CN103685283A - Communication network management certificate authority system and method - Google Patents
Communication network management certificate authority system and method Download PDFInfo
- Publication number
- CN103685283A CN103685283A CN201310698599.6A CN201310698599A CN103685283A CN 103685283 A CN103685283 A CN 103685283A CN 201310698599 A CN201310698599 A CN 201310698599A CN 103685283 A CN103685283 A CN 103685283A
- Authority
- CN
- China
- Prior art keywords
- server
- user
- website
- management
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention relates to a communication network management certificate authority system and method, and relates to the field of communication network management. The certificate authority system comprises a network management server, an access management terminal, an certification server and a communication station network, certification information is allocated on the certification server in a concentrated mode, and authority information is allocated on each station; a user conducts station management through the network management server or the access management terminal; the certification information is sent to the certification server through the stations to be certificated, and the stations record information of users who conduct login at present and inform the users; the users send management information interaction commands to the login stations, and after authority function modules of the stations receive the management information interaction commands, whether the users and the corresponding authority limits exist in the authority information are stored in the stations or not is determined; or user logout is carried out, and the stations delete successful login records of the users in the stations. According to the communication network management certificate authority system and method, the requirements for high performance of the certification server in the communication network are reduced, and influences on the performance of the network management system when the certification server side is abnormal in communication are eliminated to the greatest degree.
Description
Technical field
The present invention relates to communication network management field, is specifically a kind of authentication and authorization system and method for communication network management.
Background technology
The element of communication network comprises webmaster and communication equipment website, webmaster is by management channel managing communication devices network, different user can be used the various ways access communications networks such as the webmaster terminal of various forms is interior to be with, band is outer, for guaranteeing communications network security and managing hierarchically, Certificate Authority is absolutely necessary, and is more and more widely used in the website management of communication network.
As shown in Figure 1, be the communication network topology figure that possesses Certificate Authority function, traditional Certificate Authority mode has adopted centralized management, authentication authorization and accounting server process the functions such as all authentications, mandate.At DCN(Data Communication Network, data communication network) in, NM server needs all websites of real-time monitoring, also has in addition access-in management terminal (office terminal of interim access).For safety and avoiding interference, certificate server is to be independent of outside NM server, if use centralized Certificate Authority, website is wanted simultaneously and certificate server and NM server to carry out real time data mutual.Consider that communication network website quantity is generally all huger, and the NMS user authority of different equipment manufacturer communication network is independence, level and complexity day by day, compare with authentication information data (being generally user name, password), authorization message data (user name and grouping, subregion, administration authority content etc.) are more complex, the stack of the whole network authorization message will be that suitable googol is according to amount, this requires certificate server must be high-performance, and the real-time authentication authorization message that could meet a large amount of websites is processed.In addition, certificate server self or certificate server side network communication state occur when abnormal, can cause part website and certificate server communication disruption, for guaranteeing Content of Communication safety, management information between NM server (or access-in management terminal) and these websites has to stop owing to can not get the authorization response of certificate server alternately, although communication channel is normal between between webmaster and website.
Summary of the invention
For the defect existing in prior art, the object of the present invention is to provide a kind of authentication and authorization system and method for communication network management, reduce certificate server in communication network and must possess high performance requirement, the performance impact to network management system while eliminating to greatest extent certificate server side communication abnormality.
For reaching above object, the invention provides a kind of authentication and authorization system of communication network management, comprise NM server, access-in management terminal, certificate server and communication site's network, described communication site network is not communicated by letter with NM server, certificate server by data communication network dividing, it is characterized in that: described communication site network comprises a plurality of websites, certain site link in access-in management terminal and network, described website comprises authorization function module, for storage and the management of website self authorization message; User carries out website management by NM server or access-in management terminal.
On the basis of technique scheme, described in each, website also comprises Authentication Client module, for the treatment of the authentication information between described user and certificate server.
The present invention also provides a kind of authentication authority method of communication network management, comprises step: S1. is centralized configuration authentication information on certificate server, the corresponding authorization message of each site configuration; S2. user carries out network management by access-in management accessing terminal to network or NM server, the website that office terminal or NM server are logined and managed by needs, send to certificate server to authenticate authentication information, after authentication, the user profile of the current login of site record is also informed office terminal or NM server; S3. office terminal or NM server send management information interactive command to logining website, and the authorization function module of website receives after described management information interactive command, and confirming has user and the corresponding authority meeting in the authorization message data of this site stores; Or carry out user and publish, website is deleted this user at the record that logs in successfully of this website.
On the basis of technique scheme, described authentication information at least comprises username and password, and the change of authentication information completes on certificate server; By NM server, give each site configuration corresponding authorization message, the change of authorization message completes at NM server.
On the basis of technique scheme, in described S2, office terminal or NM server send to user's authentication information the website that need to login and manage, the Authentication Client module of described website is received authentication information, and initiate identifying procedure to certificate server, certificate server detects the authentication information that website is brought, and result is fed back to this website.
On the basis of technique scheme, whether the Authentication Client module of described website is passed through according to result judgement authentication, if pass through, this user's the information that logins successfully under site record, comprise user name and IP, and feedback management terminal or this user's authentication success of NM server logined website; If do not pass through, this user authentication failure of website feedback management terminal or NM server.
On the basis of technique scheme, in described S3, if the user who does not meet in the authorization message data of site stores and corresponding authority, entitlement management module determines that the authority of this user and corresponding this time management information interactive command is illegal, feeds back to this time mutual insufficient permission of office terminal or NM server.
On the basis of technique scheme, in described S3, if being office terminal or NM server, the reason that user publishes publishes command operation to website initiation user, described website receives that user publishes command operation, the authorization module of website is deleted the log-on message of this user on website, and feeds back to office terminal or this user of NM server successfully publishes.
On the basis of technique scheme, in described S3, if it is because website detects the not management information interactive operation of this login user in the stipulated time that user publishes, judge this user's login-timeout, the log-on message of this user of Force Deletion on website, and feed back to office terminal or this user of NM server has been forced to publish.
Beneficial effect of the present invention is: the present invention is separated by authentication and authorization function, communication network authorization message is distributed in to each website to be managed, the standard authentication of each website still concentrates on certificate server and manages, after authentication is passed through, the mutual of authorization message only carries out between accessed website and NM server, each website also only needs the authorization message of management oneself, the data Storage and Processing amount of certificate server greatly reduces, and reduces in communication network, to apply the certificate server that conventional authentication authorization causes and must possess high performance requirement; Performance impact to network management system while eliminating to greatest extent certificate server side communication abnormality.When certificate server side communication abnormality, having authenticated the leading subscriber that passes through and the management between access site and authorization message interacting activity can be not influenced, has improved network management efficiency, has promoted user's experience sense.
Accompanying drawing explanation
Fig. 1 is the communication network topology figure that possesses Certificate Authority function in background technology;
Fig. 2 is the authentication authority method flow chart of embodiment of the present invention communication network management.
Embodiment
The authentication and authorization system of communication network management of the present invention, comprise NM server, access-in management terminal, certificate server and communication site's network, described communication site network is not communicated by letter with NM server, certificate server by data communication network dividing, described communication site network comprises a plurality of websites, certain site link in access-in management terminal and network.Each website comprises authorization function module, for storage and the management of website self authorization message; User carries out access-in management by NM server or access-in management terminal.Described in each, website also comprises Authentication Client module, for the treatment of the authentication information between user and certificate server.
The authentication authority method that the present invention is based on the communication network management of said system, comprises step:
S1. centralized configuration authentication information on certificate server, the corresponding authorization message of each site configuration.
S2. user carries out network management by access-in management accessing terminal to network or NM server, the website that office terminal (or NM server) is logined and managed by needs sends to certificate server to authenticate authentication information, after authentication, the user profile of site record current accessed is also informed office terminal (or NM server).
S3. office terminal (or NM server) sends management information interactive command to logining website, and the authorization function module of website receives after described management information interactive command, and confirming has user and the corresponding authority meeting in the authorization message data of this site stores; Or carry out user and publish, website is deleted this user at the record that logs in successfully of this website.
Below in conjunction with drawings and Examples, the present invention is described in further detail.
As shown in Figure 2, be the detailed process of the authentication authority method of communication network management of the present invention:
101. authentication informations that centralized configuration communication network management meeting uses on certificate server, specifically comprise user name, password etc., and the change of authentication information is also to complete on certificate server.
102. give each site configuration corresponding authorization message by NM server, and each website only need to be responsible for storage administration authorization message separately; The change of authorization message also completes at NM server.
103. users carry out website management by access-in management accessing terminal to network or NM server, and in such cases, new user need to initiate safety certification and login to website by office terminal or NM server.
104. office terminals or NM server send to user's authentication information the website that need to login and manage, this website of request login simultaneously.
Described in 105., the Authentication Client module of website is received authentication information, and to certificate server, initiates the identifying procedure of standard.
106. certificate servers detect the authentication information that described website is brought, and result is fed back to this website.
Whether described in 107., the authentication Client Model of website is processed the reply data of differentiating certificate server, according to described result judgement authentication, pass through, and if so, enters 109; If not, enter 108.
108. websites feed back to office terminal or this user authentication failure of NM server, and this Client-initiated follow-up management information request feedback is not logged in.
Under 109. site records this user log in successful information, comprise user name and IP, and feed back to office terminal or this user's authentication success of NM server and logined website; User can select to continue operation simultaneously, enters 110; Or user publishes, enter 114.
110. users send management information interactive command by office terminal or NM server to website.
The authorization function module of 111. websites is received after the order of described management interactive information, judges in the authorization message data of this site stores, whether has the user and the corresponding authority of this time managing interactive information order that meet, if so, enters 112; If not, enter 113.
112. authorization function modules determine that the authority of this user and corresponding this time management information interactive command is legal, respond this management information interactive command.
113. authorization function modules determine that the authority of this user and corresponding this time management information interactive command is illegal, feed back to this time mutual insufficient permission of office terminal or NM server.
It is that 114. judgement users publish for which kind of situation, and a kind of user of being initiates to publish command operation to website, enters 115; Another kind is that website detects the not management information interactive operation of this login user in the stipulated time, and website is judged this user's webmaster login-timeout, enters 116.
115. websites are received user's the command operation of publishing, and delete the log-on message of this this user on website, and feed back to office terminal or this user of NM server successfully publishes.
The log-on message of this user of website Force Deletion on website described in 116., and feed back to office terminal or this user of NM server has been forced to publish.
The present invention is not limited to above-mentioned execution mode, for those skilled in the art, under the premise without departing from the principles of the invention, can also make some improvements and modifications, within these improvements and modifications are also considered as protection scope of the present invention.The content not being described in detail in this specification belongs to the known prior art of professional and technical personnel in the field.
Claims (9)
1. the authentication and authorization system of a communication network management, comprise NM server, access-in management terminal, certificate server and communication site's network, described communication site network is not communicated by letter with NM server, certificate server by data communication network dividing, it is characterized in that: described communication site network comprises a plurality of websites, certain site link in access-in management terminal and network, described website comprises authorization function module, for storage and the management of website self authorization message; User carries out website management by NM server or access-in management terminal.
2. the authentication and authorization system of communication network management as claimed in claim 1, is characterized in that: described in each, website also comprises Authentication Client module, for the treatment of the authentication information between described user and certificate server.
3. an authentication authority method for the communication network management based on system described in claim 1, is characterized in that, comprises step:
S1. centralized configuration authentication information on certificate server, the corresponding authorization message of each site configuration;
S2. user carries out network management by access-in management accessing terminal to network or NM server, the website that office terminal or NM server are logined and managed by needs, send to certificate server to authenticate authentication information, after authentication, the user profile of the current login of site record is also informed office terminal or NM server;
S3. office terminal or NM server send management information interactive command to logining website, and the authorization function module of website receives after described management information interactive command, and confirming has user and the corresponding authority meeting in the authorization message data of this site stores; Or carry out user and publish, website is deleted this user at the record that logs in successfully of this website.
4. the authentication and authorization system of communication network management as claimed in claim 3, is characterized in that: described authentication information at least comprises username and password, and the change of authentication information completes on certificate server; By NM server, give each site configuration corresponding authorization message, the change of authorization message completes at NM server.
5. the authentication and authorization system of communication network management as claimed in claim 3, it is characterized in that: in described S2, office terminal or NM server send to user's authentication information the website that need to login and manage, the Authentication Client module of described website is received authentication information, and initiate identifying procedure to certificate server, certificate server detects the authentication information that website is brought, and result is fed back to this website.
6. the authentication and authorization system of communication network management as claimed in claim 5, it is characterized in that: whether the Authentication Client module of described website is passed through according to result judgement authentication, if pass through, this user's the information that logins successfully under site record, comprise user name and IP, and feedback management terminal or this user's authentication success of NM server logined website; If do not pass through, this user authentication failure of website feedback management terminal or NM server.
7. the authentication and authorization system of communication network management as claimed in claim 3, it is characterized in that: in described S3, if the user who does not meet in the authorization message data of site stores and corresponding authority, entitlement management module determines that the authority of this user and corresponding this time management information interactive command is illegal, feeds back to this time mutual insufficient permission of office terminal or NM server.
8. the authentication and authorization system of communication network management as claimed in claim 3, it is characterized in that: in described S3, if being office terminal or NM server, the reason that user publishes publishes command operation to website initiation user, described website receives that user publishes command operation, the authorization module of website is deleted the log-on message of this user on website, and feeds back to office terminal or this user of NM server successfully publishes.
9. the authentication and authorization system of communication network management as claimed in claim 3, it is characterized in that: in described S3, if it is because website detects the not management information interactive operation of this login user in the stipulated time that user publishes, judge this user's login-timeout, the log-on message of this user of Force Deletion on website, and feed back to office terminal or this user of NM server has been forced to publish.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310698599.6A CN103685283B (en) | 2013-12-18 | 2013-12-18 | The authentication and authorization system of a kind of communication network management and method |
| PCT/CN2014/086513 WO2015090089A1 (en) | 2013-12-18 | 2014-09-15 | Authentication and authorization system and method for management of communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310698599.6A CN103685283B (en) | 2013-12-18 | 2013-12-18 | The authentication and authorization system of a kind of communication network management and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103685283A true CN103685283A (en) | 2014-03-26 |
| CN103685283B CN103685283B (en) | 2016-07-27 |
Family
ID=50321597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310698599.6A Active CN103685283B (en) | 2013-12-18 | 2013-12-18 | The authentication and authorization system of a kind of communication network management and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103685283B (en) |
| WO (1) | WO2015090089A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104135482A (en) * | 2014-08-07 | 2014-11-05 | 浪潮(北京)电子信息产业有限公司 | Authentication method and device as well as server |
| CN104680373A (en) * | 2015-03-10 | 2015-06-03 | 四川省宁潮科技有限公司 | Mobile financial safety method on basis of OOBA (out-of-band authentication) |
| WO2015090089A1 (en) * | 2013-12-18 | 2015-06-25 | 烽火通信科技股份有限公司 | Authentication and authorization system and method for management of communication network |
| CN106131011A (en) * | 2016-07-07 | 2016-11-16 | 杭州华三通信技术有限公司 | A kind of license confirmation method and device |
| CN107517178A (en) * | 2016-06-15 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of authentication method, device and system |
| CN108023858A (en) * | 2016-11-02 | 2018-05-11 | 北京视联动力国际信息技术有限公司 | One kind regards networking webmaster safety certifying method and its system |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114465916A (en) * | 2022-01-24 | 2022-05-10 | 北京新桥信通科技股份有限公司 | Method and system for realizing trusted operating platform |
| CN115021936B (en) * | 2022-06-10 | 2023-10-27 | 中国南方电网有限责任公司 | Terminal equipment safety access authentication and authorization method and system of remote site |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1265580C (en) * | 2002-12-26 | 2006-07-19 | 华为技术有限公司 | Identification and business management for network user |
| WO2006001590A1 (en) * | 2004-03-24 | 2006-01-05 | Exers Technologies. Inc. | Netwok security system co-operated with an authentification server and method thereof |
| CN102195991A (en) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | Terminal security management and authentication method and system |
| CN102427610A (en) * | 2011-12-29 | 2012-04-25 | 陈佳阳 | Wireless router with built-in user management function, system and networking method thereof |
| CN102665216B (en) * | 2012-05-03 | 2014-12-31 | 杭州热望信息技术有限公司 | User authentication method for extensible and distributed wireless local area network (WLAN) |
| CN103685283B (en) * | 2013-12-18 | 2016-07-27 | 烽火通信科技股份有限公司 | The authentication and authorization system of a kind of communication network management and method |
-
2013
- 2013-12-18 CN CN201310698599.6A patent/CN103685283B/en active Active
-
2014
- 2014-09-15 WO PCT/CN2014/086513 patent/WO2015090089A1/en active Application Filing
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015090089A1 (en) * | 2013-12-18 | 2015-06-25 | 烽火通信科技股份有限公司 | Authentication and authorization system and method for management of communication network |
| CN104135482A (en) * | 2014-08-07 | 2014-11-05 | 浪潮(北京)电子信息产业有限公司 | Authentication method and device as well as server |
| CN104680373A (en) * | 2015-03-10 | 2015-06-03 | 四川省宁潮科技有限公司 | Mobile financial safety method on basis of OOBA (out-of-band authentication) |
| CN107517178A (en) * | 2016-06-15 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of authentication method, device and system |
| CN107517178B (en) * | 2016-06-15 | 2020-10-20 | 阿里巴巴集团控股有限公司 | Authentication method, device and system |
| CN106131011A (en) * | 2016-07-07 | 2016-11-16 | 杭州华三通信技术有限公司 | A kind of license confirmation method and device |
| CN106131011B (en) * | 2016-07-07 | 2021-01-22 | 新华三技术有限公司 | Authorization confirmation method and device |
| CN108023858A (en) * | 2016-11-02 | 2018-05-11 | 北京视联动力国际信息技术有限公司 | One kind regards networking webmaster safety certifying method and its system |
| CN108023858B (en) * | 2016-11-02 | 2019-03-01 | 视联动力信息技术股份有限公司 | A kind of view networking network management safety certifying method and its system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015090089A1 (en) | 2015-06-25 |
| CN103685283B (en) | 2016-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103685283B (en) | The authentication and authorization system of a kind of communication network management and method | |
| CN100586169C (en) | Authentication method for interdynamic television service | |
| CN104065731B (en) | A kind of ftp file Transmission system and transmission method | |
| EP2658207B1 (en) | Authorization method and terminal device | |
| US9374372B2 (en) | Systems and methods for profiling client devices | |
| CN104702607A (en) | Access authentication method, device and system of SDN (Software Defined Network) | |
| CN111447180B (en) | Security access control strategy for power Internet of things edge access management system | |
| CN111131301A (en) | Unified authentication and authorization scheme | |
| CN102082733A (en) | Portal system and access method thereof | |
| CN112929188B (en) | Device connection method, system, apparatus and computer readable storage medium | |
| CN113839966B (en) | Security management system based on micro-service | |
| CN103036883B (en) | A kind of safe communication method of security server and system | |
| CN103067407A (en) | Authentication method and authentication device of user terminal access network | |
| CN110138779B (en) | Hadoop platform safety management and control method based on multi-protocol reverse proxy | |
| CN104796408A (en) | Single-point live login method and device | |
| CN110290176B (en) | Point-to-point information pushing method based on MQTT | |
| CN103825901A (en) | Network access control method and equipment | |
| CN111404918A (en) | Cloud mobile phone distributed service emergency authentication method, device and system | |
| US11716626B2 (en) | Network access control system | |
| CN108243164B (en) | Cross-domain access control method and system for E-government cloud computing | |
| CN103716325A (en) | Security control method, device and system for network access | |
| US10735399B2 (en) | System, service providing apparatus, control method for system, and storage medium | |
| CN105391720A (en) | User terminal login method and device | |
| CN114338218B (en) | PPPoE dialing method | |
| CN105592031A (en) | User login method and system based on identity authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |