CN104660403B - A kind of device authorization method and server - Google Patents

A kind of device authorization method and server Download PDF

Info

Publication number
CN104660403B
CN104660403B CN201310589806.4A CN201310589806A CN104660403B CN 104660403 B CN104660403 B CN 104660403B CN 201310589806 A CN201310589806 A CN 201310589806A CN 104660403 B CN104660403 B CN 104660403B
Authority
CN
China
Prior art keywords
information
access device
authorization
new access
attribute information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310589806.4A
Other languages
Chinese (zh)
Other versions
CN104660403A (en
Inventor
荀浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310589806.4A priority Critical patent/CN104660403B/en
Publication of CN104660403A publication Critical patent/CN104660403A/en
Application granted granted Critical
Publication of CN104660403B publication Critical patent/CN104660403B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The embodiment of the present invention, which has supplied a kind of device authorization method and server, method, to be included:When receiving access current system, and being asked with authorization identifying that original access device in current system has the new access device of distinct device attribute information, the authorization server that authorization identifying request is forwarded in the current system;Receive original authorization message that authorization server asks to return according to authorization identifying, according to the device attribute information of new access device and original authorization message, determine that the new access device can be made to perform the preset authorization information authorized, the preset authorization information is sent to the new access device, indicate that the new access device performs mandate according to the preset authorization information, which reduces the configuration pressure of authorization server, the mandate speed of access device is improved.

Description

A kind of device authorization method and server
Technical field
The present invention relates to communication technical field, more particularly to a kind of device authorization method and server.
Background technology
Currently, Relay Server in a communications system be present, Relay Server be located at access device and authorization server it Between, for the certification of access device, charging message be transmitted into authorization server, and by the authentication result of authorization server, award Power, charging response message are transmitted to access device.
But if change other equipment supplier either other classifications new access device when, it is necessary to wait mandate take Authorization message is reconfigured in business device, it is time-consuming longer this results in access device licensing process, or even there is authorization failure Problem.
The content of the invention
The embodiments of the invention provide a kind of device authorization method and server, to solve current grant server to new The access device mandate time is longer and the problem of authorization failure.
Specific technical scheme is as follows:
First aspect of the embodiment of the present invention provides a kind of method of device authorization, including:
Access current system is being received, and there is distinct device attribute with original access device in current system During the authorization identifying request of new access device, the authorization service that authorization identifying request is forwarded in the current system Device;
Receive original authorization message that authorization server asks to return according to the authorization identifying, original authorization message The middle device attribute information for carrying original access device;
According to the device attribute information of the new access device and original authorization message, determine to make described New access device performs the preset authorization information authorized, and the preset authorization information carries the equipment category of the new access device Property information, the attribute information of the new access device have comprised at least the manufacturer's information or device class information of new access device In a kind of information;
The preset authorization information is sent to the new access device, indicates the new access device according to described default Authorization message performs mandate.
It is described authorization identifying request is forwarded to reference in a first aspect, in the first possible implementation Before authorization server in current system, including:
It is the new access device allocation identification information, and obtain when accessing new access device in the current system The device attribute information of new access device corresponding to the identification information;
The device attribute information of original authorization message and the new access device in the current system, generation Carry the preset authorization information of the device attribute information of the new access device;
Between the identification information and/or device attribute information and the preset authorization information that preserve the new access device Corresponding relation;
It is described to determine that the new access device be made to perform the preset authorization information authorized, be specially:
According to the corresponding pass between the identification information of preservation and/or device attribute information and the preset authorization information System, determine the new access device identification information and/or device attribute information corresponding to preset authorization information.
With reference in a first aspect, in second of possible implementation, the equipment category according to the new access device Property information and original authorization message, determine that the new access device can be made to perform the preset authorization information authorized, Including:
Obtain the device attribute information of the new access device;
According to original authorization message and the device attribute information of the new access device, generation carries the equipment Attribute information can make the new access device perform the preset authorization information authorized.
With reference to any implementation in the first possible implementation or second of possible implementation, In the third possible implementation, the generation carrying device attribute information can hold the new access device The preset authorization information that row authorizes, including:
The field of device attribute information is determined in original authorization message;
The device attribute information of original access device in the field is replaced with to the device attribute of the new access device Information, generation can make the new access device perform the preset authorization information authorized.
