CN102647405A - Method and system for access control of user side - Google Patents

Method and system for access control of user side Download PDF

Info

Publication number
CN102647405A
CN102647405A CN2011104229181A CN201110422918A CN102647405A CN 102647405 A CN102647405 A CN 102647405A CN 2011104229181 A CN2011104229181 A CN 2011104229181A CN 201110422918 A CN201110422918 A CN 201110422918A CN 102647405 A CN102647405 A CN 102647405A
Authority
CN
China
Prior art keywords
user
management server
server
link order
access control
Prior art date
Application number
CN2011104229181A
Other languages
Chinese (zh)
Inventor
王九经
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to CN2011104229181A priority Critical patent/CN102647405A/en
Publication of CN102647405A publication Critical patent/CN102647405A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/14Network-specific arrangements or communication protocols supporting networked applications for session management

Abstract

The invention discloses a method and a system for access control of a user side. The method comprises the steps of electrifying and starting the user side, sending trigger requests including user side information to a trigger server through a preset server; determining the validity of the user side through the trigger server, then sending a link order to the user side; and initiating a link request to a management server through the user side according to the link order, and establishing the link between the user side and the management server to realize the interaction between the user side and the management server. According to the method and the system for the access control of the user side, certain illegal user sides are prevented from accessing the management server, and further the running safety and protection properties of the system are improved due to the mode that the trigger server confirms the validity of the user side according to the trigger requests sent by the preset server, then the link order is sent to the user side, after the user side receives the link order, the link request is sent to the management server, and the link is established between the user side and the management server.

Description

The method and system of user side access control

Technical field

The present invention relates to the embedded system technology field, especially relate to a kind of method and system of user side access control.

Background technology

In existing embedded communication system, terminal system has realized telemanagement.Terminal remote management based on the TR069 agreement is generally accepted in the industry a kind of terminal management mode.Management server (ACS) adopts the method for RPC remote procedure call, can realize the ustomer premises access equipment of supporting the TR069 agreement is carried out bookkeeping.Said bookkeeping comprises: parameter configuration, parameter attribute setting, service management, file is uploaded and download, system restart with resuming default and dispose.

Realize the management of management server to user side, user side at first needs the access-in management server, but in the prior art; In the user side access-in management server process; Do not consider whether user side is legal, and security authentication mechanism is perfect inadequately, and the system safety protective is low.

Summary of the invention

Main purpose of the present invention is to provide a kind of method and system of user side access control, improves system's security of operation barrier propterty.

The present invention proposes a kind of method of user side access control, comprises step:

Behind the user side electrifying startup, preset server and send the trigger request that comprises user side information to triggering server;

After the triggering server confirms that said user side is legal, send link order to said user side;

Said user side is initiated connection request according to said link order to said management server, and foundation is connected with management server, realizes the mutual of said user side and management server.

Preferably, said triggering server is specially to said user side transmission link order:

Triggering server adopts HTTP GET method to send link order to said user side.

Preferably, said user side is initiated connection request according to said link order to said management server, sets up with being connected of management server also to comprise before:

User side obtains management server connection request username and password to presetting server, is connected with management server when setting up to realize user side, and user side is to the authentication of management server;

User side is to presetting URL, the username and password that server obtains management server, is connected with management server when setting up to realize user side, and management server is to the authentication of user side.

Preferably, after the mutual completion of said user side and management server, user side is connected disconnection with management server;

Also comprise after the mutual completion of said user side and management server:

Management server sends first trigger request that comprises user side IP address according to log acquisition instructions to triggering server;

Trigger server and send first link order to the corresponding user side in said IP address according to said first trigger request;

The corresponding user side in said IP address is initiated first connection request according to first link order to management server, and foundation is connected with management server;

Management server is according to log acquisition instructions, and the user side corresponding to said IP address obtains log information.

Preferably, said log information comprises system journal and application log.

The present invention proposes a kind of user side system of access control in addition, comprises user side, presets server, management server, triggers server;

The said server that presets is used for behind the user side electrifying startup, sends the trigger request that comprises user side information to triggering server;

Said triggering server is used for after definite said user side is legal, sends link order to said user side;

Said user side is used for initiating connection request according to said link order to said management server, and foundation is connected with management server, realizes the mutual of user side and management server.

Preferably, said triggering server specifically also is used to adopt HTTP GET method to send link order to said user side.

Preferably, said user side also is used for obtaining management server connection request username and password to presetting server, is connected with management server when setting up to realize user side, and user side is to the authentication of management server; And to presetting URL, the username and password that server obtains management server, be connected with management server when setting up to realize user side, management server is to the authentication of user side.

Preferably, said user side and management server are mutual accomplish after, the disconnection that is connected of user side and management server;

Also comprise after the mutual completion of said user side and management server:

Said management server is used for after accomplishing with said user side is mutual, sending first trigger request that comprises user side IP address according to log acquisition instructions to triggering server; And according to log acquisition instructions, the user side corresponding to said IP address obtains log information.

Said triggering server also is used for sending first link order according to said first trigger request to the corresponding user side in said IP address;

The user side that said IP address is corresponding is used for initiating first connection request according to first link order to management server, and foundation is connected with management server.

Preferably, said log information comprises system journal and application log.

The method and system of the user side access control that invention is provided is through triggering server according to presetting the trigger request that server sends, after confirming that said user side is legal; Send link order to user side; User side sends connection request to management server after receiving link order, set up the ways of connecting with management server; Prevented that some disabled user's termination from going into management server, thereby improved system's security of operation barrier propterty.

Description of drawings

Fig. 1 is the flow chart of method one embodiment of user side access control of the present invention;

Fig. 2 is another flow chart of the method embodiment of user side access control of the present invention;

Fig. 3 is the structural representation of user side system of access control one embodiment of the present invention;

Fig. 4 is the flow chart of user side connection control method instantiation of the present invention.

The realization of the object of the invention, functional characteristics and advantage will combine embodiment, further specify with reference to accompanying drawing.

Embodiment

Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.

Referring to Fig. 1, method one embodiment of user side access control of the present invention is proposed, comprising:

Behind step S101, the user side electrifying startup, preset server and send the trigger request that comprises user side information to triggering server;

After step S102, triggering server confirm that said user side is legal, send link order to said user side;

Step S103, said user side are initiated connection request according to said link order to said management server, and foundation is connected with management server, realize the mutual of said user side and management server.

In the present embodiment, behind the user side electrifying startup, preset server and then can trigger trigger request that comprises this user side information of generation, and this trigger request is sent to the triggering server.Trigger server and receive said trigger request; Can carry out legitimacy to said user side judges; After definite user side is legal, just send link order to this user side, user side receives after the link order; Could send connection request to management server, to set up and being connected of management server.Therefore logical present embodiment can prevent that some disabled user's termination from going into management server, thereby has improved system's security of operation barrier propterty.

Further, among the method embodiment of above-mentioned user side access control, said triggering server sends link order to said user side and is specially: trigger server and adopt HTTP GET method to send link order to said user side.

Further; Among the method embodiment of above-mentioned user side access control; Also comprise following processing before the said step S103: user side obtains management server connection request username and password to presetting server; To realize that user side is connected with management server when setting up, user side is to the authentication of management server.And user side is to presetting URL, the username and password that server obtains management server, is connected with management server when setting up to realize user side, and management server is to the authentication of user side.

Further, referring to Fig. 2, among the method embodiment of above-mentioned user side access control, after the mutual completion of said user side and management server, user side is connected disconnection with management server.Also comprise after the mutual completion of said user side and management server:

Step S201, management server send first trigger request that comprises user side IP address according to log acquisition instructions to triggering server;

Step S202, triggering server send first link order according to said first trigger request to the corresponding user side in said IP address;

Step S203, the corresponding user side in said IP address are initiated first connection request according to first link order to management server, and foundation is connected with management server;

Step S204, management server are according to log acquisition instructions, and the user side corresponding to said IP address obtains log information.

Further, among the method embodiment of above-mentioned user side access control, said log information comprises system journal and application log.

In the present embodiment, said log acquisition instructions can be the instruction of obtaining that is provided with in advance, also can be the instruction of obtaining of staff's input in real time.Wherein, the management server log information that can obtain to user side is specifically referring to table 1.

Table 1:

Referring to Fig. 3, the present invention proposes user side system of access control 100 1 embodiment in addition, and it comprises user side 110, presets server 120, management server 130 and trigger server 140.The said server 120 that presets is used for behind user side 110 electrifying startups, sends the trigger request that comprises user side information to triggering server 140.Said triggering server 140 is used for after definite said user side is legal, sends link order to said user side 110.Said user side 110 is used for initiating connection request according to said link order to said management server 130, and foundation is connected with management server 130, realizes the mutual of user side 110 and management server 130.

In the present embodiment, behind the user side electrifying startup, preset server and then can trigger trigger request that comprises this user side information of generation, and this trigger request is sent to the triggering server.Trigger server and receive said trigger request; Can carry out legitimacy to said user side judges; After definite user side is legal, just send link order to this user side, user side receives after the link order; Could send connection request to management server, to set up and being connected of management server.Therefore logical present embodiment can prevent that some disabled user's termination from going into management server, thereby has improved system's security of operation barrier propterty.

Further, among above-mentioned user side system of access control 100 embodiment, said triggering server 140 specifically also is used for according to adopting HTTP GET method to send link order to said user side 110.

Further; Among above-mentioned user side system of access control 100 embodiment; Said user side 110; Also be used for obtaining management server 130 connection request username and passwords, be connected when setting up the authentication of 110 pairs of management servers 130 of user side with management server 130 to realize user side 110 to presetting server 120; And to presetting URL, the username and password that server 120 obtains management server 130, be connected when setting up the authentication of 130 pairs of user sides 110 of management server with management server 130 to realize user side 110.

Further, among above-mentioned user side system of access control 100 embodiment, after said user side 110 and management server 130 mutual the completion, the disconnection that is connected of said user side 110 and management server 130.Said management server 130 is used for after accomplishing alternately with user side 110, sends first trigger request that comprises user side IP address according to log acquisition instructions to triggering server 140; And according to log acquisition instructions, the user side 110 corresponding to said IP address obtains log information.

Said triggering server 140 also is used for sending first link order according to said first trigger request to the corresponding user side 110 in said IP address;

The user side 110 that said IP address is corresponding is used for initiating first connection request according to first link order to management server 130, and foundation is connected with management server 130.

Further, among above-mentioned user side system of access control 100 embodiment, said log information comprises system journal and application log.

In the present embodiment, said log acquisition instructions can be the instruction of obtaining that is provided with in advance, also can be the instruction of obtaining of staff's input in real time.Wherein, the management server log information that can obtain to user side is specifically referring to table 1.

Below through a concrete instance method and system of user side access control of the present invention is carried out detailed description.Wherein, The user side system of access control comprises: several user sides, DSLAM (Digital Subscriber Line Access Multiplexer; Digital subscriber line access multiplex), BRAS (Broadband Remote Access Server, Broadband Remote Access Server), preset server, trigger server and management server.Wherein, DSLAM and BRAS are seeing an integral body.Referring to Fig. 4, the idiographic flow of user side access control is following:

S301, user side configuration phase

A, pre-configured at each user side presets the URL of server, and the username and password of server is preset in visit.

B, configure user end and preset IP address information, Point-to-Point Protocol over Ethernet information, Ethernet Internet Protocol information or other management channels information of server.

C, configure user end are opened to the management server reporting functions, and periodically report the time interval.

S302, user side report PPPoE (Point-to-Point Protocol over Ethernet, point-to-point protocol on the Ethernet)/IPoE (IP over Ethernet, Ethernet surf the Internet agreement) information, through DSLAM to BRAS;

S303, BRAS are to client feeds back WAN (Wide Area Network, wide area network) IP address, DNS (Domain Name System, domain name system) address and Gateway (gateway).

S304, user side report the Inform message to presetting server;

S305, preset server according to said Inform message to this client feeds back management server connection request username and password.

S306, preset server and generate and to comprise the trigger request of this user side information, and be sent to the triggering server.

S307, triggering server are according to said trigger request; Said user side is carried out legitimacy to be judged; After definite user side is legal, send link order to said user side through the method for HTTP (HyperText Transfer Protocol, HTTP) GET.

S308, user side obtain request to presetting server transmission configuration information;

S309, preset server according to the configuration information that obtains request feedback management server, this configuration information comprises: the URL of management server, username and password.

S310, user side send connection request according to the link order http protocol to management server.

S311, management server send authentication request according to said connection request to user side.

S312, user side and management server are accomplished mutual authenticate-acknowledge according to http protocol; Wherein, User side carries out authentication according to the management server connection request username and password that presets server feedback to management server, and management server carries out authentication according to URL, the username and password of management server to user side.

S313, after user side and the mutual authentication of management server are passed through, user side and management server can realize that promptly management server is managed user side through the RPC method alternately.

After accomplishing alternately, S314, user side and management server be connected disconnection.When user side need carry out alternately with management server again, then return and carry out S305.

S315, management server and user side are mutual accomplish after, when management server receives log acquisition instructions, then generate first trigger request that comprises user side IP address.

S316, management server send first trigger request that comprises user side IP address according to log acquisition instructions to triggering server;

S317, triggering server send first link order according to said first trigger request to the corresponding user side in said IP address;

S318, the corresponding user side in said IP address are initiated first connection request according to first link order to management server.

S319, management server send first authentication request according to said first connection request to said user side.

S320, said user side and management server are accomplished mutual authenticate-acknowledge according to http protocol, set up user side and are connected with management server;

S321, management server are according to log acquisition instructions, and corresponding user side obtains corresponding log information to said IP address, and wherein, log information comprises system journal and application log.

Wherein, the management server log information that can obtain to user side is specifically referring to table 1.

Instance can be found out by attending: the method and system of user side access control of the present invention can prevent that some disabled user's termination from going into management server, thereby improve system's security of operation barrier propterty.Simultaneously, management server of the present invention can also obtain corresponding log information to each user side on request.

Should be understood that; More than be merely the preferred embodiments of the present invention; Can not therefore limit claim of the present invention; Every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to be done, or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.

Claims (10)

1. the method for a user side access control is characterized in that, comprises step:
Behind the user side electrifying startup, preset server and send the trigger request that comprises user side information to triggering server;
After the triggering server confirms that said user side is legal, send link order to said user side;
Said user side is initiated connection request according to said link order to said management server, and foundation is connected with management server, realizes the mutual of said user side and management server.
2. the method for user side access control according to claim 1 is characterized in that, said triggering server sends link order to said user side and is specially:
Triggering server adopts HTTP GET method to send link order to said user side.
3. the method for user side access control according to claim 1 is characterized in that, said user side is initiated connection request according to said link order to said management server, sets up with being connected of management server also to comprise before:
User side obtains management server connection request username and password to presetting server, is connected with management server when setting up to realize user side, and user side is to the authentication of management server;
User side is to presetting URL, the username and password that server obtains management server, is connected with management server when setting up to realize user side, and management server is to the authentication of user side.
4. according to the method for each described user side access control of claim 1 to 3, it is characterized in that after the mutual completion of said user side and management server, user side is connected disconnection with management server;
Also comprise after the mutual completion of said user side and management server:
Management server sends first trigger request that comprises user side IP address according to log acquisition instructions to triggering server;
Trigger server and send first link order to the corresponding user side in said IP address according to said first trigger request;
The corresponding user side in said IP address is initiated first connection request according to first link order to management server, and foundation is connected with management server;
Management server is according to log acquisition instructions, and the user side corresponding to said IP address obtains log information.
5. the method for user side access control according to claim 4 is characterized in that, said log information comprises system journal and application log.
6. user side system of access control comprises user side, presets server, management server, it is characterized in that, also comprises the triggering server;
The said server that presets is used for behind the user side electrifying startup, sends the trigger request that comprises user side information to triggering server;
Said triggering server is used for after definite said user side is legal, sends link order to said user side;
Said user side is used for initiating connection request according to said link order to said management server, and foundation is connected with management server, realizes the mutual of user side and management server.
7. user side system of access control according to claim 6 is characterized in that,
Said triggering server specifically also is used to adopt HTTP GET method to send link order to said user side.
8. user side system of access control according to claim 6 is characterized in that,
Said user side also is used for obtaining management server connection request username and password to presetting server, is connected with management server when setting up to realize user side, and user side is to the authentication of management server; And to presetting URL, the username and password that server obtains management server, be connected with management server when setting up to realize user side, management server is to the authentication of user side.
9. according to each described user side system of access control of claim 6 to 8, it is characterized in that, said user side and management server are mutual accomplish after, the disconnection that is connected of user side and management server;
Said management server is used for after accomplishing with said user side is mutual, sending first trigger request that comprises user side IP address according to log acquisition instructions to triggering server; And according to log acquisition instructions, the user side corresponding to said IP address obtains log information;
Said triggering server also is used for sending first link order according to said first trigger request to the corresponding user side in said IP address;
The user side that said IP address is corresponding is used for initiating first connection request according to first link order to management server, and foundation is connected with management server.
10. user side system of access control according to claim 9 is characterized in that said log information comprises system journal and application log.
CN2011104229181A 2011-12-16 2011-12-16 Method and system for access control of user side CN102647405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011104229181A CN102647405A (en) 2011-12-16 2011-12-16 Method and system for access control of user side

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011104229181A CN102647405A (en) 2011-12-16 2011-12-16 Method and system for access control of user side
PCT/CN2012/086567 WO2013087002A1 (en) 2011-12-16 2012-12-13 Method and system for user end access control

Publications (1)

Publication Number Publication Date
CN102647405A true CN102647405A (en) 2012-08-22

Family

ID=46659984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104229181A CN102647405A (en) 2011-12-16 2011-12-16 Method and system for access control of user side

Country Status (2)

Country Link
CN (1) CN102647405A (en)
WO (1) WO2013087002A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013087002A1 (en) * 2011-12-16 2013-06-20 中兴通讯股份有限公司 Method and system for user end access control
WO2014079262A1 (en) * 2012-11-21 2014-05-30 中兴通讯股份有限公司 Real-time remote log acquisition method and system
CN106255981A (en) * 2015-04-10 2016-12-21 海天科技控股公司 A kind of user data method for building up and device
CN106375265A (en) * 2015-07-22 2017-02-01 中兴通讯股份有限公司 Household gateway and communication management method and communication system thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050101296A1 (en) * 2003-11-12 2005-05-12 Ntt Docomo, Inc. Server apparatus
CN101115264A (en) * 2006-07-24 2008-01-30 中兴通讯股份有限公司 Communication terminal failure monitoring system and implementing method thereof
CN201450533U (en) * 2009-06-30 2010-05-05 北京中意瑞智科技有限公司 Telephone intelligent service triggering system based on intelligent terminal
CN102244867A (en) * 2010-05-14 2011-11-16 新浪网技术(中国)有限公司 Network access control method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647405A (en) * 2011-12-16 2012-08-22 中兴通讯股份有限公司 Method and system for access control of user side

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050101296A1 (en) * 2003-11-12 2005-05-12 Ntt Docomo, Inc. Server apparatus
CN101115264A (en) * 2006-07-24 2008-01-30 中兴通讯股份有限公司 Communication terminal failure monitoring system and implementing method thereof
CN201450533U (en) * 2009-06-30 2010-05-05 北京中意瑞智科技有限公司 Telephone intelligent service triggering system based on intelligent terminal
CN102244867A (en) * 2010-05-14 2011-11-16 新浪网技术(中国)有限公司 Network access control method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013087002A1 (en) * 2011-12-16 2013-06-20 中兴通讯股份有限公司 Method and system for user end access control
WO2014079262A1 (en) * 2012-11-21 2014-05-30 中兴通讯股份有限公司 Real-time remote log acquisition method and system
US9942111B2 (en) 2012-11-21 2018-04-10 Zte Corporation Method for remotely acquiring in real time log
CN106255981A (en) * 2015-04-10 2016-12-21 海天科技控股公司 A kind of user data method for building up and device
CN106375265A (en) * 2015-07-22 2017-02-01 中兴通讯股份有限公司 Household gateway and communication management method and communication system thereof

Also Published As

Publication number Publication date
WO2013087002A1 (en) 2013-06-20

Similar Documents

Publication Publication Date Title
US20200228363A1 (en) Voice control of endpoint devices through a multi-services gateway device at the user premises
CN104158808B (en) Portal authentication method and its device based on APP applications
EP1980950B1 (en) Proxy terminal, server apparatus, proxy terminal communication path setting method, and server apparatus communication path setting method
US9614914B2 (en) System comprising a publish/subscribe broker for a remote management of end-user devices, and respective end-user device
US8806596B2 (en) Authentication to an identity provider
ES2612714T3 (en) Method, device and multimedia data transmission system based on OTT
US7437552B2 (en) User authentication system and user authentication method
KR101093902B1 (en) Method and system for controlling the access authorisation for a user in a local administrative domain when said user connects to an ip network
JP5736511B2 (en) Zero sign-on authentication
CN101069402B (en) Method and system for transparently authenticating a mobile user to access web services
US20160294575A1 (en) System, Apparatus, and Method for Automatically Configuring Application Terminals in Home Network
US8650617B2 (en) Method and system for real-time insertion of services during a call session over a communication network
ES2381857T3 (en) Method, system and server to implement the DHCP protocol address security assignment
US7412727B2 (en) Media streaming home network system and method for operating the same
CN102368764B (en) A kind of method, system and client communicated by multi-point login
CN101414919B (en) Control method and apparatus for ascending multicast business
AU2012300852C1 (en) Method for a secured backup and restore of configuration data of an end-user device, and device using the method
CN101023638B (en) Electric device, server apparatus, mobile terminal and communication method
US8130635B2 (en) Network access nodes
DE60205853T2 (en) Network gateway and a corresponding method for performing a function of a security protocol
US8111631B2 (en) Systems and methods for automatic configuration of customer premises equipments
US8064357B2 (en) Methods, DSL modems, and computer program products for provisioning DSL service using downloaded username/password
CN101478396B (en) Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof
CN101056178B (en) A method and system for controlling the user network access right
CN105704116B (en) A method of smart machine is bound by binding code

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120822