器的认证数据库中,则确定待认证信息通过认证。若确定用户名和密码不位于宽带接入服务器的认证数据库中,则确定待认证信息未通过认证。通过确定用户名和密码是否位于宽带接入服务器的认证数据库中,进而确定是否通过认证,提高了认证的效率和准确性。In an embodiment, the authentication information to be authenticated to obtain the authentication result of the user terminal may be implemented in the following manner, for example. Obtain the user name and password in the authentication information, and determine whether the user name and password are in the authentication database of the broadband access server. If it is determined that the user name and password are located in the authentication database of the broadband access server, it is determined that the information to be authenticated has passed the authentication. If it is determined that the user name and password are not located in the authentication database of the broadband access server, it is determined that the information to be authenticated has not passed the authentication. By determining whether the user name and password are located in the authentication database of the broadband access server, and then determining whether the authentication is passed, the efficiency and accuracy of the authentication are improved.
在一实施例中,认证结果包括通过认证和未通过。若认证结果为认证通过,则将认证通过的结果发送至门户服务器,门户服务器将认证通过的结果至用户终端,用户终端根据认证通过的结果可以穿过防火墙,进而访问墙内的宽带接入服务器。若认证结果为认证未通过,则将认证未通过的结果发送至门户服务器,门户服务器将认证未通过的结果至用户终端,用户终端根据认证未通过的结果不能穿过防火墙,进而不能访问墙内的宽带接入服 务器。In one embodiment, the authentication result includes passed authentication and failed. If the authentication result is the authentication passed, the authentication result is sent to the portal server, the portal server sends the authentication result to the user terminal, and the user terminal can pass through the firewall according to the authentication result, and then access the broadband access server in the wall . If the authentication result is that the authentication fails, the authentication failure result is sent to the portal server, and the portal server sends the authentication failure result to the user terminal. The user terminal cannot pass through the firewall according to the authentication failure result, and thus cannot access the wall broadband access server.
上述实施例提供的宽带接入服务器的访问方法中,通过获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文,公网信息包括宽带接入服务器的公网地址和端口信息;向用户终端发送重定向报文,以使用户终端向门户服务器发送重定向报文中的公网信息,使得门户服务器能够基于公网信息访问宽带接入服务器。上述方案通过获取宽带接入服务器的公网信息,使得门户服务器能够基于公网信息访问宽带接入服务器,极大地提高了用户的使用体验。In the access method of the broadband access server provided by the above embodiment, the public network information of the broadband access server is obtained, and the redirection message of the user terminal is generated according to the public network information, and the public network information includes the public network of the broadband access server. address and port information; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information. The above solution enables the portal server to access the broadband access server based on the public network information by acquiring the public network information of the broadband access server, which greatly improves the user experience.
请参照图2,图2为本公开实施例提供的另一种宽带接入服务器的访问方法的流程示意图。Please refer to FIG. 2 , which is a schematic flowchart of another method for accessing a broadband access server according to an embodiment of the present disclosure.
如图2所示,该方法应用于访问系统,该访问系统包括用户终端、宽带接入服务器和门户服务器,该方法包括如下步骤S201至步骤S203。As shown in FIG. 2 , the method is applied to an access system, and the access system includes a user terminal, a broadband access server and a portal server, and the method includes the following steps S201 to S203.
步骤S201、宽带接入服务器根据宽带接入服务器的公网信息,生成用户终端的重定向报文,并向用户终端发送该重定向报文。Step S201, the broadband access server generates a redirection message of the user terminal according to the public network information of the broadband access server, and sends the redirection message to the user terminal.
换而言之,获取宽带接入服务器的公网信息,根据该公网信息和门户服务器的认证页面的URL地址,生成用户终端的重定向报文,并将该重定向报文发送至用户终端。In other words, obtain the public network information of the broadband access server, generate a redirection message of the user terminal according to the public network information and the URL address of the authentication page of the portal server, and send the redirection message to the user terminal .
在一实施例中,接收门户服务器根据公网信息发送的待认证信息,并对该待认证信息进行认证,以确定门户服务器能够能否接入宽带接入服务器。In one embodiment, the information to be authenticated sent by the portal server according to the public network information is received, and the information to be authenticated is authenticated to determine whether the portal server can access the broadband access server.
步骤S202、用户终端获取宽带接入服务器发送的重定向报文,并将重定向报文中的公网信息发送给门户服务器。Step S202, the user terminal acquires the redirection message sent by the broadband access server, and sends the public network information in the redirection message to the portal server.
换而言之,当用户终端接收到宽带接入服务器发送的重定向报文之后,获取重定向报文中URL地址,并根据该URL地址显示对应的认证页面,获取用户在该页面输入的待认证信息,并将该待认证信息和重定向报文中的宽带接入服务器的公网信息发送至门户服务器。In other words, when the user terminal receives the redirection message sent by the broadband access server, it obtains the URL address in the redirection message, displays the corresponding authentication page according to the URL address, and obtains the waiting list entered by the user on the page. authentication information, and send the information to be authenticated and the public network information of the broadband access server in the redirection message to the portal server.
步骤S203、门户服务器获取用户终端发送的公网信息,并根据公网信息访问宽带接入服务器。Step S203, the portal server acquires the public network information sent by the user terminal, and accesses the broadband access server according to the public network information.
换而言之,当门户服务器接收到用户终端发送的宽带接入服务器的公网信息和待认证信息之后,根据该公网信息将待认证信息发送给宽带接入服务器,以使宽带接入服务器对该待认证信息进行认证,并将认证的结果发送至用户终端。In other words, after the portal server receives the public network information and the information to be authenticated of the broadband access server sent by the user terminal, it sends the information to be authenticated to the broadband access server according to the public network information, so that the broadband access server The information to be authenticated is authenticated, and the authentication result is sent to the user terminal.
在一实施例中,对公网信息进行解密,并根据解密后的公网信息访问宽带接入服务器。需要说明的是,对该公网信息进行解密可以根据实际情况进行,本公开实施例对此不做具 体限定。例如,获取解密的私钥,根据该私钥对该公网信息进行解密,得到解密的公网信息。通过对加密的公网信息进行解密,得到解密的公网信息,将待认证信息发送至宽带接入服务器,提高了认证的安全性。In one embodiment, the public network information is decrypted, and the broadband access server is accessed according to the decrypted public network information. It should be noted that, the decryption of the public network information may be performed according to the actual situation, which is not specifically limited in this embodiment of the present disclosure. For example, the decrypted private key is obtained, the public network information is decrypted according to the private key, and the decrypted public network information is obtained. By decrypting the encrypted public network information, the decrypted public network information is obtained, and the information to be authenticated is sent to the broadband access server, thereby improving the security of authentication.
如图3所示,图3为本公开实施例提供的宽带接入服务器的访问数据传输路线的场景示意图。As shown in FIG. 3 , FIG. 3 is a schematic diagram of a scenario of an access data transmission route of a broadband access server according to an embodiment of the present disclosure.
如图3所示,用户终端301通过传输线路10向宽带接入服务器302申请IP地址。宽带接入服务器302在接收到用户终端301发送的申请IP地址的请求之后,将IP地址通过传输线路20发送给用户终端301。用户终端301获取全球广域网网址,并通过该网址访问全球广域网页面,将访问请求通过传输线路30发送至宽带接入服务器302,该宽带接入服务器302基于该访问请求通过传输路线40向用户终端301发送重定向报文。用户终端301接收到该重定向报文,并根据该重定向报文中的URL地址访问门户服务器304页面,获取用户在登录页面输入的待认证信息。用户终端301通过传输线路50将待认证信息和公网信息发送至门户服务器304,该门户服务器304根据该公网信息通过传输路线60将待认证信息发送至宽带接入服务器302,该宽带接入服务器302对该待认证信息进行认证,并将认证结果通过传输路线70发送至门户服务器304,该门户服务器304接收到该认证结果之后通过传输路线80将该认证结果发送至用户终端301,以使用户终端301知晓门户服务器304能否穿过防火墙303进而访问宽带接入服务器302。As shown in FIG. 3 , the user terminal 301 applies for an IP address to the broadband access server 302 through the transmission line 10 . After receiving the request for applying for an IP address sent by the user terminal 301 , the broadband access server 302 sends the IP address to the user terminal 301 through the transmission line 20 . The user terminal 301 obtains the global wide area network website, and accesses the global wide area network page through the website, and sends the access request to the broadband access server 302 through the transmission line 30, and the broadband access server 302 sends the user terminal 301 through the transmission line 40 based on the access request. Send a redirect message. The user terminal 301 receives the redirection message, and accesses the page of the portal server 304 according to the URL address in the redirection message, and obtains the information to be authenticated entered by the user on the login page. The user terminal 301 sends the information to be authenticated and the public network information to the portal server 304 through the transmission line 50, and the portal server 304 sends the information to be authenticated to the broadband access server 302 through the transmission line 60 according to the public network information. The server 302 authenticates the information to be authenticated, and sends the authentication result to the portal server 304 through the transmission route 70. After receiving the authentication result, the portal server 304 sends the authentication result to the user terminal 301 through the transmission route 80, so that the The user terminal 301 knows whether the portal server 304 can access the broadband access server 302 through the firewall 303 or not.
上述实施例提供的宽带接入服务器的访问方法中,宽带接入服务器根据所述宽带接入服务器的公网信息,生成用户终端的重定向报文,并向用户终端发送重定向报文;用户终端获取宽带接入服务器发送的重定向报文,并将重定向报文中的公网信息发送给门户服务器;门户服务器获取用户终端发送的公网信息,并根据公网信息访问宽带接入服务器。上述方案通过获取宽带接入服务器的公网信息,使得门户服务器能够基于公网信息访问所述宽带接入服务器,极大地提高了用户的使用体验。In the access method for the broadband access server provided by the above embodiment, the broadband access server generates a redirection message of the user terminal according to the public network information of the broadband access server, and sends the redirection message to the user terminal; the user The terminal obtains the redirection message sent by the broadband access server, and sends the public network information in the redirection message to the portal server; the portal server obtains the public network information sent by the user terminal, and accesses the broadband access server according to the public network information . The above solution enables the portal server to access the broadband access server based on the public network information by acquiring the public network information of the broadband access server, which greatly improves the user experience.
请参阅图4,图4为本公开实施例提供的宽带接入服务器的访问系统的结构示意图。Please refer to FIG. 4 , which is a schematic structural diagram of an access system for a broadband access server according to an embodiment of the present disclosure.
如图4所示,该宽带接入服务器的访问系统400包括用户终端401、宽带接入服务器402和门户服务器403。As shown in FIG. 4 , the access system 400 of the broadband access server includes a user terminal 401 , a broadband access server 402 and a portal server 403 .
宽带接入服务器402根据宽带接入服务器402的公网信息,生成用户终端401的重定向报文,并向用户终端401发送重定向报文。The broadband access server 402 generates a redirection packet of the user terminal 401 according to the public network information of the broadband access server 402 , and sends the redirection packet to the user terminal 401 .
用户终端402获取宽带接入服务器401发送的重定向报文,并将重定向报文中的公网信息发送给门户服务器403。The user terminal 402 acquires the redirection message sent by the broadband access server 401 , and sends the public network information in the redirection message to the portal server 403 .
门户服务器403获取用户终端402发送的公网信息,并根据公网信息访问宽带接入服务器401。The portal server 403 acquires the public network information sent by the user terminal 402, and accesses the broadband access server 401 according to the public network information.
需要说明的是,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的宽带接入服务器的访问系统的具体工作过程,可以参考前述宽带接入服务器的访问方法实施例中的对应过程,在此不再赘述。It should be noted that those skilled in the art can clearly understand that, for the convenience and brevity of the description, for the specific working process of the access system of the broadband access server described above, reference may be made to the aforementioned embodiments of the access method for the broadband access server The corresponding process in , will not be repeated here.
请参阅图5,图5为本公开实施例提供的一种宽带接入服务器的结构示意性框图。Please refer to FIG. 5, which is a schematic block diagram of the structure of a broadband access server according to an embodiment of the present disclosure.
如图5所示,宽带接入服务器500包括处理器501和存储器502,处理器501和存储器502通过总线503连接。该总线503比如为I2C(Inter-integrated Circuit)总线。As shown in FIG. 5 , the broadband access server 500 includes a processor 501 and a memory 502 , and the processor 501 and the memory 502 are connected through a bus 503 . The bus 503 is, for example, an I2C (Inter-integrated Circuit) bus.
在一实施例中,处理器501可以配置为提供计算和控制能力,支撑整个宽带接入服务器的运行。处理器501可以是中央处理单元(Central Processing Unit,CPU),该处理器501还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。In one embodiment, the processor 501 may be configured to provide computing and control capabilities to support the operation of the entire broadband access server. The processor 501 can be a central processing unit (Central Processing Unit, CPU), and the processor 501 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC) ), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
在一实施例中,存储器502可以是Flash芯片、只读存储器(ROM,Read-Only Memory)磁盘、光盘、U盘或移动硬盘等。In one embodiment, the memory 502 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) magnetic disk, an optical disk, a U disk, or a removable hard disk, or the like.
本领域技术人员可以理解,图5中示出的结构,仅仅是与本公开方案相关的部分结构的框图,并不构成对本公开方案所应用于其上的宽带接入服务器的限定,具体的宽带接入服务器可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 5 is only a block diagram of a partial structure related to the solution of the present disclosure, and does not constitute a limitation on the broadband access server to which the solution of the present disclosure is applied. The access server may include more or fewer components than shown, or combine certain components, or have a different arrangement of components.
所述处理器可以配置为运行存储在存储器中的计算机程序,并在执行计算机程序时实现本公开实施例提供的任意一种用于宽带接入服务器的访问方法。The processor may be configured to run a computer program stored in the memory, and when executing the computer program, implement any one of the access methods for the broadband access server provided by the embodiments of the present disclosure.
在一实施例中,所述处理器可以配置为运行存储在存储器中的计算机程序,并在执行计算机程序时实现如下步骤。In one embodiment, the processor may be configured to run a computer program stored in a memory and, when executing the computer program, implement the following steps.
获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文,该公网信息包括宽带接入服务器的公网地址和端口信息。The public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information, where the public network information includes the public network address and port information of the broadband access server.
向用户终端发送重定向报文,以使用户终端向门户服务器发送该重定向报文中的公网信息,使得门户服务器能够基于该公网信息访问宽带接入服务器。A redirection message is sent to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband access server based on the public network information.
在一实施例中,所述处理器在实现根据公网信息生成用户终端的重定向报文时,还可以配置为实现如下步骤。In an embodiment, when generating the redirection message of the user terminal according to the public network information, the processor may be further configured to implement the following steps.
对公网信息进行加密,得到加密后的公网信息。Encrypt public network information to obtain encrypted public network information.
根据加密后的公网信息和门户服务器的认证页面的URL地址,生成用户终端的重定向报文。According to the encrypted public network information and the URL address of the authentication page of the portal server, a redirection message of the user terminal is generated.
在一实施例中,所述处理器在实现宽带接入服务器包括第一宽带接入服务器和第二宽带接入服务器,获取宽带接入服务器的公网信息时,还可以配置为实现如下步骤。In an embodiment, when the processor implements that the broadband access server includes a first broadband access server and a second broadband access server, and acquires the public network information of the broadband access server, the processor may be further configured to implement the following steps.
当第二宽带接入服务器出现故障时,获取第一宽带接入服务器的第一公网信息,该第一公网信息包括第一宽带接入服务器的公网地址和端口信息。When the second broadband access server fails, obtain first public network information of the first broadband access server, where the first public network information includes the public network address and port information of the first broadband access server.
当第一宽带接入服务器出现故障时,获取第二宽带接入服务器的第二公网信息,该第二公网信息包括第二宽带接入服务器的公网地址和端口信息。When the first broadband access server fails, second public network information of the second broadband access server is acquired, where the second public network information includes the public network address and port information of the second broadband access server.
在一实施例中,处理器还可以配置为实现如下步骤。In an embodiment, the processor may also be configured to implement the following steps.
获取宽带接入服务器的公网信息更新指令,并根据该公网信息更新指令,更新带宽接入服务器的公网信息。The public network information update instruction of the broadband access server is acquired, and the public network information of the bandwidth access server is updated according to the public network information update instruction.
获取宽带接入服务器的公网信息,包括:获取宽带接入服务器的更新后的公网信息。Acquiring the public network information of the broadband access server includes: acquiring updated public network information of the broadband access server.
在一实施例中,所述处理器在实现获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文之前,还可以配置为实现如下步骤。In an embodiment, before the processor acquires the public network information of the broadband access server and generates a redirection message of the user terminal according to the public network information, the processor may be further configured to implement the following steps.
获取用户终端发送的访问请求,并根据该访问请求确定用户终端是否为未认证的用户终端。The access request sent by the user terminal is acquired, and whether the user terminal is an unauthenticated user terminal is determined according to the access request.
若用户终端为未认证的用户终端,则获取宽带接入服务器的公网信息,并根据该公网信息生成用户终端的重定向报文。If the user terminal is an unauthenticated user terminal, the public network information of the broadband access server is acquired, and a redirection message of the user terminal is generated according to the public network information.
向用户终端发送重定向报文,包括:根据访问请求中的用户终端的IP地址,向用户终端发送重定向报文。Sending a redirection packet to the user terminal includes: sending a redirection packet to the user terminal according to the IP address of the user terminal in the access request.
在一实施例中,所述处理器在实现向用户终端发送重定向报文之后,还可以配置为实现如下步骤。In an embodiment, after the processor implements sending the redirection message to the user terminal, the processor may be further configured to implement the following steps.
获取门户服务器基于公网信息发送的用户终端的待认证信息。Obtain the pending authentication information of the user terminal sent by the portal server based on the public network information.
对待认证信息进行认证,得到用户终端的认证结果,并向用户终端发送认证结果。The authentication information is authenticated, the authentication result of the user terminal is obtained, and the authentication result is sent to the user terminal.
需要说明的是,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的宽带接入服务器的具体工作过程,可以参考前述宽带接入服务器的访问方法实施例中的对应过程,在此不再赘述。It should be noted that those skilled in the art can clearly understand that, for the convenience and brevity of the description, for the specific working process of the broadband access server described above, reference may be made to the corresponding embodiments of the access method for the broadband access server described above. The process is not repeated here.
本公开实施例还提供一种存储介质,用于计算机可读存储。该存储介质存储有一个或多个程序,该一个或多个程序可被一个或多个处理器执行,以实现如本公开实施例提供的任一项宽带接入服务器的访问方法的步骤。Embodiments of the present disclosure also provide a storage medium for computer-readable storage. The storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of any broadband access server access method provided by the embodiments of the present disclosure.
例如,该存储介质可以是前述实施例所述的宽带接入服务器的内部存储单元,例如宽带接入服务器的硬盘或内存。该存储介质也可以是宽带接入服务器的外部存储设备,例如宽带接入服务器上配备的插接式硬盘、智能存储卡(Smart Media Card,SMC)、安全数字(Secure Digital,SD)卡、闪存卡(Flash Card)等。For example, the storage medium may be an internal storage unit of the broadband access server described in the foregoing embodiments, such as a hard disk or a memory of the broadband access server. The storage medium may also be an external storage device of the broadband access server, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, a flash memory, and a plug-in hard disk equipped on the broadband access server. Card (Flash Card), etc.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分。例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,如本领域普通技术人员公知,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some of the steps in the methods disclosed above, functional modules/units in the systems, and devices can be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components. For example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit . Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile embodied in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data , removable and non-removable media. Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer. Furthermore, communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art.
利用本公开实施例提供的宽带接入服务器的访问方法、服务器及存储介质,通过获取宽带接入服务器的公网信息,并根据公网信息生成用户终端的重定向报文,该公网信息包括宽带接入服务器的公网地址和端口信息;向用户终端发送重定向报文,以使用户终端向门户服务器发送重定向报文中的公网信息,使得门户服务器能够基于公网信息访问宽带接入服务器。这样实现了获取宽带接入服务器的公网信息,使得门户服务器能够基于公网信息访问宽带接入服务器,极大地提高了用户的使用体验。By using the broadband access server access method, server, and storage medium provided by the embodiments of the present disclosure, the public network information of the broadband access server is obtained, and a redirection message of the user terminal is generated according to the public network information, and the public network information includes: The public network address and port information of the broadband access server; send a redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the broadband connection based on the public network information. into the server. In this way, the public network information of the broadband access server is obtained, so that the portal server can access the broadband access server based on the public network information, which greatly improves the user experience.
应当理解,在本公开说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使 得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be understood that, as used in this disclosure and the appended claims, the term "and/or" refers to and including any and all possible combinations of one or more of the associated listed items. It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or system comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or system. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system that includes the element.
上述本公开实施例序号仅仅为了描述,不代表实施例的优劣。以上,仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本公开揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应以权利要求的保护范围为准。The above-mentioned serial numbers of the embodiments of the present disclosure are only for description, and do not represent the advantages or disadvantages of the embodiments. The above are only specific embodiments of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any person skilled in the art who is familiar with the technical field of the present disclosure can easily think of various equivalent modifications or Alternatives, such modifications or substitutions should all be included within the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure should be subject to the protection scope of the claims.

Claims (14)

  1. 一种宽带接入服务器的访问方法,包括:An access method for a broadband access server, comprising:
    获取所述宽带接入服务器的公网信息,并根据所述公网信息生成用户终端的重定向报文,其中,所述公网信息包括所述宽带接入服务器的公网地址和端口信息;acquiring public network information of the broadband access server, and generating a redirection message of the user terminal according to the public network information, wherein the public network information includes the public network address and port information of the broadband access server;
    向所述用户终端发送所述重定向报文,以使所述用户终端向门户服务器发送所述重定向报文中的公网信息,使得所述门户服务器能够基于所述公网信息访问所述宽带接入服务器。Send the redirection message to the user terminal, so that the user terminal sends the public network information in the redirection message to the portal server, so that the portal server can access the Broadband access server.
  2. 根据权利要求1所述的访问方法,其中,所述根据所述公网信息生成用户终端的重定向报文,包括:The access method according to claim 1, wherein the generating a redirection message of the user terminal according to the public network information comprises:
    对所述公网信息进行加密,得到加密后的公网信息;Encrypting the public network information to obtain encrypted public network information;
    根据所述加密后的公网信息和所述门户服务器的认证页面的统一资源定位标识符URL地址,生成用户终端的重定向报文。According to the encrypted public network information and the URL address of the uniform resource location identifier of the authentication page of the portal server, a redirection message of the user terminal is generated.
  3. 根据权利要求1所述的访问方法,其中,所述宽带接入服务器包括第一宽带接入服务器和第二宽带接入服务器,The access method according to claim 1, wherein the broadband access server comprises a first broadband access server and a second broadband access server,
    所述获取所述宽带接入服务器的公网信息,包括:The acquiring the public network information of the broadband access server includes:
    当所述第二宽带接入服务器出现故障时,获取所述第一宽带接入服务器的第一公网信息,其中,所述第一公网信息包括所述第一宽带接入服务器的公网地址和端口信息;When the second broadband access server fails, acquire first public network information of the first broadband access server, where the first public network information includes the public network of the first broadband access server address and port information;
    当所述第一宽带接入服务器出现故障时,获取所述第二宽带接入服务器的第二公网信息,其中,所述第二公网信息包括所述第二宽带接入服务器的公网地址和端口信息。When the first broadband access server fails, acquire second public network information of the second broadband access server, where the second public network information includes the public network of the second broadband access server address and port information.
  4. 根据权利要求1所述的访问方法,还包括:The access method according to claim 1, further comprising:
    获取所述宽带接入服务器的公网信息更新指令,并根据所述公网信息更新指令,更新所述带宽接入服务器的公网信息;Acquire the public network information update instruction of the broadband access server, and update the public network information of the bandwidth access server according to the public network information update instruction;
    所述获取所述宽带接入服务器的公网信息,包括:The acquiring the public network information of the broadband access server includes:
    获取所述宽带接入服务器的更新后的公网信息。Acquire updated public network information of the broadband access server.
  5. 根据权利要求1-4中任一项所述的访问方法,其中,所述获取所述宽带接入服务器的公网信息,并根据所述公网信息生成用户终端的重定向报文之前,还包括:The access method according to any one of claims 1-4, wherein before the acquiring the public network information of the broadband access server and generating the redirection message of the user terminal according to the public network information, further include:
    获取用户终端发送的访问请求,并根据所述访问请求确定所述用户终端是否为未认证的用户终端;acquiring an access request sent by a user terminal, and determining whether the user terminal is an unauthenticated user terminal according to the access request;
    若所述用户终端为未认证的用户终端,则获取所述宽带接入服务器的公网信息,并根据所述公网信息生成所述用户终端的重定向报文;If the user terminal is an unauthenticated user terminal, obtain the public network information of the broadband access server, and generate a redirection message of the user terminal according to the public network information;
    所述向所述用户终端发送所述重定向报文,包括:The sending the redirection message to the user terminal includes:
    根据所述访问请求中的所述用户终端的IP地址,向所述用户终端发送所述重定向报文。Send the redirection packet to the user terminal according to the IP address of the user terminal in the access request.
  6. 根据权利要求5所述的访问方法,其中,所述根据所述访问请求确定所述用户终端是否为未认证的用户终端,包括:The access method according to claim 5, wherein the determining whether the user terminal is an unauthenticated user terminal according to the access request comprises:
    所述访问请求包括用户终端标识,确定所述用户终端标识是否位于预设的用户终端认证数据库;The access request includes a user terminal identification, and it is determined whether the user terminal identification is located in a preset user terminal authentication database;
    若所述用户终端标识位于所述预设的用户终端认证数据库,则确定所述用户终端为认证的用户终端;If the user terminal identifier is located in the preset user terminal authentication database, determining that the user terminal is an authenticated user terminal;
    若所述用户终端标识不位于所述预设的用户终端认证数据库,则确定所述用户终端为未认证的用户终端。If the user terminal identifier is not located in the preset user terminal authentication database, it is determined that the user terminal is an unauthenticated user terminal.
  7. 根据权利要求5所述的访问方法,其中,所述根据所述访问请求中的用户终端的IP地址,向所述用户终端发送所述重定向报文,包括:The access method according to claim 5, wherein the sending the redirection message to the user terminal according to the IP address of the user terminal in the access request comprises:
    获取所述宽带接入服务器的公网信息和所述门户服务器的认证页面的URL地址;Obtain the public network information of the broadband access server and the URL address of the authentication page of the portal server;
    根据所述公网信息和所述URL地址,生成URL信息,并根据所述URL信息生成所述重定向报文;Generate URL information according to the public network information and the URL address, and generate the redirection message according to the URL information;
    将所述重定向报文发送到所述用户终端。Send the redirection message to the user terminal.
  8. 根据权利要求5所述的访问方法,其中,所述向所述用户终端发送所述重定向报文之后,还包括:The access method according to claim 5, wherein after the sending the redirection message to the user terminal, the method further comprises:
    获取所述门户服务器基于所述公网信息发送的所述用户终端的待认证信息;acquiring the pending authentication information of the user terminal sent by the portal server based on the public network information;
    对所述待认证信息进行认证,得到所述用户终端的认证结果,并向所述用户终端发送所述认证结果。The information to be authenticated is authenticated, an authentication result of the user terminal is obtained, and the authentication result is sent to the user terminal.
  9. 根据权利要求8所述的访问方法,其中,所述对所述待认证信息进行认证,得到所述用户终端的认证结果,包括:The access method according to claim 8, wherein the performing authentication on the to-be-authenticated information to obtain an authentication result of the user terminal comprises:
    获取所述认证信息中的用户名和密码,确定所述用户名和所述密码是否位于所述宽带接入服务器的认证数据库中;Obtain the username and password in the authentication information, and determine whether the username and the password are located in the authentication database of the broadband access server;
    若确定所述用户名和所述密码位于所述宽带接入服务器的认证数据库中,则确定所述待认证信息通过认证;If it is determined that the user name and the password are located in the authentication database of the broadband access server, it is determined that the information to be authenticated has passed the authentication;
    若确定所述用户名和所述密码不位于所述宽带接入服务器的认证数据库中,则确定所述待认证信息未通过认证。If it is determined that the user name and the password are not located in the authentication database of the broadband access server, it is determined that the information to be authenticated has not passed authentication.
  10. 一种宽带接入服务器的访问方法,应用于访问系统,所述访问系统包括用户终端、宽带接入服务器和门户服务器,所述方法包括:An access method for a broadband access server, applied to an access system, the access system comprising a user terminal, a broadband access server and a portal server, the method comprising:
    所述宽带接入服务器根据所述宽带接入服务器的公网信息,生成所述用户终端的重定向报文,并向所述用户终端发送所述重定向报文;The broadband access server generates a redirection packet of the user terminal according to the public network information of the broadband access server, and sends the redirection packet to the user terminal;
    所述用户终端获取所述宽带接入服务器发送的所述重定向报文,并将所述重定向报文中的所述公网信息发送给所述门户服务器;obtaining, by the user terminal, the redirection message sent by the broadband access server, and sending the public network information in the redirection message to the portal server;
    所述门户服务器获取所述用户终端发送的所述公网信息,并根据所述公网信息访问所述宽带接入服务器。The portal server acquires the public network information sent by the user terminal, and accesses the broadband access server according to the public network information.
  11. 根据权利要求10所述的访问方法,其中,所述门户服务器根据所述公网信息访问所述宽带接入服务器,包括:The access method according to claim 10, wherein the portal server accesses the broadband access server according to the public network information, comprising:
    对所述公网信息进行解密,并根据解密后的公网信息访问所述宽带接入服务器。Decrypt the public network information, and access the broadband access server according to the decrypted public network information.
  12. 根据权利要求11所述的访问方法,其中,所述对所述公网信息进行解密,包括:The access method according to claim 11, wherein the decrypting the public network information comprises:
    获取解密的私钥,根据所述私钥对所述公网信息进行解密,得到解密后的公网信息。Obtain the decrypted private key, decrypt the public network information according to the private key, and obtain the decrypted public network information.
  13. 一种宽带接入服务器,其中,所述宽带接入服务器包括处理器、存储器、存储在所述存储器上并可被所述处理器执行的计算机程序以及用于实现所述处理器和所述存储器之间的连接通信的数据总线,其中所述计算机程序被所述处理器执行时,实现如权利要求1至9中任一项所述的宽带接入服务器的访问方法的步骤。A broadband access server, wherein the broadband access server includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a computer program for implementing the processor and the memory A data bus for connection communication between, wherein the computer program, when executed by the processor, implements the steps of the access method for a broadband access server as claimed in any one of claims 1 to 9.
  14. 一种存储介质,用于计算机可读存储,其中,所述存储介质存储有一个或多个程序,所述一个或多个程序可被一个或多个处理器执行,以实现权利要求1至9中任一项所述的宽带接入服务器的访问方法的步骤。A storage medium for computer-readable storage, wherein the storage medium stores one or more programs executable by one or more processors to implement claims 1 to 9 The steps of any one of the methods for accessing a broadband access server.
PCT/CN2021/118161 2020-09-14 2021-09-14 Method for accessing broadband access server, server, and storage medium WO2022053055A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010963736.4A CN114268444A (en) 2020-09-14 2020-09-14 Access method of broadband access server, server and storage medium
CN202010963736.4 2020-09-14

Publications (1)

Publication Number Publication Date
WO2022053055A1 true WO2022053055A1 (en) 2022-03-17

Family

ID=80632621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/118161 WO2022053055A1 (en) 2020-09-14 2021-09-14 Method for accessing broadband access server, server, and storage medium

Country Status (2)

Country Link
CN (1) CN114268444A (en)
WO (1) WO2022053055A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060002369A1 (en) * 2004-07-01 2006-01-05 Bce Inc. Methods and systems for delivery of broadband services to customer premises equipment
CN101582856A (en) * 2009-06-29 2009-11-18 杭州华三通信技术有限公司 Session setup method of Portal server and BAS (broadband access server) device and system thereof
CN101895526A (en) * 2009-05-20 2010-11-24 中国电信股份有限公司 Dial-up authentication method and system
US20120254943A1 (en) * 2011-03-31 2012-10-04 Wei Li Methods for controlling a traffic of an authentication server
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN103209159A (en) * 2012-01-13 2013-07-17 中国电信股份有限公司 Portal authentication method and system
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
CN103916491A (en) * 2014-04-04 2014-07-09 杭州华三通信技术有限公司 Dynamic address mapping method and device based on NAT444 architecture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060002369A1 (en) * 2004-07-01 2006-01-05 Bce Inc. Methods and systems for delivery of broadband services to customer premises equipment
CN101895526A (en) * 2009-05-20 2010-11-24 中国电信股份有限公司 Dial-up authentication method and system
CN101582856A (en) * 2009-06-29 2009-11-18 杭州华三通信技术有限公司 Session setup method of Portal server and BAS (broadband access server) device and system thereof
US20120254943A1 (en) * 2011-03-31 2012-10-04 Wei Li Methods for controlling a traffic of an authentication server
CN103209159A (en) * 2012-01-13 2013-07-17 中国电信股份有限公司 Portal authentication method and system
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN103916491A (en) * 2014-04-04 2014-07-09 杭州华三通信技术有限公司 Dynamic address mapping method and device based on NAT444 architecture

Also Published As

Publication number Publication date
CN114268444A (en) 2022-04-01

Similar Documents

Publication Publication Date Title
US10938785B2 (en) Multi-tunneling virtual network adapter
US10667131B2 (en) Method for connecting network access device to wireless network access point, network access device, and application server
US8532620B2 (en) Trusted mobile device based security
US9237021B2 (en) Certificate grant list at network device
JP5980961B2 (en) Multi-factor certificate authority
US10218691B2 (en) Single sign-on framework for browser-based applications and native applications
US10320771B2 (en) Single sign-on framework for browser-based applications and native applications
EP2625643A1 (en) Methods and systems for providing and controlling cryptographically secure communications across unsecured networks between a secure virtual terminal and a remote system
US20160182471A1 (en) Network security broker
US9942050B2 (en) Method and apparatus for bulk authentication and load balancing of networked devices
US10516653B2 (en) Public key pinning for private networks
US11265167B2 (en) Methods and systems for network security using a cryptographic firewall
WO2022100356A1 (en) Identity authentication system, method and apparatus, device, and computer readable storage medium
US10305914B1 (en) Secure transfer of secrets for computing devices to access network resources
WO2023124958A1 (en) Key update method, server, client and storage medium
WO2023279782A1 (en) Access control method, access control system and related device
US20140237627A1 (en) Protecting data in a mobile environment
CN110771087B (en) Private key update
US20170295142A1 (en) Three-Tiered Security and Computational Architecture
US20130191894A1 (en) Integrating Server Applications with Multiple Authentication Providers
WO2022053055A1 (en) Method for accessing broadband access server, server, and storage medium
US20220191042A1 (en) Secure Transport of Content Via Content Delivery Service
CN117319023A (en) Method and device for establishing secure connection

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07.08.2023).

122 Ep: pct application non-entry in european phase

Ref document number: 21866107

Country of ref document: EP

Kind code of ref document: A1