A kind of IPMI management systems with encryption certification
Technical field
The present invention relates to server admin computer realm, specifically a kind of IPMI with encryption certification manages system
System.
Background technology
IPMI is intelligent platform management interface(Intelligent Platform Management Interface)'s
Abbreviation, is a kind of industrial standard of the ancillary equipment use used in business system of the management based on Intel structures, the mark
It is accurate to be formulated by companies such as Intel, Hewlett-Packard, NEC, Dell computer and SuperMicro.User can monitor clothes using IPMI
The physical health feature of business device, such as temperature, voltage, fan operating state, power supply status.
RSA public-key encryptosystems.So-called public-key encryptosystem is exactly to use different encryption keys with solution
Key, is a kind of " it is computationally infeasible to go out decruption key by known encryption key derivation " cipher system.RSA Algorithm
It is a kind of asymmetric cryptographic algorithm, it is so-called asymmetric, refer to just that the algorithm needs a pair of secret keys, encrypted using one of, then
Need to be decrypted with another.RSA Algorithm is first and can be also easy to understand while be used for the algorithm of encrypted and digitally signed
And operation.
A kind of literal translation formula scripts of JavaScript, are a kind of regime type, weak type, the language based on prototype, interior
Put support type.
In current server field, server admin technology reaches its maturity, and the application of the management agreement such as SNMP, IPMI is also
Through very universal.In generic server field, existing IPMI management systems have been able to meet various application scenarios well
Demand.But in the application scenarios higher for security requirement, enter according only to username and password in Traditional IP MI management systems
What the mode of row Sign-On authentication cannot clearly be easily accepted by a user.This also results in this certain customers and abandons management system, uses
Comparatively safe but cumbersome local operation management mode.
The content of the invention
Technical assignment of the invention is to provide a kind of IPMI management systems with encryption certification.
Technical assignment of the invention realizes that the IPMI management systems include IPMI protocol stack, safety in the following manner
Authentication module, extending user authority module, extension authority management module, client plug-in and USB-Key;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
Described encryption certification is rsa encryption certification.
The flow that described client initiates logging request is as follows:
1)Browser sends the request for obtaining the page, management system Web service transmission login page and corresponding
JavaScript is local to client, and browser display login page simultaneously performs JavaScript;
2)JavaScript controls USB-Key reads the log-on message in USB-Key and uses the RSA privates in USB-Key
Key is encrypted;
3)Log-on message after user name, password and encryption is sent to management system Web service, Web by JavaScript
Service call encrypts authentication module, according to the public key of user name retrieval binding, and log-on message is decrypted using public key, so
After call privately owned algorithm to check log-on message legitimacy, inspection pass through after set up Session using username and password,
Check not by then returning to error message and requiring to rewrite log-on message.
Compared to the prior art a kind of IPMI management systems with encryption certification of the invention, USB-Key are introduced
IPMI management systems so that holding the personnel of specific USB-Key can log in the management system, and according to the USB- of binding
Key is different, there is provided different operating rights.In with the application scenarios required compared with high safety, IPMI management systems just can
Effectively play its efficiently, easily advantage, provide the user conveniently, while saving maintenance management server cost.
Specific embodiment
Embodiment 1:
The IPMI management systems with encryption certification include IPMI protocol stack, security authentication module, extending user authority
Module, extension authority management module, client plug-in and USB-Key;Encryption certification uses rsa encryption certification;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
Embodiment 2:
The IPMI management systems with encryption certification include IPMI protocol stack, security authentication module, extending user authority
Module, extension authority management module, client plug-in, USB-Key and USB-Key drivers;Encryption certification uses rsa encryption
Certification;
The complete function of realizing in IPMI1.0 and 2.0 specifications of IPMI protocol stack, and realize Traditional IP MI management
The Web service function that system includes;
Security authentication module is responsible for responding the logging request that client browser sends, and is submitted to according to client
User name, selects the RSA public keys of binding, and the ciphertext to being included in logging request is decrypted, is then verified, verifies successfully
After allow to set up Session using username and password, carry out next step management operation;
Extending user authority module is responsible for controlling user's operating right in a management system according to log-on message;
Extension authority management module is responsible for binding USB-Key in newly-built/editor user, and generates note according to priority assignation
Volume information simultaneously writes USB-Key;
Client plug-in is that client initiates logging request and the bridge communicated between USB-Key, is responsible in JavaScript
Data are transmitted between USB-Key and the work such as the operation that control USB-Key completions are specified are required according to JavaScript.
The flow that client initiates logging request is as follows:
1)Browser sends the request for obtaining the page, management system Web service transmission login page and corresponding
JavaScript is local to client, and browser display login page simultaneously performs JavaScript;
2)JavaScript controls USB-Key reads the log-on message in USB-Key and uses the RSA privates in USB-Key
Key is encrypted;
3)Log-on message after user name, password and encryption is sent to management system Web service, Web by JavaScript
Service call encrypts authentication module, according to the public key of user name retrieval binding, and log-on message is decrypted using public key, so
After call privately owned algorithm to check log-on message legitimacy, inspection pass through after set up Session using username and password,
Check not by then returning to error message and requiring to rewrite log-on message.
Closely coordinate by between above modules, effectively raise the security and reliability of IPMI management systems
Property so that holding the personnel of specific USB-Key can log in the management system, and different according to the USB-Key of binding, carry
For different operating rights.In with the application scenarios required compared with high safety, IPMI management systems just can be played effectively
Its efficiently, easily advantage, provide the user conveniently, while saving maintenance management server cost.
By specific embodiment above, the those skilled in the art can readily realize the present invention.But should
Work as understanding, the present invention is not limited to above-mentioned several specific embodiments.On the basis of disclosed embodiment, the technology
The technical staff in field can be combined different technical characteristics, so as to realize different technical schemes.