CN103533544A - Method for performing AAA (Authentication, Authorization and Accounting) authentication during failure of database - Google Patents
Method for performing AAA (Authentication, Authorization and Accounting) authentication during failure of database Download PDFInfo
- Publication number
- CN103533544A CN103533544A CN201310470260.0A CN201310470260A CN103533544A CN 103533544 A CN103533544 A CN 103533544A CN 201310470260 A CN201310470260 A CN 201310470260A CN 103533544 A CN103533544 A CN 103533544A
- Authority
- CN
- China
- Prior art keywords
- database
- information
- aaa server
- user
- imsi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for performing AAA (Authentication, Authorization and Accounting) authentication during failure of a database. Since an AAA server has written information on public NAI (Network Access Identifier) and VPN (Virtual Private Network) into an xml (Extensible Markup Language) file, also reads IMSI (International Mobile Subscriber Identity) information and user binding information of a user from the database periodically and stores in a memory object cache component so as to perform false authentication during failure of the database when the database works normally, the AAA server reads the NAI and the VPN information from the xml file and acquires the IMSI information and the user binding information from the memory object cache component by taking IMSI+ 'auth' as keyword for mobile directory number (MDN) authentication, binding check, roaming authority control and group authorization when the database fails and the connection of the AAA server and the database fails. The method can guarantee that the user can still normally access the data traffic during failure of the database, so that the service quality of the user experience is improved; the serious consequence that the economic benefit and the social benefit of a telecom operator are affected at the time in the prior art is avoided, so that both the user and the operator win.
Description
Technical field
The present invention relates to a kind of method of carrying out aaa authentication when database breaks down, exactly, when relating to a kind of active and standby two databases at AAA and all breaking down, aaa server adopts the mode of document authentication to carry out Certificate Authority, allow the user who configures in file or memory object buffer memory assembly to carry out authentication and billing operation, to guarantee the continuity of business.The technical field that belongs to communication.
Background technology
Authentication,authorization,accounting AAA(Authentication, Authorization, Accounting) server is arranged in packet-based core networks, is responsible for the function of completing user authentication,authorization,accounting; Identity while namely user being used to network service and access resources and authority are distinguished and are confirmed, and according in the business of the associative operation , telecom operators of service condition execution charging, aaa authentication occupies very important position.
Referring to Fig. 1, introduce user when access block domain data service (as Internet service), user's Basic Authentication charging flow:
(1) user is to group data service node PDSN(Packet Data Serving Node) initiation access request;
(2) PDSN generates access request message Access-Request, sends to aaa server;
(3) aaa server is received after access request, and user is carried out to authentication, if authentication is passed through, to PDSN, replys access grant message Access-Accept, shows access authentication of user success, sets up data session;
(4) PDSN sends charging request message Accounting-Request to aaa server;
(5) aaa server completes after the preservation of charging message and processing, and to PDSN, returns to accounting answer Accounting-Response.
Wherein, the authentication of aaa server to user, main operation is that aaa server carries out information inquiry checking according to the user name of carrying in user's request in database.Information inquiry now mainly comprises following content:
(1) inquiry common network access identities NAI(Network Access Identifier) information, comprising: the NAI password carrying in user's access request, NAI state, COS, relevant IP information and whether bind international mobile subscriber identity IMSI(International Mobile Subscriber Identit).
(2), when user accesses corporate intranet, need to inquire about virtual private network (Virtual Private Network) relevant information, such as: enterprise's state (normal, cancellation), enterprise's child user and user cipher etc.
(3) inquiry IMSI relevant information, comprising: the cellphone subscriber IMSI state of request access (normal, shut down), mobile subscriber number MDN(Mobile Directory Number), whether bind business, IMSI place user's group, roaming authority IP information relevant with other.
(4) inquiry binding information, whether mainly inquire about this user has authority access service, as: the business of this IMSI binding, the IMSI of the business-binding of its access.
Yet if now broken down as the database of user profile storage core, aaa server just cannot obtain user's CAMEL-Subscription-Information and refuse user's access.Concrete reason is: factor data bank connection failure, it is very huge that aaa server just cannot obtain the relevant information data amount of IMSI in public NAI information and VPN information ,Er telecom operators business network from this database, is also to leave in database conventionally.As factor data bank breaks down and during connection failure, aaa server cannot obtain according to IMSI the relevant information of mobile subscriber number MDN and user type; When carrying out aaa authentication, WAP (wireless application protocol) WAP(Wireless Application Protocol) class business just cannot not used owing to there is no MDN.In addition, binding information cannot read equally from database, causes the binding logic in aaa authentication to come into force.Therefore, from the generation of database failure, be found to the whole process that finds problem, deals with problems, capital is because cannot connection data storehouse and refuse all users' access request, make the user cannot accessing data service, this consequence can have a strong impact on and reduce user's experience, brings the loss that can not estimate to telecom operators simultaneously.
Summary of the invention
In view of this, the object of this invention is to provide a kind of method of carrying out aaa authentication when database breaks down, the method is when active and standby two databases all break down, aaa server will adopt the mode of file and the authentication of memory object buffer memory module information to carry out pseudo-authentication operation, allow the user who configures in file and memory object buffer memory assembly can pass through authentication and billing operation, to improve user's service quality.
In order to achieve the above object, the invention provides a kind of method of carrying out aaa authentication when database breaks down, it is characterized in that: when factor data bank is working properly, aaa server is by public network access identities NAI(Network Access Identifier) and the information of virtual private network (Virtual Private Network) write extend markup language xml(Extensible Markup Language) file, also from database, regularly read user's international mobile subscriber identity IMSI(International Mobile Subscriber Identity) information and user's binding information, and be stored in memory object buffer memory assembly, for aaa server, when breaking down, database carries out puppet authentication, like this, when database breaks down, while making aaa server and database connection failure, aaa server just reads NAI and VPN information from xml file, IMSI+ ' the auth ' of take obtains IMSI information and user's binding information as keyword from memory object buffer memory assembly, for mobile subscriber number MDN(Mobile Directory Number) Certificate Authority, binding verification, roaming authority is controlled and group is authorized.
The advantage that the present invention carries out the method for aaa authentication when database breaks down is: when database breaks down, aaa server can adopt the mode of document authentication, from xml file, read public NAI and VPN information, from memory object buffer memory assembly, read IMSI relevant information and binding information again, access user is carried out to Certificate Authority, with guarantee database exist fault during, user is normal accessing data service also, improves user experience quality.Meanwhile, behaviour's step of the inventive method is simple, convenient, practical, easily popularizes, and can avoid in the past now user's service quality seriously to reduce, and affects the consequence of telecom operators' economic benefit and social benefit, makes user and operator obtain doulbe-sides' victory.
Accompanying drawing explanation
Fig. 1 is the authentication and accounting flow process sequential chart that current user accesses block domain data service (as Internet service).
Fig. 2 is that the present invention carries out the method flow diagram of aaa authentication when database breaks down.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, the present invention is described in further detail.
The method of carrying out aaa authentication when database of the present invention breaks down is a kind of pseudo-authentication mode, from file, read public NAI information and VPN information, from memory object buffer memory assembly, read IMSI relevant information and binding information again, aaa server carries out user's Authentication and authorization according to these information.Because when database work is normal, aaa server has write the information of public network access identities NAI and virtual private network extend markup language xml file, also from database, regularly read user's international mobile subscriber identity IMSI information and user's binding information, and be stored in memory object buffer memory assembly, for aaa server, when breaking down, database carries out puppet authentication.Like this, when database breaks down, while making aaa server and database connection failure, aaa server just can read NAI and VPN information from xml file, take IMSI+ ' auth ' as keyword obtains IMSI information and user's binding information from memory object buffer memory assembly, for mobile subscriber number MDN Certificate Authority, binding verification, roaming authority control and group, authorize.
Referring to Fig. 2, introduce the following operating procedure of the inventive method:
Step 1, aaa server receives user's access request;
Step 2, aaa server connection data storehouse, if successful connection is read user profile and carried out Certificate Authority from database, flow process finishes; If connection failure, carries out subsequent step 3;
Step 3, whether aaa server inspection opens pseudo-authentication operation flow process, if do not open, refuses user's access request, and flow process finishes; If open pseudo-authentication, carry out subsequent step 4;
Step 4, aaa server is searched this user profile from xml file or memory object buffer memory assembly: if do not find this user profile, refuse this user's access request, flow process finishes; If find this user profile, carry out pseudo-authentication operation: from xml file or memory object buffer memory assembly, read this user's relevant information, carry out Certificate Authority.
In step 4, the pseudo-authentication operation of execution mainly contains following two kinds:
(1) aaa server reads this user's public NAI and VPN information from xml file, and concrete pseudo-authentication operation comprises following content:
(41) when aaa server starts or reads configuration again, if database successful connection, from database successfully reads NAI and VPN information, is write relevant information in corresponding xml file; Or
(42) when aaa server starts or reads configuration again, if Database Connect Error reads NAI and VPN information in internal memory from corresponding xml file, create and save as corresponding hash table, while authenticating for puppet, extract relevant information.
(2) aaa server reads this user's IMSI information and binding information from memory object buffer memory assembly, and concrete pseudo-authentication operation comprises following content:
(4A) aaa server adopts the mode of regularly calling stand-alone program that IMSI information and binding information are imported and are stored in memory object buffer memory assembly from database.
Aaa server is importing IMSI information and binding information to be stored in the process of memory object buffer memory assembly from database, connection between database and memory object buffer memory assembly is to adopt connection pool mode, to avoid interim establishment to connect time delay and the resource consumption causing.Connection pool mode is when starting, all database in loading configuration is in connection status, so that when certain database in database cluster cannot normal response, automatically select other efficient databases as the connection supplier of database, improve functional reliability and avoid interim establishment to be connected brought time delay and resource consumption.
Aaa server adopts the importing storage operation of multithreading performing database, the data in the database table that will import are greater than while setting numerical value, the database table that will read is carried out after paging according to the thread of fixed number, more different pages is transferred to different thread process.The setting numerical value of suggestion is 400000, and fixed number is 16.
In this step, aaa server adopts
crontabthe mode that stand-alone program is called in mode, i.e. timing imports IMSI relevant information and binding information to be stored in memory object buffer memory assembly from database, and this cycle of calling is all configurable with calling the period.For example: the cycle of calling is weekly, and select the relative idle period of business (2:00 AM) to start to carry out, avoid import operation to affect normal telecommunication service.
Because the IMSI information in the business network of telecom operators is mass data, therefore being the master-slave mode with 1:1, memory object buffer memory assembly disposes many groups, aaa server imports each corresponding memory object buffer memory assembly according to the distribution of IMSI delivery, to alleviate memory pressure and to improve inquiry velocity.
Because the negligible amounts of binding information, without adopting ways of distribution storage, is stored in first group of memory object buffer memory assembly as long as import.
(4B) when aaa server execution puppet authenticates, take IMSI+ ' auth ' as keyword obtains this user's IMSI information and binding information from memory object buffer memory assembly, for MDN, authorize, bind verification, roaming authority control and organize mandate.
In this step, aaa server, according to IMSI delivery, is determined correspondence memory target cache assembly, and the IMSI+ ' auth ' of take obtains this user's IMSI information as keyword from this memory object buffer memory assembly, then, then from first group of memory object buffer memory assembly obtain binding information.
The present invention has carried out repeatedly implementing test, and the result of test is successfully, has realized goal of the invention.
Claims (9)
1. the method for carrying out aaa authentication when a database breaks down, it is characterized in that: when factor data bank is working properly, aaa server has write the information of public network access identities NAI and virtual private network extend markup language xml file, also from database, regularly read user's international mobile subscriber identity IMSI information and user's binding information, and be stored in memory object buffer memory assembly, for aaa server, when breaking down, database carries out puppet authentication; Like this, when database breaks down, while making aaa server and database connection failure, aaa server just reads NAI and VPN information from xml file, take IMSI+ ' auth ' as keyword obtains IMSI information and user's binding information from memory object buffer memory assembly, for mobile subscriber number MDN Certificate Authority, binding verification, roaming authority control and group, authorize.
2. method according to claim 1, is characterized in that: described method comprises following operating procedure:
(1) aaa server receives user's access request;
(2) aaa server connection data storehouse, if successful connection is read user profile and carried out Certificate Authority from database, flow process finishes; If connection failure, carries out subsequent step (3);
(3) whether aaa server inspection opens pseudo-authentication operation flow process, if do not open, refuses user's access request, and flow process finishes; If open pseudo-authentication, carry out subsequent step (4);
(4) aaa server is searched this user profile from xml file or memory object buffer memory assembly: if do not find this user profile, refuse this user's access request, flow process finishes; If find this user profile, carry out pseudo-authentication operation: from xml file or memory object buffer memory assembly, read this user's relevant information, carry out Certificate Authority.
3. method according to claim 2, is characterized in that: in described step (4), aaa server from xml file, reads this user's public NAI and the pseudo-authentication operation of VPN information comprises following content:
(41) when aaa server starts or reads configuration again, if database successful connection, from database successfully reads NAI and VPN information, is write relevant information in corresponding xml file; Or
(42) when aaa server starts or reads configuration again, if Database Connect Error reads NAI and VPN information in internal memory from corresponding xml file, create and save as corresponding hash table, while authenticating for puppet, extract relevant information.
4. method according to claim 2, is characterized in that: in described step (4), aaa server reads this user's IMSI information from memory object buffer memory assembly and the pseudo-authentication operation of binding information comprises following content:
(4A) aaa server adopts the mode of regularly calling stand-alone program that IMSI information and binding information are imported and are stored in memory object buffer memory assembly from database;
(4B) when aaa server execution puppet authenticates, take IMSI+ ' auth ' as keyword obtains this user's IMSI information and binding information from memory object buffer memory assembly, for MDN, authorize, bind verification, roaming authority control and organize mandate.
5. method according to claim 4, it is characterized in that: described aaa server imports IMSI information and binding information to be stored in the process of memory object buffer memory assembly from database, connection between database and memory object buffer memory assembly adopts connection pool mode, to avoid interim establishment to connect time delay and the resource consumption causing; Described connection pool mode is when starting, all database in loading configuration is in connection status, so that when certain database in database cluster cannot normal response, automatically select other efficient databases as the connection supplier of database, to improve functional reliability, and avoid interim establishment to connect time delay and the resource consumption bringing.
6. method according to claim 4, it is characterized in that: in described step (4A), aaa server adopts the importing storage operation of multithreading performing database, the data in the database table that will import are greater than while setting numerical value, the database table that will read is carried out after paging according to the thread of fixed number, more different pages is transferred to different thread process.
7. method according to claim 4, it is characterized in that: because the IMSI information in the business network of telecom operators is mass data, therefore being the master-slave mode with 1:1, memory object buffer memory assembly disposes many groups, aaa server imports each corresponding memory object buffer memory assembly according to the distribution of IMSI delivery, to alleviate memory pressure and to improve inquiry velocity.
8. method according to claim 4, is characterized in that: described binding information, because of its negligible amounts, without adopting ways of distribution storage, is stored in first group of memory object buffer memory assembly as long as import.
9. method according to claim 4, is characterized in that: in described step (4A), aaa server adopts
crontabthe mode that stand-alone program is called in mode, i.e. timing imports IMSI relevant information and binding information to be stored in memory object buffer memory assembly from database, this cycle of calling is all configurable with calling the period: the cycle of calling is for weekly, and select the relative idle period of business to carry out, avoid import operation to affect normal telecommunication service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310470260.0A CN103533544B (en) | 2013-10-10 | 2013-10-10 | A kind of method carrying out AAA certification when database generation fault |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310470260.0A CN103533544B (en) | 2013-10-10 | 2013-10-10 | A kind of method carrying out AAA certification when database generation fault |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103533544A true CN103533544A (en) | 2014-01-22 |
| CN103533544B CN103533544B (en) | 2016-06-01 |
Family
ID=49935135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310470260.0A Active CN103533544B (en) | 2013-10-10 | 2013-10-10 | A kind of method carrying out AAA certification when database generation fault |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103533544B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006090367A2 (en) * | 2005-02-24 | 2006-08-31 | Xeround Systems Ltd. | Method and apparatus for distributed data management in a switching network |
| WO2006104324A1 (en) * | 2005-03-28 | 2006-10-05 | Ktfreetel Co., Ltd. | Method for mobile node's connection to virtual private network using mobile ip |
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101742247A (en) * | 2009-12-08 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for interactive web TV service authentication and EPG server |
| CN102148725A (en) * | 2011-03-21 | 2011-08-10 | 中兴通讯股份有限公司 | Service state detecting method and system for AAA server |
-
2013
- 2013-10-10 CN CN201310470260.0A patent/CN103533544B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006090367A2 (en) * | 2005-02-24 | 2006-08-31 | Xeround Systems Ltd. | Method and apparatus for distributed data management in a switching network |
| WO2006104324A1 (en) * | 2005-03-28 | 2006-10-05 | Ktfreetel Co., Ltd. | Method for mobile node's connection to virtual private network using mobile ip |
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101742247A (en) * | 2009-12-08 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for interactive web TV service authentication and EPG server |
| CN102148725A (en) * | 2011-03-21 | 2011-08-10 | 中兴通讯股份有限公司 | Service state detecting method and system for AAA server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103533544B (en) | 2016-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103746812B (en) | A kind of access authentication method and system | |
| CN104539615B (en) | Cascade connection authentication method based on CAS | |
| CN102984173A (en) | Network access control method and system | |
| CN110381031A (en) | Single-point logging method, device, equipment and computer readable storage medium | |
| CN109639730A (en) | Information system data interface authentication method under HTTP stateless protocol based on token | |
| CN103731413B (en) | A kind of method for handling abnormal login | |
| CN108092988B (en) | Non-perception authentication and authorization network system and method based on dynamic temporary password creation | |
| CN103200159B (en) | A kind of Network Access Method and equipment | |
| CN101895526B (en) | Dial-up authentication method and system | |
| CN109413649B (en) | Access authentication method and device | |
| US9363663B2 (en) | Method and apparatus for providing cellphone service from any device | |
| CN101986598B (en) | Authentication method, server and system | |
| CN103220673B (en) | WLAN user authentication method, certificate server and subscriber equipment | |
| CN106982430B (en) | Portal authentication method and system based on user use habits | |
| CN101764808A (en) | Authentication processing method and system for automatic login as well as server | |
| CN101599967A (en) | Authority control method and system based on the 802.1x Verification System | |
| CN102158492A (en) | Web authentication method, device and network equipment | |
| CN107872445A (en) | Access authentication method, equipment and Verification System | |
| CN101667933A (en) | Security authentication system and master/standby switching method and device thereof | |
| CN105022939A (en) | Information verification method and device | |
| CN106878335A (en) | A kind of method and system for login authentication | |
| US11743258B2 (en) | Access authenticating | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN109379339B (en) | Portal authentication method and device | |
| CN103326865B (en) | Network authentication method and system for making calls |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |