CN104660403A - Equipment authorization method and server - Google Patents
Equipment authorization method and server Download PDFInfo
- Publication number
- CN104660403A CN104660403A CN201310589806.4A CN201310589806A CN104660403A CN 104660403 A CN104660403 A CN 104660403A CN 201310589806 A CN201310589806 A CN 201310589806A CN 104660403 A CN104660403 A CN 104660403A
- Authority
- CN
- China
- Prior art keywords
- access device
- information
- authorization
- new access
- attribute information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides equipment authorization method and server. The method comprises the following steps: when receiving an authorization authentication request of novel access equipment accessing to a current system and having equipment attribute information different from that of original access equipment in the current system, transferring the authorization authentication request to the authorization server in the current system; receiving original authorization information returned by the authorization server according to the authorization authentication request, according to the equipment attribute information of the novel access equipment and the original authorization information, determining preset authorization information capable of enabling the novel access equipment to perform authorization, sending the preset authorization information to the novel access equipment, and indicating the novel access equipment to perform authorization according to the preset authorization information. Therefore, configuration pressure of the authorization server is reduced and the authorization speed of the access equipment is increased.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of device authorization method and server.
Background technology
Current, there is Relay Server in a communications system, Relay Server, between access device and authorization server, is used for the certification of access device, charging message to be transmitted to authorization server, and the authentication result of authorization server, mandate, charging response message is transmitted to access device.
But, if when changing the new access device of other equipment suppliers or other classifications, need to wait in authorization server reconfiguring authorization message, this results in access device licensing process consuming time longer, even occur the problem of authorization failure.
Summary of the invention
Embodiments provide a kind of device authorization method and server, in order to solve the problem of current grant server and authorization failure longer to the new access device mandate time.
Concrete technical scheme is as follows:
Embodiment of the present invention first aspect provides a kind of method of device authorization, comprising:
Receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system;
Receive original authorization message that authorization server returns according to described authorization identifying request, in described original authorization message, carry the device attribute information of original access device;
According to device attribute information and described original authorization message of described new access device, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the attribute information of described new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
In conjunction with first aspect, in the implementation that the first is possible, before by the authorization server in described authorization identifying request forward to described current system, comprising:
When accessing new access device in described current system, being described new access device allocation identification information, and obtaining the device attribute information of new access device corresponding to described identification information;
According to the device attribute information of the original authorization message in described current system and described new access device, generate the preset authorization information of carrying the device attribute information of described new access device;
Preserve the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information;
Described determining can make described new access device perform the preset authorization information of authorizing, and is specially:
According to the described identification information preserved and/or corresponding relation between device attribute information and described preset authorization information, determine the identification information of described new access device and/or preset authorization information corresponding to device attribute information.
In conjunction with first aspect, in the implementation that the second is possible, the described device attribute information according to described new access device and described original authorization message, determine and described new access device can be made to perform the preset authorization information of authorizing, comprising:
Obtain the device attribute information of described new access device;
According to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing.
Any implementation in the implementation possible in conjunction with the first or the possible implementation of the second, in the implementation that the third is possible, the described new access device that can make that described device attribute information is carried in described generation performs the preset authorization information of authorizing, and comprising:
The field of device attribute information is determined in described original authorization message;
The device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
Embodiment of the present invention second aspect provides a kind of equipment of device authorization, comprising:
First sending module, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system;
Receiver module, for receiving original authorization message that authorization server returns according to described authorization identifying request, carries the device attribute information of original access device in described original authorization message;
Determination module, for according to the device attribute information of described new access device and described original authorization message, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the attribute information of described new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second sending module, for described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
In conjunction with second aspect, in the implementation that the first is possible, described equipment also comprises:
Information generating module, for the device attribute information according to the original authorization message in described current system and described new access device, generates the preset authorization information of carrying the device attribute information of described new access device;
Memory module, for preserving the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information;
Described determination module, specifically for according to the described identification information preserved and/or corresponding relation between device attribute information and described preset authorization information, determines the identification information of described new access device and/or preset authorization information corresponding to device attribute information.
In conjunction with first aspect, in the implementation that the second is possible, described determination module, specifically for obtaining the device attribute information of described new access device, according to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing.
Any implementation in the implementation possible in conjunction with the first or the possible implementation of the second, in the implementation that the third is possible, described determination module, specifically for determining the field of device attribute information in described original authorization message, the device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
The embodiment of the present invention third aspect provides a kind of Relay Server, comprising:
First communication interface, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system, receive original authorization message that authorization server returns according to described authorization identifying request, in described original authorization message, carry the device attribute information of original access device;
Processor, be connected with described communication interface, for according to the device attribute information of described new access device and described original authorization message, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the attribute information of described new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second communication interface, also for described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
In conjunction with the third aspect, in the implementation that the first is possible, described processor, specifically for when accessing new access device in described current system, for described new access device allocation identification information, and obtain the device attribute information of new access device corresponding to described identification information, according to the device attribute information of the original authorization message in described current system and described new access device, generate the preset authorization information of carrying the device attribute information of described new access device, preserve the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information, according to the described identification information preserved and/or the corresponding relation between device attribute information and described preset authorization information, determine the identification information of described new access device and/or preset authorization information corresponding to device attribute information, or
Described processor, specifically for obtaining the device attribute information of described new access device, according to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing; Or
Described processor, specifically for determining the field of device attribute information in described original authorization message, the device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
In the embodiment of the present invention, Relay Server is receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by authorization identifying request forward to the authorization server in current system, receive original authorization message that authorization server returns according to authorization identifying request, according to device attribute information and original authorization message of new access device, determine and new access device can be made to perform the preset authorization information of authorizing, preset authorization information carries the device attribute information of described new access device, preset authorization information is sent to new access device, indicate new access device according to the mandate of preset authorization information and executing, time like this in new access device access current system, authorization server is not needed again to configure new authorization message for new access device, but Relay Server obtains the preset authorization information of new access device by the identification information of new access device and/or device attribute information, which enhance the mandate success rate of new access device, also the mandate speed of new access device is improved.Simultaneously because Relay Server carries out the configuration of authorization message, therefore decrease the configuration pressure of authorization server.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of a kind of device authorization in the embodiment of the present invention;
Fig. 2 is the structural representation of a kind of device authorization server in the embodiment of the present invention;
Fig. 3 is the structural representation of another kind of device authorization server in the embodiment of the present invention;
Fig. 4 is the structural representation of a kind of Relay Server in the embodiment of the present invention.
Embodiment
First, in current communication system or network system, need needing the authorization identifying solicited message of the access device of Certificate Authority to be forwarded by Relay Server, that is first the authorization identifying solicited message of access device can be sent to Relay Server, then the authorization identifying solicited message received can be forwarded to authorization server by Relay Server, then authorization server generates authorization message corresponding to this authorization identifying solicited message according to the authorization identifying solicited message received, authorization message is sent to Relay Server by authorization server, the authorization message obtained is forwarded to access device by Relay Server, thus access device just can perform Authorized operation according to this authorization message.
When new access device is linked in current system, Relay Server gets the device attribute information of new access device, wherein, a kind of information in the manufacturer's information of new access device, device class information is included in the device attribute information of new access device, the information such as hardware configuration information, communication protocol information of new access device can also be comprised in certain device attribute information, equipment chain number when the device class information of the explanation needed here is dispatched from the factory by equipment determines, that is: different equipment chains number represents different classes of equipment.
If when current new access device and original access device have distinct device attribute information, if or former authorization message transmission is forwarded to new access device, new access device is by this authorization message of None-identified, so new access device just cannot perform mandate, therefore current when there is new access device in a communications system, need to wait for that authorization server is new access device configuration authorization message based on the device attribute information of new access device again, but wait for that authorization server reconfigures authorization message and new access device licensing process can be caused consuming time longer, even there is the problem of authorization failure.
A kind of device authorization method is provided in embodiments of the present invention for above-mentioned problem, the device attribute information obtaining new access device by the Relay Server in communication system is determined to make new advances the authorization message of access device, make Relay Server can to determine timely to make new advances the preset authorization information of access device like this, and no longer wait for that authorization server reconfigures authorization message, thus improve the mandate speed of new access device, also improve the mandate success rate of new access device.Simultaneously because Relay Server carries out the configuration of authorization message, therefore decrease the configuration pressure of authorization server.
Be described in detail below by accompanying drawing and specific embodiment.
Embodiment one:
Be illustrated in figure 1 the method flow diagram of a kind of device authorization in the embodiment of the present invention, the method is performed by Relay Server, comprises the steps:
S101, is receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute information with the original access device in current system, by authorization identifying request forward to the authorization server in current system.
S102, obtains original authorization message that authorization server returns according to authorization identifying request.
S103, according to device attribute information and original authorization message of new access device, determines and new access device can be made to perform the preset authorization information of authorizing.
S104, is sent to new access device by preset authorization information, indicates new access device according to the mandate of preset authorization information and executing.
Specifically, before S101, when there is new access device in current systems, the access device of or the identical device supplier distinct device classification different from the equipment supplier of access device original in current system of new access device herein, now Relay Server can configure an identification information respectively for each new access device, and preserve the identification information of all new access devices, this identification information can but not limit be IP address, certain Relay Server is except for can also be each new access device configured port and the secret key of communication etc. except each new access device configuration of IP address.
Due to the access device that the original access device in new access device and current system is different classes of access device or distinct device supplier, and to perform what carry in original authorization message of authorizing for original access device be the device attribute information of original access device, the manufacturer's information of original access device and/or the device class information etc. of original access device is at least contained in device attribute information herein, if when the original authorization message in direct current system is sent to new access device, the then new original authorization message of access device None-identified, and then cannot mandate be completed.
Therefore, when each new access device is linked in current system, Relay Server will obtain the device attribute information of each new access device, a kind of information in the manufacturer's information of new access device or device class information is at least contained in the attribute information of new access device, Relay Server, based on the original authorization message of authorization server and the device attribute information of new access device that gets, generates and new access device can be made to perform the preset authorization information of authorizing.
Mode for generation preset authorization information can be, but not limited to: in original authorization message, determine the field residing for device attribute information, then the device attribute information of new access device is replaced the device attribute information of original access device in field, generation can make new access device perform the preset authorization information of authorizing, such as: original authorization message is XXX-Primary-DNS=10.10.10.10, this authorization message for the access device of to be attribute information be XXX, when attribute information is the equipment access of YYY, if by original for attribute information be original authorization message of the access device of XXX to be sent to attribute information be the access device of YYY time, then attribute information is that the access device of YYY cannot perform mandate, Relay Server is by the attribute information YYY based on original authorization message XXX-Primary-DNS=10.10.10.10 and new access device, generate the preset authorization information YYY-Primary-DNS=10.10.10.10 that corresponding attribute information is the access device of YYY, so just obtain the preset authorization information that attribute information is the access device of YYY, certain attribute information YYY herein at least contains a kind of information in the manufacturer's information of access device and the device class information of access device.
Preset authorization information can be issued to each new access device in embodiments of the present invention by two kinds of modes:
Mode one:
The corresponding preset authorization information of each new access device, each new access device is identified by identification information, each new access device has self device attribute information, and therefore Relay Server will preserve the identification information of new access device and/or the corresponding relation between device attribute information and preset authorization information.It should be noted that, carry the device attribute information of new access device in preset authorization information, therefore new access device can identify newly-generated preset authorization information.
When new access device sends authorization identifying request, first Relay Server can record the identification information of the new access device sending this authorization identifying request, that is: send the IP address of the new access device of this authorization identifying request.Then authorization identifying request is sent to authorization server by Relay Server, owing to not carrying the device attribute information of new access device in this authorization identifying request, therefore authorization server determines that this access device is still the access device with original access device same alike result information, therefore authorization server can not regenerate authorization message, but issues original authorization message directly to Relay Server.
Wherein, authorization message can be back to Relay Server accurately in order to authorization server can be made, therefore when Relay Server sends authorization identifying request to authorization server, Relay Server can add an identification field in authorization identifying request, this identification field is for identifying Relay Server, thus authorization message accurately can be back to the Relay Server of corresponding described identification field by authorization server according to the identification field in authorization identifying request.
Relay Server is after receiving the authorization message that authorization server returns, Relay Server determines that this authorization message needs to be forwarded to the identification information of the new access device sending authorization identifying request, and obtain the device attribute information of new access device, then the preset authorization information that the device attribute information of the identification information of new access device and/or new access device is corresponding is determined, finally the preset authorization information determined is sent to new access device corresponding to identification information, makes new access device based on the mandate of preset authorization information and executing.
Illustrate below by concrete application scenarios.
Such as the discriminating mandate accounting server (English: AuthenticationAuthorization Accounting in current communication networks, being called for short AAA) authorization message that generates is for the access device of aaa equipment supplier provides mandate, therefore original authorization message of generating of aaa server should be just aaa-Primary-DNS=10.10.10.10 corresponding to aaa equipment supplier, if this authorization message to be sent to the access device of aaa equipment supplier, then the access device of this aaa equipment supplier just can perform mandate.
But when the access device that there is bbb equipment supplier is linked in communication system, the equipment of this bbb equipment supplier is exactly new access device for current communication networks, if now still original authorization message is sent to new access device, then new access device cannot perform mandate.
Therefore in embodiments of the present invention when there is new access device in system, remote customer dialing authentication system is (English: Remote Authentication Dial In User Service, being called for short RADIUS) first Relay Server can configure an IP address in current system for the access device of this bbb equipment supplier, that is: 20.20.20.20, after being configured to IP address, RADIUS Relay Server is according to the IP address of access device, obtain the device attribute information of the corresponding access device in this IP address, based on device attribute information bbb and original authorization message (aaa-Primary-DNS=10.10.10.10) of access device corresponding to bbb equipment supplier, generate the preset authorization information (bbb-Primary-DNS=10.10.10.10) for the corresponding access device of bbb equipment supplier, certainly, this preset authorization information also can be in Relay Server by manual configuration, specifically bbb-Primary-DNS=10.10.10.10 is adjusted to by aaa-Primary-DNS=10.10.10.10 exactly, finally preserve the IP address of access device of bbb supplier and the corresponding relation between device attribute information and preset authorization information, specifically as shown in table 1:
Table 1
Same reason, if when having the access device of ccc equipment supplier to be linked in current communication networks, RADIUS Relay Server in system also can configure an IP address 30.30.30.30 for this new access device, and based on device identification ccc and original authorization message (aaa-Primary-DNS=10.10.10.10) of access device corresponding to ccc equipment supplier, generate the preset authorization information (ccc-Primary-DNS=10.10.10.10) for ccc equipment supplier, certainly, this preset authorization information also can be in Relay Server by manual configuration, , finally preserve the IP address of access device of ccc supplier and the corresponding relation between device attribute information and preset authorization information, as shown in table 2:
Table 2
When the access device of the bbb equipment supplier in communication system sends authorization identifying request to RADIUS Relay Server, first RADIUS Relay Server records the IP address of this access device, so that RADIUS Relay Server is to this access device return authorization information.
The authorization identifying request received is sent to aaa authorization server by RADIUS Relay Server, if aaa authorization server generates should the authorization message aaa-Primary-DNS=10.10.10.10 of authorization identifying request, and the authorization message of generation is sent to RADIUS Relay Server.
When RADIUS Relay Server receives authorization message, first RADIUS Relay Server determines IP address and the device attribute information of the new access device receiving this authorization message, then based on IP address and the corresponding relation between device attribute information and preset authorization information, transfer out the preset authorization information that this IP address is corresponding, that is: finding out IP address is the preset authorization information that 20.20.20.20 and device attribute information bbb are corresponding, if IP address is the preset authorization information that 20.20.20.20 and device attribute information bbb are corresponding is bbb-Primary-DNS=10.10.10.10, now the preset authorization information determined can be sent to IP address by RADIUS Relay Server is the new access device that 20.20.20.20 is corresponding, finally this new access device just can according to the preset authorization information and executing Authorized operation of bbb-Primary-DNS=10.10.10.10.
When in like manner the new access device of ccc supplier being linked in current system, Relay Server will forward preset authorization information ccc-Primary-DNS=10.10.10.10 to the new access device of ccc supplier, thus the new access device of ccc supplier just can according to this preset authorization information and executing Authorized operation.
Further, what can also arrange preset authorization information in Relay Server issues the time, that is at Relay Server after the preset authorization information of access device of determining to make new advances, the time that issues according to preset authorization information is issued preset authorization information by this Relay Server, certainly this is a kind of additional conditions, can also according to reality should be used for add other additional conditions.
It should be noted that, what preserve in the above-described embodiments is IP address and the corresponding relation between device attribute information and preset authorization information, it also can be the corresponding relation only preserved between IP address and preset authorization information in the application scenarios of reality, or the corresponding relation preserved between device attribute information and preset authorization information, do not limit the content of preserving in corresponding relation in embodiments of the present invention.
Mode two:
The preset authorization information of each new access device that Relay Server had generated before sending authorization identifying request to authorization server in the embodiment of mode one, and save the identification information of new access device and/or the corresponding relation between device attribute information and preset authorization information, but in mode two, Relay Server can also be generate preset authorization information after the original authorization message receiving authorization server transmission, then the preset authorization information of generation is directly sent to new access device.
Specifically, Relay Server is after receiving original authorization message that the authorization identifying request of authorization server according to new access device return, Relay Server is by the device attribute information according to the original authorization message received and new access device, the new access device that can make generating Portable device attribute information performs the preset authorization information of authorizing, that is: the device attribute information of new access device is replaced the device attribute information of the original access device carried in original authorization message, thus just generate the preset authorization information of new access device, the preset authorization information of generation is sent to new access device by the identification information of the new access device of last basis.
Such as, when the new access device of bbb supplier is linked in system, Relay Server can be new access device configuration of IP address, and the device attribute information bbb of new access device of bbb supplier can be obtained, then Relay Server can by the authorization identifying request forward of new access device to authorization server, after authorization server returns the authorization message of aaa-Primary-DNS=10.10.10.10, Relay Server can based on the device attribute information of the new access device of bbb supplier and authorization message, generate the preset authorization information bbb-Primary-DNS=10.10.10.10 of corresponding bbb supplier, that is: the device attribute information of original access device is replaced with the device attribute information of new access device, last basis is the IP address that the new access device of bbb supplier distributes, the preset authorization information of generation is forwarded to the new access device of bbb supplier.Thus the new access device of bbb supplier just can according to the mandate of preset authorization information and executing.
The server that continues in the above-described embodiments can be new access device allocation identification information, and obtain the device attribute information of new access device, the preset authorization information of corresponding new access device is generated according to the device attribute information of new access device, finally preset authorization information is sent to new access device corresponding to identification information, doing so avoids the process that authorization server reconfigures authorization message, decrease the configuration pressure of authorization server, the coupling of simultaneously carrying out preset authorization information by Relay Server not only improves the mandate speed of new access device, also improve the mandate success rate of new access device simultaneously.
Embodiment two:
Based on identical invention thinking, the embodiment of the present invention additionally provides a kind of server of device authorization, is illustrated in figure 2 the structural representation of the server of a kind of device authorization in the embodiment of the present invention, and this server comprises:
First sending module 201, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by authorization identifying request forward to the authorization server in current system;
Receiver module 202, for receiving original authorization message that authorization server returns according to authorization identifying request, carries the device attribute information of original access device in original authorization message;
Determination module 203, for according to the device attribute information of new access device and original authorization message, determine and new access device can be made to perform the preset authorization information of authorizing, preset authorization information carries the device attribute information of new access device, and the attribute information of new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second sending module 204, for preset authorization information is sent to new access device, indicates new access device according to the mandate of preset authorization information and executing.
First sending module 201 and the second sending module 204 can be same modules in embodiments of the present invention, and that is these two modules can have been come by a functional module.
Further, determination module 203 is specifically for obtaining the device attribute information of new access device in embodiments of the present invention, according to the device attribute information of original authorization message and new access device, the new access device that can make generating Portable device attribute information performs the preset authorization information of authorizing.
Further, as shown in Figure 3, the server of a kind of device authorization in embodiments of the present invention can also comprise:
Information generating module 301, is connected with receiver module 202, for the device attribute information according to the original authorization message in current system and new access device, generates the preset authorization information of carrying the device attribute information of new access device;
Memory module 302, is connected with information generating module 301, for preserving the identification information of new access device and/or the corresponding relation between device attribute information and preset authorization information;
Memory module 302 is connected with determination module 203, determination module 203, specifically for according to the identification information preserved and/or corresponding relation between device attribute information and preset authorization information, determine the identification information of new access device and/or preset authorization information corresponding to device attribute information.
Further, determination module 203 specifically for determining the field of device attribute information in original authorization message in embodiments of the present invention, the device attribute information of access device original in field is replaced with the device attribute information of new access device, generate and new access device can be made to perform the preset authorization information of authorizing.
Embodiment three:
Based on same invention thinking, in the embodiment of the present invention, additionally provide a kind of Relay Server, be illustrated in figure 4 the structural representation of a kind of Relay Server in the embodiment of the present invention, comprise:
First communication interface 401, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by authorization identifying request forward to the authorization server in current system, receive original authorization message that authorization server returns according to authorization identifying request, in original authorization message, carry the device attribute information of original access device;
Processor 402, be connected with communication interface, for according to the device attribute information of new access device and original authorization message, determine and new access device can be made to perform the preset authorization information of authorizing, preset authorization information carries the device attribute information of new access device, and the attribute information of new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second communication interface 403, also for preset authorization information is sent to new access device, indicates new access device according to the mandate of preset authorization information and executing.
Wherein, the first communication interface 401 and the second communication interface 403 can be same communication interfaces.
Further, processor 402 in embodiments of the present invention, specifically for when accessing new access device in current system, for new access device allocation identification information, and obtain the device attribute information of new access device corresponding to identification information, according to the device attribute information of the original authorization message in current system and new access device, generate the preset authorization information of carrying the device attribute information of new access device, preserve the identification information of new access device and/or the corresponding relation between device attribute information and preset authorization information, according to the identification information preserved and/or the corresponding relation between device attribute information and preset authorization information, determine the identification information of new access device and/or preset authorization information corresponding to device attribute information.
Further, processor 402 in embodiments of the present invention, specifically for obtaining the device attribute information of new access device, according to the device attribute information of original authorization message and new access device, the new access device that can make generating Portable device attribute information performs the preset authorization information of authorizing.
Further, processor 402 in embodiments of the present invention, specifically for determining the field of device attribute information in original authorization message, the device attribute information of access device original in field is replaced with the device attribute information of new access device, generate and new access device can be made to perform the preset authorization information of authorizing.
The server that continues in the above-described embodiments can be new access device allocation identification information, and obtain the device attribute information of new access device, then the preset authorization information of corresponding new access device is obtained according to the identification information of new access device and device attribute information, preset authorization information is sent to new access device corresponding to identification information, doing so avoids the process that authorization server reconfigures authorization message, decrease the configuration pressure of authorization server, the coupling of simultaneously carrying out preset authorization information by Relay Server not only improves the mandate speed of new access device, also improve the mandate success rate of new access device simultaneously.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. a method for device authorization, is characterized in that, comprising:
Receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system;
Receive original authorization message that authorization server returns according to described authorization identifying request, in described original authorization message, carry the device attribute information of original access device;
According to device attribute information and described original authorization message of described new access device, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the device attribute information of described new access device includes a kind of information in the manufacturer's information of new access device or device class information;
Described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
2. the method for claim 1, is characterized in that, before by the authorization server in described authorization identifying request forward to described current system, comprising:
When accessing new access device in described current system, being described new access device allocation identification information, and obtaining the device attribute information of new access device corresponding to described identification information;
According to the device attribute information of the original authorization message in described current system and described new access device, generate the preset authorization information of carrying the device attribute information of described new access device;
Preserve the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information;
Described determining can make described new access device perform the preset authorization information of authorizing, and is specially:
According to the described identification information preserved and/or corresponding relation between device attribute information and described preset authorization information, determine the identification information of described new access device and/or preset authorization information corresponding to device attribute information.
3. the method for claim 1, is characterized in that, the described device attribute information according to described new access device and described original authorization message, determines and described new access device can be made to perform the preset authorization information of authorizing, comprising:
Obtain the device attribute information of described new access device;
According to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing.
4. the method as described in claim arbitrary in claim 2 ~ 3, is characterized in that, the described new access device that can make that described device attribute information is carried in described generation performs the preset authorization information of authorizing, and comprising:
The field of device attribute information is determined in described original authorization message;
The device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
5. a server for device authorization, is characterized in that, comprising:
First sending module, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system;
Receiver module, for receiving original authorization message that authorization server returns according to described authorization identifying request, carries the device attribute information of original access device in described original authorization message;
Determination module, for according to the device attribute information of described new access device and described original authorization message, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the attribute information of described new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second sending module, for described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
6. server as claimed in claim 5, it is characterized in that, described equipment also comprises:
Information generating module, for the device attribute information according to the original authorization message in described current system and described new access device, generates the preset authorization information of carrying the device attribute information of described new access device;
Memory module, for preserving the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information;
Described determination module, specifically for according to the described identification information preserved and/or corresponding relation between device attribute information and described preset authorization information, determines the identification information of described new access device and/or preset authorization information corresponding to device attribute information.
7. server as claimed in claim 5, it is characterized in that, described determination module, specifically for obtaining the device attribute information of described new access device, according to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing.
8. the server as described in claim arbitrary in claim 6 ~ 7, it is characterized in that, described determination module, specifically for determining the field of device attribute information in described original authorization message, the device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
9. a Relay Server, is characterized in that, comprising:
First communication interface, for receiving access current system, and when there is the authorization identifying request of the new access device of distinct device attribute with the original access device in current system, by the authorization server in described authorization identifying request forward to described current system, receive original authorization message that authorization server returns according to described authorization identifying request, in described original authorization message, carry the device attribute information of original access device;
Processor, be connected with described communication interface, for according to the device attribute information of described new access device and described original authorization message, determine and described new access device can be made to perform the preset authorization information of authorizing, described preset authorization information carries the device attribute information of described new access device, and the attribute information of described new access device at least includes a kind of information in the manufacturer's information of new access device or device class information;
Second communication interface, also for described preset authorization information is sent to described new access device, indicates described new access device according to the mandate of described preset authorization information and executing.
10. server as claimed in claim 9, it is characterized in that, described processor, specifically for when accessing new access device in described current system, for described new access device allocation identification information, and obtain the device attribute information of new access device corresponding to described identification information, according to the device attribute information of the original authorization message in described current system and described new access device, generate the preset authorization information of carrying the device attribute information of described new access device, preserve the identification information of described new access device and/or the corresponding relation between device attribute information and described preset authorization information, according to the described identification information preserved and/or the corresponding relation between device attribute information and described preset authorization information, determine the identification information of described new access device and/or preset authorization information corresponding to device attribute information, or
Described processor, specifically for obtaining the device attribute information of described new access device, according to the device attribute information of described original authorization message and described new access device, generate the described new access device that can make carrying described device attribute information and perform the preset authorization information of authorizing; Or
Described processor, specifically for determining the field of device attribute information in described original authorization message, the device attribute information of access device original in described field is replaced with the device attribute information of described new access device, generate and described new access device can be made to perform the preset authorization information of authorizing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310589806.4A CN104660403B (en) | 2013-11-20 | 2013-11-20 | A kind of device authorization method and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310589806.4A CN104660403B (en) | 2013-11-20 | 2013-11-20 | A kind of device authorization method and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104660403A true CN104660403A (en) | 2015-05-27 |
CN104660403B CN104660403B (en) | 2018-02-23 |
Family
ID=53251140
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310589806.4A Active CN104660403B (en) | 2013-11-20 | 2013-11-20 | A kind of device authorization method and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104660403B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112486500A (en) * | 2020-11-03 | 2021-03-12 | 杭州云嘉云计算有限公司 | System authorization deployment method |
CN113194119A (en) * | 2021-03-29 | 2021-07-30 | 新华三大数据技术有限公司 | Configuration file acquisition method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1631036A2 (en) * | 2004-08-27 | 2006-03-01 | NTT DoCoMo, Inc. | Device authentication in a service control system |
CN101534501A (en) * | 2008-03-13 | 2009-09-16 | 华为技术有限公司 | Method, system and equipment for registering local mobile anchor point |
CN101958900A (en) * | 2010-09-27 | 2011-01-26 | 中兴通讯股份有限公司 | Service processing method and device for server |
CN102611683A (en) * | 2011-12-14 | 2012-07-25 | 上海聚力传媒技术有限公司 | Method, device, equipment and system for executing third-party authentication |
-
2013
- 2013-11-20 CN CN201310589806.4A patent/CN104660403B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1631036A2 (en) * | 2004-08-27 | 2006-03-01 | NTT DoCoMo, Inc. | Device authentication in a service control system |
CN101534501A (en) * | 2008-03-13 | 2009-09-16 | 华为技术有限公司 | Method, system and equipment for registering local mobile anchor point |
CN101958900A (en) * | 2010-09-27 | 2011-01-26 | 中兴通讯股份有限公司 | Service processing method and device for server |
CN102611683A (en) * | 2011-12-14 | 2012-07-25 | 上海聚力传媒技术有限公司 | Method, device, equipment and system for executing third-party authentication |
Non-Patent Citations (1)
Title |
---|
李林江: ""WLAN无感知认证关键技术探讨"", 《电信科学》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112486500A (en) * | 2020-11-03 | 2021-03-12 | 杭州云嘉云计算有限公司 | System authorization deployment method |
CN113194119A (en) * | 2021-03-29 | 2021-07-30 | 新华三大数据技术有限公司 | Configuration file acquisition method and device |
CN113194119B (en) * | 2021-03-29 | 2022-05-27 | 新华三大数据技术有限公司 | Configuration file acquisition method and device |
Also Published As
Publication number | Publication date |
---|---|
CN104660403B (en) | 2018-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107995215B (en) | Control method and device of intelligent household equipment and cloud platform server | |
CN109845303B (en) | Management method and management unit for network slices | |
EP3742696A1 (en) | Identity management method, equipment, communication network, and storage medium | |
US20130007093A1 (en) | Client server communication system | |
CN104243301A (en) | Method, device and system for generating service path | |
CN110677383B (en) | Firewall wall opening method and device, storage medium and computer equipment | |
CN109120444B (en) | Cloud resource management method, processor and storage medium | |
CN109600769B (en) | Communication method and device | |
CN104216761A (en) | Method for using shared device in device capable of operating two operation systems | |
CN104639555A (en) | Request processing method, system and device | |
CN107248910A (en) | Method for security protection and equipment | |
US9760412B2 (en) | Client server communication system | |
WO2015027931A1 (en) | Method and system for realizing cross-domain remote command | |
CN103888435A (en) | Service admission control method, device and system | |
CN106100953B (en) | PCIe device shares the generation method of network, apparatus and system | |
CN104660403A (en) | Equipment authorization method and server | |
CN106411545A (en) | Service attribute counting method and device | |
KR20150088462A (en) | Method for linking network device in cloud environment and apparatus therefor | |
CN105281944B (en) | Method for setting network protocol address and service management system | |
CN109962962B (en) | Socket connection method and device | |
CN114389868A (en) | Method, system and device for distributing cloud resources and storage medium | |
CN107005468B (en) | Method and device for determining NSD (non-volatile memory) to be uploaded | |
CN110022310B (en) | Authorization method and device based on cloud computing open network operating system | |
CN103078970A (en) | Automatic configuration device and method for wireless fidelity (WiFi) address | |
US11140001B2 (en) | Method for providing data packets from a CAN bus, control device and system having a CAN bus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |