CN104504323B - A kind of IPMI management systems with encryption certification - Google Patents
A kind of IPMI management systems with encryption certification Download PDFInfo
- Publication number
- CN104504323B CN104504323B CN201410774174.3A CN201410774174A CN104504323B CN 104504323 B CN104504323 B CN 104504323B CN 201410774174 A CN201410774174 A CN 201410774174A CN 104504323 B CN104504323 B CN 104504323B
- Authority
- CN
- China
- Prior art keywords
- key
- usb
- ipmi
- management
- management systems
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 title claims abstract description 34
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000009795 derivation Methods 0.000 description 1
- 238000013515 script Methods 0.000 description 1
Abstract
The invention discloses a kind of IPMI management systems with encryption certification, the IPMI management systems include IPMI protocol stack, security authentication module, extending user authority module, extension authority management module, client plug-in and USB Key.A kind of IPMI management systems with encryption certification of the invention are compared to the prior art, USB Key are introduced into IPMI management systems, so that the personnel for holding specific USB Key can log in the management system, and it is different according to the USB Key of binding, there is provided different operating rights.In with the application scenarios required compared with high safety, IPMI management systems just can effectively play its efficiently, easily advantage, provide the user conveniently, while saving maintenance management server cost.
Description
Technical field
The present invention relates to server admin computer realm, specifically a kind of IPMI with encryption certification manages system
System.
Background technology
IPMI is intelligent platform management interface(Intelligent Platform Management Interface)'s
Abbreviation, is a kind of industrial standard of the ancillary equipment use used in business system of the management based on Intel structures, the mark
It is accurate to be formulated by companies such as Intel, Hewlett-Packard, NEC, Dell computer and SuperMicro.User can monitor clothes using IPMI
The physical health feature of business device, such as temperature, voltage, fan operating state, power supply status.
RSA public-key encryptosystems.So-called public-key encryptosystem is exactly to use different encryption keys with solution
Key, is a kind of " it is computationally infeasible to go out decruption key by known encryption key derivation " cipher system.RSA Algorithm
It is a kind of asymmetric cryptographic algorithm, it is so-called asymmetric, refer to just that the algorithm needs a pair of secret keys, encrypted using one of, then
Need to be decrypted with another.RSA Algorithm is first and can be also easy to understand while be used for the algorithm of encrypted and digitally signed
And operation.
A kind of literal translation formula scripts of JavaScript, are a kind of regime type, weak type, the language based on prototype, interior
Put support type.
In current server field, server admin technology reaches its maturity, and the application of the management agreement such as SNMP, IPMI is also
Through very universal.In generic server field, existing IPMI management systems have been able to meet various application scenarios well
Demand.But in the application scenarios higher for security requirement, enter according only to username and password in Traditional IP MI management systems
What the mode of row Sign-On authentication cannot clearly be easily accepted by a user.This also results in this certain customers and abandons management system, uses
Comparatively safe but cumbersome local operation management mode.
The content of the invention
Technical assignment of the invention is to provide a kind of IPMI management systems with encryption certification.
Technical assignment of the invention realizes that the IPMI management systems include IPMI protocol stack, safety in the following manner
Authentication module, extending user authority module, extension authority management module, client plug-in and USB-Key;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
Described encryption certification is rsa encryption certification.
The flow that described client initiates logging request is as follows:
1)Browser sends the request for obtaining the page, management system Web service transmission login page and corresponding
JavaScript is local to client, and browser display login page simultaneously performs JavaScript;
2)JavaScript controls USB-Key reads the log-on message in USB-Key and uses the RSA privates in USB-Key
Key is encrypted;
3)Log-on message after user name, password and encryption is sent to management system Web service, Web by JavaScript
Service call encrypts authentication module, according to the public key of user name retrieval binding, and log-on message is decrypted using public key, so
After call privately owned algorithm to check log-on message legitimacy, inspection pass through after set up Session using username and password,
Check not by then returning to error message and requiring to rewrite log-on message.
Compared to the prior art a kind of IPMI management systems with encryption certification of the invention, USB-Key are introduced
IPMI management systems so that holding the personnel of specific USB-Key can log in the management system, and according to the USB- of binding
Key is different, there is provided different operating rights.In with the application scenarios required compared with high safety, IPMI management systems just can
Effectively play its efficiently, easily advantage, provide the user conveniently, while saving maintenance management server cost.
Specific embodiment
Embodiment 1:
The IPMI management systems with encryption certification include IPMI protocol stack, security authentication module, extending user authority
Module, extension authority management module, client plug-in and USB-Key;Encryption certification uses rsa encryption certification;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
Embodiment 2:
The IPMI management systems with encryption certification include IPMI protocol stack, security authentication module, extending user authority
Module, extension authority management module, client plug-in, USB-Key and USB-Key drivers;Encryption certification uses rsa encryption
Certification;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
The flow that client initiates logging request is as follows:
1)Browser sends the request for obtaining the page, management system Web service transmission login page and corresponding
JavaScript is local to client, and browser display login page simultaneously performs JavaScript;
2)JavaScript controls USB-Key reads the log-on message in USB-Key and uses the RSA privates in USB-Key
Key is encrypted;
3)Log-on message after user name, password and encryption is sent to management system Web service, Web by JavaScript
Service call encrypts authentication module, according to the public key of user name retrieval binding, and log-on message is decrypted using public key, so
After call privately owned algorithm to check log-on message legitimacy, inspection pass through after set up Session using username and password,
Check not by then returning to error message and requiring to rewrite log-on message.
Closely coordinate by between above modules, effectively raise the security and reliability of IPMI management systems
Property so that holding the personnel of specific USB-Key can log in the management system, and different according to the USB-Key of binding, carry
For different operating rights.In with the application scenarios required compared with high safety, IPMI management systems just can be played effectively
Its efficiently, easily advantage, provide the user conveniently, while saving maintenance management server cost.
By specific embodiment above, the those skilled in the art can readily realize the present invention.But should
Work as understanding, the present invention is not limited to above-mentioned several specific embodiments.On the basis of disclosed embodiment, the technology
The technical staff in field can be combined different technical characteristics, so as to realize different technical schemes.
Claims (3)
1. it is a kind of with encryption certification IPMI management systems, it is characterised in that the IPMI management systems include IPMI protocol stack,
Security authentication module, extending user authority module, extension authority management module, client plug-in and USB-Key;
The complete function of realizing in IPMI1.0 and IPMI2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client browser
User name, select the RSA public keys of binding, the ciphertext to being included in logging request is decrypted, then verified, verify into
Allow to set up Session using username and password after work(, carry out the management operation of next step;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and according to priority assignation generation registration letter
Cease and write USB-Key;
Client plug-in is that client browser initiates logging request and the bridge communicated between USB-Key, is responsible for
Data and the operation for completing to specify according to JavaScript requirement controls USB-Key are transmitted between JavaScript and USB-Key
Work.
2. it is according to claim 1 a kind of with the IPMI management systems for encrypting certification, it is characterised in that described encryption
Certification is rsa encryption certification.
3. it is according to claim 1 a kind of with the IPMI management systems for encrypting certification, it is characterised in that described client
The flow that end browser initiates logging request is as follows:
1)Browser sends the request for obtaining the page, and management system Web service transmission login page and corresponding JavaScript are extremely
Client is local, and browser display login page simultaneously performs JavaScript;
2)JavaScript controls USB-Key is read the log-on message in USB-Key and is entered using the RSA private keys in USB-Key
Row encryption;
3)Log-on message after user name, password and encryption is sent to management system Web service, Web service by JavaScript
Encryption authentication module is called, according to the public key of user name retrieval binding, and log-on message is decrypted using public key, then adjusted
Log-on message legitimacy is checked with privately owned algorithm, inspection sets up Session after passing through using username and password, checked
Not by then returning to error message and requiring to rewrite log-on message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410774174.3A CN104504323B (en) | 2014-12-16 | 2014-12-16 | A kind of IPMI management systems with encryption certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410774174.3A CN104504323B (en) | 2014-12-16 | 2014-12-16 | A kind of IPMI management systems with encryption certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104504323A CN104504323A (en) | 2015-04-08 |
| CN104504323B true CN104504323B (en) | 2017-06-06 |
Family
ID=52945719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410774174.3A Active CN104504323B (en) | 2014-12-16 | 2014-12-16 | A kind of IPMI management systems with encryption certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104504323B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106603721A (en) * | 2017-01-19 | 2017-04-26 | 济南浪潮高新科技投资发展有限公司 | Remote control method and system and remote control client |
| CN108830094A (en) * | 2018-06-19 | 2018-11-16 | 北京元心科技有限公司 | Based on the operation processing method, device and electronic equipment identified to encrypted card |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030880A (en) * | 2006-03-03 | 2007-09-05 | 环达电脑(上海)有限公司 | Multi-server management system and method |
| CN101447008A (en) * | 2008-12-23 | 2009-06-03 | 中国科学院计算技术研究所 | Digital content network copyright management system and method |
| CN101872399A (en) * | 2010-07-01 | 2010-10-27 | 武汉理工大学 | Dynamic digital copyright protection method based on dual identity authentication |
| CN103326859A (en) * | 2013-05-31 | 2013-09-25 | 国家电网公司 | System and method for safety certification based on catalog |
| CN103701919A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Remote login method and system |
| CN104184743A (en) * | 2014-09-10 | 2014-12-03 | 西安电子科技大学 | Three-layer authentication system and method oriented to cloud computing platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7764682B2 (en) * | 2008-07-15 | 2010-07-27 | Unisys Corporation | Mainframe computing system having virtual IPMI protocol |
-
2014
- 2014-12-16 CN CN201410774174.3A patent/CN104504323B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030880A (en) * | 2006-03-03 | 2007-09-05 | 环达电脑(上海)有限公司 | Multi-server management system and method |
| CN101447008A (en) * | 2008-12-23 | 2009-06-03 | 中国科学院计算技术研究所 | Digital content network copyright management system and method |
| CN101872399A (en) * | 2010-07-01 | 2010-10-27 | 武汉理工大学 | Dynamic digital copyright protection method based on dual identity authentication |
| CN103326859A (en) * | 2013-05-31 | 2013-09-25 | 国家电网公司 | System and method for safety certification based on catalog |
| CN103701919A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Remote login method and system |
| CN104184743A (en) * | 2014-09-10 | 2014-12-03 | 西安电子科技大学 | Three-layer authentication system and method oriented to cloud computing platform |
Non-Patent Citations (1)
| Title |
|---|
| 基于IPMI的智能平台管理系统的实现;童燕;《中国优秀硕士学位论文全文数据库 信息科技辑》;20081115;I140-483 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104504323A (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103856478B (en) | A kind of certificate issuance of trustable network, authentication method and corresponding equipment | |
| US9467430B2 (en) | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware | |
| CN102970299B (en) | File safe protection system and method thereof | |
| US20070089163A1 (en) | System and method for controlling security of a remote network power device | |
| CN105592003B (en) | A kind of cross-domain single login method and system based on notice | |
| CN102905260B (en) | Safety and certification system for data transmission of mobile terminal | |
| CN102111265A (en) | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal | |
| CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
| CN102196434A (en) | Authentication method and system for wireless local area network terminal | |
| EP3391586A1 (en) | Method and system for hand held terminal security | |
| CN103916363B (en) | The communication security management method and system of encryption equipment | |
| CN101738516A (en) | Electronic electric energy meter and data secure transmission method thereof | |
| US20160261414A1 (en) | Secure authentication of remote equipment | |
| WO2013081441A1 (en) | A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn) | |
| CN107566114A (en) | A kind of method of equipment encryption and transmission encryption in cloud Internet of Things platform | |
| WO2016184221A1 (en) | Password management method, device and system | |
| CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
| KR100668446B1 (en) | Safe --method for transferring digital certificate | |
| JP2008287395A (en) | Authentication method and authentication system | |
| JP2016535884A (en) | Securing communications within network endpoints | |
| CN104504323B (en) | A kind of IPMI management systems with encryption certification | |
| CN205453754U (en) | Intelligent gateway platform towards thing networked control system | |
| KR20130052903A (en) | System and method for certificating security smart grid devices | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN104243435A (en) | Communication method for HTTP based on OAuth |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180807 Address after: 250100 S06 tower, 1036, Chao Lu Road, hi tech Zone, Ji'nan, Shandong. Patentee after: Shandong wave cloud Mdt InfoTech Ltd Address before: No. 1036, Shun Ya Road, Ji'nan high tech Zone, Shandong Province Patentee before: Inspur Group Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: 250100 No. 1036 Tidal Road, Jinan High-tech Zone, Shandong Province, S01 Building, Tidal Science Park Patentee after: Inspur cloud Information Technology Co., Ltd Address before: 250100 Ji'nan science and technology zone, Shandong high tide Road, No. 1036 wave of science and Technology Park, building S06 Patentee before: SHANDONG LANGCHAO YUNTOU INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address |