CN101707612B - Message authentication processing method and device, as well as authentication server - Google Patents

Message authentication processing method and device, as well as authentication server Download PDF

Info

Publication number
CN101707612B
CN101707612B CN200910242082XA CN200910242082A CN101707612B CN 101707612 B CN101707612 B CN 101707612B CN 200910242082X A CN200910242082X A CN 200910242082XA CN 200910242082 A CN200910242082 A CN 200910242082A CN 101707612 B CN101707612 B CN 101707612B
Authority
CN
China
Prior art keywords
authentication request
request packet
authentication
overtime
buffering area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200910242082XA
Other languages
Chinese (zh)
Other versions
CN101707612A (en
Inventor
谌衡化
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ruishan Network Co ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN200910242082XA priority Critical patent/CN101707612B/en
Publication of CN101707612A publication Critical patent/CN101707612A/en
Application granted granted Critical
Publication of CN101707612B publication Critical patent/CN101707612B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses message authentication processing method and device, as well as an authentication server. The method comprises the following steps of: receiving authentication request messages and storing the received request messages in a buffer zone; separately conducting the statistics of the sums of the authentication request messages and overtime authentication request messages; and adjusting the space of the buffer zone according to the sums of the authentication request messages and the overtime authentication request messages. The invention can improve the authentication processing efficiency of messages.

Description

The authentication method of message and device, certificate server
Technical field
The present invention relates to computer network communication field, in particular to a kind of authentication method of message and device, certificate server.
Background technology
Along with the large-scale application of 802.1X authentication, the authenticated scale increases rapidly, and authentication performance becomes a characteristic that urgency is to be hoisted gradually, and various solutions also begin to occur, and in correlation technique, main solution has following several kinds:
1, hardware lift method: this method is set about from certificate server hardware; The various hardware of upgrade server; Comprise central processor CPU, internal memory, hard disk; Make the authentication processing performance of certificate server be highly improved, generally this method is applied to the more situation of the shared hardware resource of authentication software system.Shortcoming is that the hardware lifting also is that the limit is arranged, and the lifting to authentication performance after reaching the limit of also has been to the end.
2, information cache method: under the situation that server hardware promotes; Authentication performance has obtained interim lifting; But often still be because information is read and write from hard disk and caused whole authentication performance still not ideal enough; What occur under these circumstances is exactly the information cache method, and the information that need read and write authentication no longer stores in the hard disk, but in running, all is cached to the information of needs in the internal memory; The direct read hard disk can be avoided fully like this, often the authentication processing performance can be promoted significantly.Defective is if behind information cache, still can't reach the requirement of authentication performance, has not then had solution.The method for caching information of correlation technique is described below:
(the Remote AuthenticationDial In User Service of remote customer dialing authentication system under the 1x authentication system; Abbreviating Radius as) certificate server is mainly used in and receives the message identifying and book keeping operation message that the authentication access device sends; The handling property of Radius server will directly have influence on the use experience of authenticated; Here do not discuss and how to make the performance of Radius certificate server best; But provide a kind of simple effective method to make that the Radius authentication performance is more effective to the performance bottleneck of certain the special link under certain application-specific pattern in the Radius verification process, avoid unnecessary authentication performance expense.
Wherein, the application model that is directed against has following characteristic: reciprocal process requires to respond; Requirement has retransmission mechanism; Retry interval and number of times restriction.
The purpose of this application model mainly is in order to make whole authentication process more reliable; Necessarily require server that response is arranged, and the carrying out that does not obtain in the certain intervals responding repeatedly retransmitted, but can there be some problem in this pattern; For example when server performance is relatively good; Require response and retransmission mechanism to make authentication more reliable, but when server performance becomes slowly owing to various factors, retransmission mechanism will cause server performance to waste.
Correlation technique is in order to obtain more effective performance at present, and general common solution comprises following four kinds: hardware layer uses high-performance server and memory device; Network layer is carried out VLAN (Virtual Local Area Network abbreviates VLAN as) to the Radius server and is isolated; Software layer uses multithreading; The buffering area Design Mode.
More than four kinds of methods can promote the performance of certificate server really; But no matter how the performance of server improves; Always can't avoid in running, causing decreased performance, add superincumbent application model, the very possible state that wastes that forms of server owing to various factors.
To preceding text decreased performance problem, the optimization method to the buffering area design is proposed under a kind of prerequisite of application characteristic in the above.
Fig. 1 is a sketch map of handling message according to correlation technique certificate server performance when good; Fig. 2 is a sketch map of handling message during according to correlation technique certificate server poor performance.
As depicted in figs. 1 and 2, according to authentication performance a suitable buffer size is set, be N/second such as authentication performance; Buffer size is typically provided to N so; The flexible point of doing can provide configurable mode, can be according to the situation of reality, like hardware performance; Memory property waits self-defined setting, to satisfy different application; But there is a defective in this scheme: because buffering area is fixed, message is dropped when message is many, and the message that abandons is asked to retransmit, even but the message server that retransmits carried out responding and also be dropped, wasted the performance of server; The authentication performance of server is not what be completely fixed in actual environment, and along with long operation or receive under the situation of network attack, it is very poor that the performance of certificate server can become; Under the situation that retransmission mechanism is arranged and require to respond, retransmission mechanism can cause server performance in time to be alleviated, and is much overtime in message message reality when handling of buffering area; Server is the processing overtime file in time; Cause the invalidation of message, server is in one and wastes state, but also causes the message identifying of authentication afterwards also can't in time be handled; Can cause the authentication difficulty in this case, become a bottleneck of server performance.
Disposed overtime repeating transmission such as access device, timeout interval is 3 seconds, and then message is after issuing server; The response that in 3 seconds, does not obtain certificate server just retransmits, and retransmits at most 3 times, because buffering area is fixed; Here retransmit and make server will handle more request message, even and if retransmit the original message in back afterwards server carried out responding and also think invalid packet and abandon, under such situation; Server will be handled the timeout packet that more need not handled; Cause server message treatment effeciency to reduce, cause switch to retransmit the increase of message amount conversely, cause the more invalid timeout packet processing of server again; Final formation vicious circle makes the server message processing capability greatly reduce even has no effective message to handle; Under the extreme case, all messages are all overtime, and all processing are also just invalid.
Fig. 3 is the flow chart according to the authentication processing of the message of correlation technique.As shown in Figure 3, this method may further comprise the steps:
Step S301, switch send authentication request packet to certificate server; Step S303, certificate server receives message and deposits message buffer in, and this buffering area is a fixed value; Step S305, certificate server take out message and handle and respond from buffering area, give switch with the result.
3, authentication load balancing method: after having carried out hardware lifting and information cache, if still can't satisfy the demand of authentication performance, people have gradually used the method for authentication load balancing to promote performance; Be exactly that the thing done of original 1 certificate server is used two in simple terms; Three even extendible n platform are done, and doing like this can avoiding method 1 and the shortcoming of method 2: do not have bottleneck, can infinitely promote performance in theory; But cost is higher, and stability does not ensure.
When handling message, often formation wastes state, and then causes the lower problem of server process efficient, does not propose effective solution at present as yet to server in the correlation technique.
Summary of the invention
To server when handling message; Often form and waste state, and then cause the lower problem of server process efficient and propose the present invention, for this reason; Main purpose of the present invention is to provide a kind of authentication method and device, certificate server of message, to address the above problem.
To achieve these goals, according to an aspect of the present invention, a kind of authentication method of message is provided.
Authentication method according to message of the present invention comprises: also will receive request message deposits buffering area in to receive authentication request packet; Add up authentication request packet sum and overtime authentication request packet sum respectively; Adjust the size of buffering area according to authentication request packet sum and overtime authentication request packet sum.
Preferably, before adding up the total and overtime authentication request packet sum of authentication request packet respectively, method also comprises: the record authentication request packet gets into the time of buffering area; The time that gets into buffering area according to authentication request packet judges whether authentication request packet is overtime.
Preferably, comprise in the size of adjusting buffering area according to authentication request packet sum and overtime authentication request packet sum: total and overtime authentication request packet sum calculates the ratio of timeout packet according to authentication request packet; Under ratio surpasses the situation of predetermined threshold, adjust the size of buffering area according to authentication request packet sum and overtime authentication request packet sum.
Preferably, the size of adjusting buffering area according to authentication request packet sum and overtime authentication request packet sum comprises: confirm the certificate server performance according to the timeout packet ratio; Increase or reduce buffering area according to the certificate server performance.
Preferably, after and overtime authentication request packet sum total according to authentication request packet were adjusted the size of buffering area, this method also comprised: again authentication request packet sum and overtime authentication request packet sum are added up.
Preferably, again authentication request packet sum and overtime authentication request packet sum are added up and are comprised: every at a distance from preset time again to authentication request packet total and overtime authentication request packet sum add up.
To achieve these goals, according to a further aspect in the invention, a kind of authentication apparatus of message is provided.
Authentication apparatus according to the message of the embodiment of the invention comprises: receiver module is used to receive authentication request packet and will receives request message and deposits buffering area in; Statistical module is used for adding up respectively authentication request packet sum and overtime authentication request packet sum; Adjusting module is used for adjusting according to authentication request packet sum and overtime authentication request packet sum the size of buffering area.
Preferably, authentication apparatus also comprises: logging modle is used to write down the time that authentication request packet gets into buffering area; Judge module is used for judging according to the time of authentication request packet entering buffering area whether authentication request packet is overtime.
Preferably, adjusting module also comprises: judge submodule, be used to judge whether the ratio of timeout packet surpasses predetermined threshold; The adjustment submodule surpasses under the situation of predetermined threshold in the ratio of timeout packet, is used for adjusting according to authentication request packet sum and overtime authentication request packet sum the size of buffering area.
To achieve these goals, according to a further aspect in the invention, a kind of certificate server is provided.
Certificate server according to the present invention has the authentication apparatus of the message of above-mentioned each.
Through the present invention, adopt to receive authentication request packet and will receive request message to deposit buffering area in; Add up authentication request packet sum and overtime authentication request packet sum respectively; Adjust the size of buffering area according to authentication request packet sum and overtime authentication request packet sum; Solved in the correlation technique server when handling message; Often formation wastes state, causes the lower problem of server process efficient, and then has reached the effect that improves treatment effeciency.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is a sketch map of handling message according to correlation technique certificate server performance when good;
Fig. 2 is a sketch map of handling message during according to correlation technique certificate server poor performance;
Fig. 3 is the flow chart according to the authentication processing of the message of correlation technique;
Fig. 4 is the flow chart according to the authentication processing of the message of the embodiment of the invention;
Fig. 5 is a sketch map of handling message according to the embodiment of the invention certificate server performance when good;
Fig. 6 is a sketch map of handling message during according to embodiment of the invention certificate server poor performance;
Fig. 7 is the authentication processing flow chart according to the preferred message of the embodiment of the invention;
Fig. 8 is the sketch map according to the authentication apparatus of the message of the embodiment of the invention.
Embodiment
Consider that buffering area is fixed in the correlation technique, mistake is lost message and message invalidation, causes server performance to waste and waste, and the embodiment of the invention provides a kind of authentication method and device, certificate server of message.
In order better to describe the embodiment of the invention, describe at first as follows:
802.1X agreement is based on the access control and the authentication protocol of client end/server end pattern (Client/Server pattern).It can limit unwarranted user/equipment through access interface visit local area network (LAN) (Local Area Network abbreviates LAN as)/WLAN (Wireless Local Area Network abbreviates WLAN as).Before obtaining the miscellaneous service that switch or LAN provide, 802.1x carries out authentication to the user/equipment that is connected on the switch ports themselves.Before authentication is passed through, the switch ports themselves that 802.1x only allows Extensible Authentication Protocol (Extensible Authentication Protocol over LAN the abbreviates EAPOL as) data based on local area network (LAN) to connect through equipment; After authentication was passed through, normal data can waltz through ethernet port.
(the Remote Authentication Dial In UserService of remote customer dialing authentication system; Abbreviate Radius as); Be a kind of between network access server (Network AccessServer, be called for short NAS) and shared certificate server the agreement of certified transmission, mandate and configuration information.Radius uses UDP (User Datagram Protocal abbreviates UDP as) as its host-host protocol.Radius also is responsible for transmitting the charge information between network access server and shared accounting server in addition.
Radius has following principal character:
The Client/Serve pattern: network access server is responsible for user profile is passed to the Radius server of appointment as the client of Radius, operates according to return information then.The Radius server is responsible for receiving user's connection request, after the authenticated, returns the configuration information that is necessary so that client provides service for the user.The Radius server can be used as the agency of other Radius servers or certificate server.
Network security: communicating by letter between client and the Radius server is to be used for differentiating that through sharing making of key this shared key can not transmit through network.In addition, the Any user password all need carry out ciphering process when between client computer and Radius server, sending, and can obtain user cipher to have avoided the people through smelling the spy unsecured network.
Flexible authentication mechanism: the Radius server is supported multiple user authen method.After the user provided user name and original password, the Radius server can be supported PPP PAP or CHAP, UNIX login and other authentication mechanism.
Switch is overtime: switch is as the client of Radius; The Radius message that it sends to server necessarily requires to respond within a certain period of time; Otherwise it will think that this message is overtime, send to the message of server before then can retransmitting, and then no longer wait for for the message of original transmission (just meaning after overtime; Even if server is handled this timeout packet and is responded; Switch can not handled this back message using yet, and in this case, server is exactly invalid to the processing and the response of timeout packet).
The Radius certificate server is mainly used in and receives the message identifying and book keeping operation message that the authentication access device sends under the 1x authentication system; The handling property of Radius server will directly have influence on the use experience of authenticated; Here do not discuss and how to make the performance of Radius certificate server best; But provide a kind of simple effective method to make that the Radius authentication performance is more effective to the performance bottleneck of certain the special link under certain application-specific pattern in the Radius verification process, avoid unnecessary authentication performance expense.
The embodiment of the invention has proposed a kind of to the self-regulating method of server authentication performance bottleneck; It handles buffer size through come to regulate automatically (increase or dwindle) request message according to current 1X certificate server actual authentication performance and timeout packet ratio, makes that the authentication processing performance is the most effective.
Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.Below with reference to accompanying drawing and combine embodiment to specify the present invention.
According to embodiments of the invention, a kind of certificate server self-adjusting method and system of dynamic adjustment buffering area is provided.
Fig. 4 is the flow chart according to the authentication processing of the message of the embodiment of the invention.
As shown in Figure 4, this method comprises that following step S401 is to step S403:
Step S401, also will receive request message deposits buffering area in to receive authentication request packet;
Step S402 adds up authentication request packet sum and overtime authentication request packet sum respectively;
Step S403 adjusts the size of buffering area according to authentication request packet sum and overtime authentication request packet sum.
Preferably, before adding up the total and overtime authentication request packet sum of authentication request packet respectively, this method also comprises: the record authentication request packet gets into the time of buffering area; The time that gets into buffering area according to authentication request packet judges whether authentication request packet is overtime.Through this method, can judge exactly that which message is overtime message.
Preferably, comprise in the size of adjusting buffering area according to authentication request packet sum and overtime authentication request packet sum: total and overtime authentication request packet sum calculates the ratio of timeout packet according to authentication request packet; Under aforementioned proportion surpasses the situation of predetermined threshold, adjust the size of buffering area according to authentication request packet sum and overtime authentication request packet sum.Like this, can only under the sufficiently high situation of the ratio of timeout packet, just adjust, thereby minimizing helps improving systematic function to the frequency of the size of buffering area and the burden that reduces system the size of buffering area.
Preferably, the size of adjusting buffering area according to authentication request packet sum and overtime authentication request packet sum comprises: confirm the certificate server performance according to the timeout packet ratio; Increase or reduce buffering area according to the certificate server performance.Thereby, can confirm some performance parameters of certificate server performance according to the timeout packet ratio, and come better, adjust more accurately buffering area according to these performance parameters.
Preferably, after and overtime authentication request packet sum total according to authentication request packet were adjusted the size of buffering area, this method also comprised: again authentication request packet sum and overtime authentication request packet sum are added up.Thereby, can reduce when adding up the workload of counter in the system at every turn, be convenient to quickly authentication request packet sum and overtime authentication request packet sum adjusted.
Preferably, again authentication request packet sum and overtime authentication request packet sum are added up and are comprised: every at a distance from preset time again to authentication request packet total and overtime authentication request packet sum add up.After the size of buffering area being adjusted at every turn; Can be through setting a time period; And should be again to authentication request packet sum and overtime authentication request packet sum are added up, to judge whether and to adjust once more buffering area after the time period at every interval.
To combine instance that the implementation procedure of the embodiment of the invention is described in detail below.
Fig. 5 is a sketch map of handling message according to the embodiment of the invention certificate server performance when good; Fig. 6 is a sketch map of handling message during according to embodiment of the invention certificate server poor performance.
Like Fig. 5 and shown in Figure 6, design a kind of fixedly Optimization Design of buffering area that is directed against, the size of this buffering area is no longer fixing; The buffering area default size is set according to the handling property of Radius server, is N/second such as the handling property of Radius server, and the default size of buffering area is set to N so; But this buffering area be designed with difference, this buffering area is designed to dynamically, and a given message timeout interval; General to be as the criterion according to the time-out time that disposes on the switch, at this moment between in be untreated and think that promptly message is overtime, the message identifying of at every turn receiving is processed after getting into buffering area; The time interocclusal record that gets into message buffering area gets up, and the counting of message total counter is added 1, when handling message, at first judges whether overtime; If timeout packet directly abandons, and the counting of timeout packet counter is added 1; Otherwise do not add, timer is every then scanned counter at a distance from n minute, according to timeout packet number/message total; Draw the timeout packet ratio,, think that then the performance of present server is low if the timeout packet ratio surpasses 10%; Handled a large amount of invalid timeout packets, the message number that then message buffer can be deposited is adjusted into 95% of life size automatically, if the timeout packet number greater than 0 and timeout packet count ratio less than 10%; Then keep buffer size constant, if timeout packet is 0 (attention is that timeout packet is 0, is not that the timeout packet ratio is 0%); Then adjust the message buffer size and be adjusted into 105% of life size automatically, after each adjustment was accomplished, the message total of counter and timeout packet number all were reinitialized to 0; Attention: buffering area needs a given minimum value 1 and maximum (being the theoretical maximum M of Radius server performance).
Fig. 7 is the authentication processing flow chart according to the preferred message of the embodiment of the invention.
As shown in Figure 7, this method may further comprise the steps:
Step S701, switch sends authentication request packet.
Step S703, certificate server receives message and deposits message buffer in, and this buffer size can change, and recorded message gets into the time of buffering area, and while refresh counter data, the sum of recorded message.
Step S705; Certificate server takes out message from buffering area; According to receive message time, current time, and the time-out time of switch setting confirm that message is whether overtime and then judge whether the needs processing, do not handle and respond there being overtime message to switch, directly abandon for timeout packet and do not respond to switch; And while refresh counter data, record timeout packet number.
Step S707; Timer whenever scanned counter at a distance from 3 minutes; Draw the performance that the timeout packet ratio is confirmed current server according to timeout packet number and message total, select to increase or reduce the size of buffering area then according to performance data, unison counter resets to initial condition.
From above description, can find out that the present invention can make the authentication performance of message more effective, avoid unnecessary authentication performance expense, and then can improve the treatment effeciency of certificate server message, make that whole authentication process is more reliable.
According to embodiments of the invention, a kind of authentication apparatus of message is provided.
Need to prove; Can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions; And; Though logical order has been shown in flow chart, in some cases, can have carried out step shown or that describe with the order that is different from here.
Fig. 8 is the sketch map according to the authentication apparatus of the message of the embodiment of the invention.
As shown in Figure 8, the authentication apparatus of this message comprises: receiver module 801, statistical module 802 and adjusting module 803.
Wherein, receiver module 801 is used to receive authentication request packet and deposits said reception request message in buffering area; Statistical module 802 is used for adding up respectively said authentication request packet sum and overtime authentication request packet sum; Adjusting module 803 is used for adjusting according to said authentication request packet sum and said overtime authentication request packet sum the size of said buffering area.
Preferably, the authentication apparatus of this message also comprises: logging modle 804 and judge module 805.
Wherein, logging modle 804 is used to write down the time that said authentication request packet gets into said buffering area; Judge module 805 is used for getting into according to said authentication request packet the time of said buffering area and judges whether said authentication request packet is overtime.
Preferably, the authentication apparatus of this message also comprises: judge submodule 806 and adjustment submodule 807.
Wherein, judge that submodule 806 is used to judge whether the ratio of timeout packet surpasses predetermined threshold; Adjustment submodule 807 surpasses under the situation of predetermined threshold in the ratio of timeout packet, is used for adjusting according to authentication request packet sum and overtime authentication request packet sum the size of buffering area.
According to embodiments of the invention, a kind of certificate server is provided, this certificate server has the authentication apparatus of any above-mentioned message.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. the authentication method of a message is characterized in that, comprising:
Receive authentication request packet and deposit said authentication request packet in buffering area;
Add up said authentication request packet sum and overtime authentication request packet sum respectively;
Adjust the size of said buffering area according to said authentication request packet sum and said overtime authentication request packet sum.
2. method according to claim 1 is characterized in that, before adding up the total and overtime authentication request packet sum of said authentication request packet respectively, said method also comprises:
Write down said authentication request packet and get into time of said buffering area;
The time that gets into said buffering area according to said authentication request packet judges whether said authentication request packet is overtime.
3. method according to claim 1 is characterized in that, the size of adjusting said buffering area at and overtime authentication request packet sum total according to said authentication request packet comprises:
Calculate the ratio of timeout packet according to said authentication request packet sum and overtime authentication request packet sum;
Under said ratio surpasses the situation of predetermined threshold, adjust the size of said buffering area according to said authentication request packet sum and overtime authentication request packet sum.
4. method according to claim 3 is characterized in that, the size of adjusting said buffering area according to said authentication request packet sum and overtime authentication request packet sum comprises:
Confirm the certificate server performance according to said timeout packet ratio;
Increase or reduce said buffering area according to said certificate server performance.
5. according to each described method in the claim 1 to 4, it is characterized in that, adjusting according to said authentication request packet sum and overtime authentication request packet sum
After the size of said buffering area, said method also comprises:
Again said authentication request packet sum and overtime authentication request packet sum are added up.
6. method according to claim 5 is characterized in that, asks message total and overtime authentication request packet sum to be added up to said authentication again and comprises:
Every separated preset time is added up said authentication request packet sum and overtime authentication request packet sum again.
7. the authentication apparatus of a message is characterized in that, comprising:
Receiver module is used to receive authentication request packet and deposits said reception request message in buffering area;
Statistical module is used for adding up respectively said authentication request packet sum and overtime authentication request packet sum;
Adjusting module is used for adjusting according to said authentication request packet sum and said overtime authentication request packet sum the size of said buffering area.
8. authentication apparatus according to claim 7 is characterized in that, said authentication apparatus also comprises:
Logging modle is used to write down the time that said authentication request packet gets into said buffering area;
Judge module, the time that is used for getting into according to said authentication request packet said buffering area judges whether said authentication request packet is overtime.
9. according to claim 7 or 8 described authentication apparatus, it is characterized in that said adjusting module also comprises:
Judge submodule, be used to judge whether the ratio of timeout packet surpasses predetermined threshold;
The adjustment submodule surpasses under the situation of predetermined threshold in the ratio of timeout packet, is used for adjusting according to said authentication request packet sum and said overtime authentication request packet sum the size of said buffering area.
10. a certificate server is characterized in that, said certificate server has the authentication apparatus of each described message in the claim 7 to 9.
CN200910242082XA 2009-12-04 2009-12-04 Message authentication processing method and device, as well as authentication server Expired - Fee Related CN101707612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910242082XA CN101707612B (en) 2009-12-04 2009-12-04 Message authentication processing method and device, as well as authentication server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910242082XA CN101707612B (en) 2009-12-04 2009-12-04 Message authentication processing method and device, as well as authentication server

Publications (2)

Publication Number Publication Date
CN101707612A CN101707612A (en) 2010-05-12
CN101707612B true CN101707612B (en) 2012-07-18

Family

ID=42377802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910242082XA Expired - Fee Related CN101707612B (en) 2009-12-04 2009-12-04 Message authentication processing method and device, as well as authentication server

Country Status (1)

Country Link
CN (1) CN101707612B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105978774B (en) * 2016-07-14 2019-06-07 杭州迪普科技股份有限公司 A kind of method and apparatus of access authentication
CN108901079B (en) * 2018-06-20 2021-03-09 Oppo(重庆)智能科技有限公司 Timeout time determination method, device, equipment and storage medium
CN109729016B (en) * 2018-12-25 2022-08-19 新华三技术有限公司 Message sending method, message sending equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN101707612A (en) 2010-05-12

Similar Documents

Publication Publication Date Title
US7509394B2 (en) Method for controlling flow of radius protocol
KR100917985B1 (en) Method and apparatus for sharing authentication session state in a global distributed network
US11036557B2 (en) Dynamic transaction-persistent server load balancing
US7136645B2 (en) Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
US7778260B2 (en) Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
CN104040970B (en) For maintaining internuncial system and method during low-power operation
CN103748934B (en) Frequency is transmitted for determination to maintain the connective system and method for remote application server
US7342906B1 (en) Distributed wireless network security system
US7293107B1 (en) Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
US20080177829A1 (en) Data Communications Through A Split Connection Proxy
GB2401010A (en) A terminal side component and a server side component collaborate and together constitute a client to a server
CA2564209A1 (en) Simultaneously routing data over multiple wireless networks
CA2421609A1 (en) Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
CN109076475B (en) Method and system for maintaining synchronization in connectionless transmission
EP1700230A2 (en) Dynamic timeout in a client-server system
US9325685B2 (en) Authentication switch and network system
WO2005125235A2 (en) Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
US6742039B1 (en) System and method for connecting to a device on a protected network
CN101562774B (en) Method and system for information management
Saritha et al. A study on application layer protocols used in IoT
CN109617867A (en) A kind of Intelligent gateway system for home equipment control
CN101707612B (en) Message authentication processing method and device, as well as authentication server
US20050270993A1 (en) Efficient partitioning of MAC (media access control) functions
GB2401011A (en) A client terminal and a server are each provided with a message queue to facilitate session independent transfer of messages
CN101697529A (en) Method, device and system for treating authentication message

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201217

Address after: 200030 full floor, 4 / F, 190 Guyi Road, Xuhui District, Shanghai

Patentee after: Shanghai Ruishan Network Co.,Ltd.

Address before: 100036 Beijing Haidian District City 33 Fuxing Road Cuiwei East 1106

Patentee before: Beijing Star-Net Ruijie Networks Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120718

Termination date: 20211204