Second aspect of the embodiment of the present invention provides a kind of equipment of device authorization, including:
First sending module, for receiving access current system, and with original access device in current system During the authorization identifying request of the new access device with distinct device attribute, authorization identifying request is forwarded to described current Authorization server in system;
Receiving module, the original authorization message for asking to return according to the authorization identifying for receiving authorization server, institute State the device attribute information that original access device is carried in original authorization message;
Determining module, for the device attribute information according to the new access device and original authorization message, really Making can make the new access device perform the preset authorization information authorized, and the preset authorization information, which carries, described newly to be connect Enter the device attribute information of equipment, the attribute information of the new access device comprised at least new access device manufacturer's information or A kind of information in person's device class information;
Second sending module, for the preset authorization information to be sent to the new access device, instruction is described newly to be connect Enter equipment and mandate is performed according to the preset authorization information.
With reference to second aspect, in the first possible implementation, the equipment also includes:
Information generating module, for original authorization message in the current system and the new access device Device attribute information, generation carry the preset authorization information of the device attribute information of the new access device;
Memory module, identification information and/or device attribute information for preserving the new access device are preset with described Corresponding relation between authorization message;
The determining module, specifically for the identification information according to preservation and/or device attribute information with it is described pre- If the corresponding relation between authorization message, determine corresponding to identification information and/or the device attribute information of the new access device Preset authorization information.
With reference in a first aspect, in second of possible implementation, the determining module is described new specifically for obtaining The device attribute information of access device, according to original authorization message and the device attribute information of the new access device, Generation carries the preset authorization information that the new access device can be made to perform mandate of the device attribute information.
With reference to any implementation in the first possible implementation or second of possible implementation, In the third possible implementation, the determining module, specifically for determining equipment category in original authorization message The field of property information, the equipment that the device attribute information of original access device in the field is replaced with to the new access device Attribute information, generation can make the new access device perform the preset authorization information authorized.
The third aspect of the embodiment of the present invention provides a kind of Relay Server, including:
First communication interface, for receiving access current system, and with original access device in current system During the authorization identifying request of the new access device with distinct device attribute, authorization identifying request is forwarded to described current Authorization server in system, original authorization message that authorization server asks to return according to the authorization identifying is received, it is described The device attribute information of original access device is carried in original authorization message;
Processor, it is connected with the communication interface, for the device attribute information according to the new access device and institute Original authorization message is stated, determines that the new access device can be made to perform the preset authorization information authorized, the preset authorization Information carries the device attribute information of the new access device, and the attribute information of the new access device, which has comprised at least, newly to be connect Enter a kind of information in the manufacturer's information or device class information of equipment;
Second communication interface, it is additionally operable to send the preset authorization information to the new access device, indicates described new Access device performs mandate according to the preset authorization information.
With reference to the third aspect, in the first possible implementation, the processor, specifically for when the current system It is the new access device allocation identification information when new access device is accessed in system, and obtains corresponding new of the identification information The device attribute information of access device, original authorization message and the new access device in the current system are set Standby attribute information, generation carry the preset authorization information of the device attribute information of the new access device, preserve the new access Corresponding relation between the identification information and/or device attribute information of equipment and the preset authorization information, according to the institute of preservation The corresponding relation between identification information and/or device attribute information and the preset authorization information is stated, determines that the new access is set Preset authorization information corresponding to standby identification information and/or device attribute information;Or
The processor, the device attribute information specifically for obtaining the new access device, according to original mandate The device attribute information of information and the new access device, generation, which carries the device attribute information, can make described newly to connect Enter equipment and perform the preset authorization information authorized;Or
The processor, the field specifically for determining device attribute information in original authorization message, by described in The device attribute information of original access device replaces with the device attribute information of the new access device in field, and generation can make The new access device performs the preset authorization information authorized.
In the embodiment of the present invention, Relay Server is receiving access current system, and with it is original in current system When there is access device the authorization identifying of the new access device of distinct device attribute to ask, authorization identifying request is forwarded to current Authorization server in system, original authorization message that authorization server asks to return according to authorization identifying is received, according to newly connecing Enter the device attribute information of equipment and original authorization message, determine that new access device can be made to perform the preset authorization authorized Information, preset authorization information carry the device attribute information of the new access device, and preset authorization information is sent to newly connecing Enter equipment, indicate that new access device performs mandate according to preset authorization information, so accessed in new access device in current system When, it is not necessary to authorization server configures new authorization message for new access device again, but Relay Server is by newly accessing The identification information and/or device attribute information of equipment obtain the preset authorization information of new access device, so improve new access The mandate success rate of equipment, also improve the mandate speed of new access device.Simultaneously because Relay Server carries out authorization message Configuration, therefore decrease the configuration pressure of authorization server.
Brief description of the drawings
Fig. 1 is a kind of method flow diagram of device authorization in the embodiment of the present invention;
Fig. 2 is a kind of structural representation of device authorization server in the embodiment of the present invention;
Fig. 3 is the structural representation of another device authorization server in the embodiment of the present invention;
Fig. 4 is a kind of structural representation of Relay Server in the embodiment of the present invention.
Embodiment
For first, in the current communication system or network system, the access device for needing Certificate Authority is awarded Power certification request information needs to forward by Relay Server, that is to say, that the authorization identifying solicited message of access device is first It can send to Relay Server, then the authorization identifying solicited message received can be forwarded to authorization service by Relay Server Device, then authorization server authorized according to corresponding to the authorization identifying solicited message received generates the authorization identifying solicited message Authorization message is sent to Relay Server, Relay Server and is forwarded to obtained authorization message and connects by information, authorization server Enter equipment, so as to which access device can performs Authorized operation according to the authorization message.
When new access device is linked into current system, Relay Server gets the device attribute letter of new access device Breath, wherein, include in the device attribute information of new access device in the manufacturer's information of new access device, device class information A kind of information, hardware configuration information, communication protocol information of new access device etc. can also be included in certain device attribute information Information, the equipment chain number when the device class information of the explanation needed exist for is dispatched from the factory by equipment determine, i.e.,:Different equipment systems Row number represents different classes of equipment.
If current new access device has distinct device attribute information with original access device, if still original authorized Information is sent and is forwarded to new access device, and new access device be will be unable to identify the authorization message, and so new access device just can not Set when performing mandate, therefore currently new access device in a communications system be present, it is necessary to wait authorization server to be based on new access Standby device attribute information configures authorization message for new access device again, but is to wait for authorization server and reconfigures mandate letter Breath can cause new access device licensing process time-consuming longer, or even the problem of authorization failure occur.
For it is above-mentioned the problem of provide a kind of device authorization method in embodiments of the present invention, by communication system Relay Server obtains the device attribute information of new access device to determine the authorization message of new access device, so that in The preset authorization information of new access device can be timely determined after server, and is no longer waiting for authorization server and reconfigures Authorization message, so as to improve the mandate speed of new access device, also improve the mandate success rate of new access device.While by The configuration of authorization message is carried out in Relay Server, therefore decreases the configuration pressure of authorization server.
It is described in detail below by accompanying drawing and specific embodiment.
Embodiment one:
It is as shown in Figure 1 a kind of method flow diagram of device authorization in the embodiment of the present invention, this method is by Relay Server Perform, comprise the following steps:
S101, access current system is being received, and there is distinct device with original access device in current system During the authorization identifying request of the new access device of attribute information, authorization identifying request is forwarded to authorization service in current system Device.
S102, obtain original authorization message that authorization server asks to return according to authorization identifying.
S103, according to the device attribute information of new access device and original authorization message, determine to make newly to access Equipment performs the preset authorization information authorized.
S104, preset authorization information is sent to new access device, indicate that new access device is held according to preset authorization information Row authorizes.
Specifically, before S101, in current systems in the presence of new access device when, new access device herein with The equipment supplier of original access device is different in current system or the access of identical equipment supplier's distinct device classification Equipment, now Relay Server can be that an identification information is respectively configured in each new access device, and preserve all new accesses and set Standby identification information, the identification information can with but not limit be IP address, certain Relay Server for each new access except setting Can also be that each new access device configures port and communication key etc. outside standby configuration IP address.
Due to original access device in new access device and current system for different classes of access device or not With the access device of equipment supplier, and what is carried in the original authorization message authorized for the execution of original access device is former There is the device attribute information of access device, the manufacturer's information of original access device has been comprised at least in device attribute information herein And/or device class information of original access device etc., if directly being sent with original authorization message in current system to newly connecing When entering equipment, then the new original authorization message of access device None- identified, and then can not complete to authorize.
Therefore, when each new access device is linked into current system, Relay Server will obtain each new access and set Standby device attribute information, the manufacturer's information of new access device is comprised at least in the attribute information of new access device or has been set A kind of information in standby classification information, Relay Server is based on the original authorization message of authorization server and the new access got The device attribute information of equipment, generation can make new access device perform the preset authorization information authorized.
Mode for generating preset authorization information can be, but not limited to:Device attribute is determined in original authorization message Field residing for information, then the device attribute information of new access device is replaced to the device attribute of original access device in field Information, generation can make new access device perform the preset authorization information authorized, such as:Original authorization message is XXX- Primary-DNS=10.10.10.10, this authorization message are directed to the access device that attribute information is XXX, work as attribute information When being accessed for YYY equipment, if original original authorization message for the access device that attribute information is XXX will be sent to category Property information when being YYY access device, then the access device that attribute information is YYY will be unable to perform mandate, Relay Server general Attribute information YYY based on original authorization message XXX-Primary-DNS=10.10.10.10 and new access device, generation pair The preset authorization information YYY-Primary-DNS=10.10.10.10 for the access device that attribute information is YYY is answered, is thus obtained Attribute information is the preset authorization information of YYY access device, and attribute information YYY herein has comprised at least access and set certainly A kind of information in standby manufacturer's information and the device class information of access device.
Preset authorization information can be issued to each new access device by two ways in embodiments of the present invention:
Mode one:
Each new access device corresponds to a preset authorization information, and each new access device is entered by identification information Line identifier, each new access device has the device attribute information of itself, therefore Relay Server will preserve new access device Identification information and/or device attribute information and preset authorization information between corresponding relation.It should be noted that preset authorization The device attribute information of new access device is carried in information, therefore new access device can identify newly-generated preset authorization letter Breath.
When new access device sends authorization identifying request, Relay Server can record first sends authorization identifying request New access device identification information, i.e.,:Send the IP address of the new access device of authorization identifying request.Then relay services Device sends authorization identifying request to authorization server, due to not carrying setting for new access device in authorization identifying request Standby attribute information, therefore authorization server determines that the access device remains as the access with original access device same alike result information Equipment, therefore authorization server will not regenerate authorization message, but directly issue original authorization message to Relay Server.
Wherein, in order to enable authorization server that authorization message is accurately back into Relay Server, therefore To during authorization server transmission authorization identifying request, Relay Server can be marked Relay Server in addition one in authorization identifying request Character learning section, the identification field are used to identify Relay Server, the mark in being asked so as to authorization server according to authorization identifying Authorization message is accurately back to the Relay Server of the corresponding identification field by field.
For Relay Server after the authorization message of authorization server return is received, Relay Server determines that the mandate is believed Breath needs to be forwarded to the identification information for the new access device for sending authorization identifying request, and obtains the device attribute of new access device Information, it is then determined that preset authorization corresponding to the new identification information of access device and/or the device attribute information of new access device Information, finally the preset authorization information of determination is sent to new access device corresponding to identification information so that new access device base Mandate is performed in preset authorization information.
Illustrate below by specific application scenarios.
Such as the discriminating mandate accounting server in current communication networks(English:Authentication Authorization Accounting, abbreviation AAA)The authorization message generated is for the access device of aaa equipment suppliers There is provided and authorize, therefore original authorization message that aaa server is generated should be just aaa- corresponding to aaa equipment suppliers Primary-DNS=10.10.10.10, if the authorization message is sent to the access device of aaa equipment suppliers, then the aaa The access device can of equipment supplier performs mandate.
But when the access device that bbb equipment suppliers be present is linked into communication system, the bbb equipment suppliers' Equipment is exactly new access device for current communication networks, is set if now still sending original authorization message to new access Standby, then new access device can not perform mandate.
Therefore in embodiments of the present invention when new access device in system be present, remote customer dialing authentication system(English Text:Remote Authentication Dial In User Service, abbreviation RADIUS)Relay Server can be first The access device of the bbb equipment suppliers configures an IP address in current system, i.e.,:20.20.20.20 it is being configured to After IP address, RADIUS Relay Servers obtain the IP address and correspond to setting for access device according to the IP address of access device Standby attribute information, device attribute information bbb and original authorization message based on access device corresponding to bbb equipment suppliers (aaa-Primary-DNS=10.10.10.10), generate the preset authorization information that access device is corresponded to for bbb equipment suppliers (bbb-Primary-DNS=10.10.10.10), certainly, the preset authorization information can also be by manual configuration to middle following the service Be engaged in device in, specifically be exactly by aaa-Primary-DNS=10.10.10.10 be adjusted to bbb-Primary-DNS= 10.10.10.10, the IP address and device attribute information and preset authorization information of the access device of bbb suppliers are finally preserved Between corresponding relation, it is specific as shown in table 1:
Table 1
Same reason, if the access device for having ccc equipment suppliers is linked into current communication networks, in system RADIUS Relay Servers also can be that the new access device configures an IP address 30.30.30.30, and be based on ccc equipment The device identification ccc of access device corresponding to supplier and original authorization message(aaa-Primary-DNS= 10.10.10.10), preset authorization information of the generation for ccc equipment suppliers(ccc-Primary-DNS= 10.10.10.10), certainly, the preset authorization information can also be by manual configuration into Relay Server, finally preserve Corresponding relation between the IP address and device attribute information and preset authorization information of the access device of ccc suppliers, such as table 2 It is shown:
Table 2
Asked when the access device of the bbb equipment suppliers in communication system sends authorization identifying to RADIUS Relay Servers When asking, RADIUS Relay Servers record the IP address of the access device first, so that RADIUS Relay Servers are to the access Equipment returns to authorization message.
RADIUS Relay Servers send the authorization identifying received request to aaa authorization server, aaa authorization service If device generation to should authorization identifying request authorization message aaa-Primary-DNS=10.10.10.10, and awarding generation Power information is sent to RADIUS Relay Servers.
When RADIUS Relay Servers receive authorization message, RADIUS Relay Servers determine to receive mandate letter first The IP address and device attribute information of the new access device of breath, it is then based on IP address and device attribute information and is awarded with default The corresponding relation between information is weighed, transfers out preset authorization information corresponding to the IP address, i.e.,:Finding out IP address is 20.20.20.20 and preset authorization information corresponding to device attribute information bbb, if IP address is 20.20.20.20 and set Preset authorization information corresponding to standby attribute information bbb is bbb-Primary-DNS=10.10.10.10, now following the service in RADIUS It is new access device corresponding to 20.20.20.20 that business device, which can send the preset authorization information determined to IP address, finally should New access device just can perform Authorized operation according to bbb-Primary-DNS=10.10.10.10 preset authorization information.
When similarly the new access device for ccc suppliers is linked into current system, Relay Server will supply to ccc The new access device of business is answered to forward preset authorization information ccc-Primary-DNS=10.10.10.10, so that ccc suppliers' is new Access device can performs Authorized operation according to the preset authorization information.
Further, preset authorization information can also be set in Relay Server issues the time, that is to say, that is relaying Server is after the preset authorization information of new access device is determined, the Relay Server is by according under preset authorization information The hair time issues preset authorization information, and this is a kind of additional conditions certainly, can also add it according to the application of reality His additional conditions.
It should be noted that what is preserved in the above-described embodiments is that IP address and device attribute information are believed with preset authorization Corresponding relation between breath, can also only preserve pair between IP address and preset authorization information in the application scenarios of reality It should be related to, or preserve the corresponding relation between device attribute information and preset authorization information, in embodiments of the present invention not Limit the content preserved in corresponding relation.
Mode two:
Relay Server is raw before authorization identifying request is sent to authorization server in the embodiment of mode one Into each new access device preset authorization information, and save new access device identification information and/or device attribute letter Cease the corresponding relation between preset authorization information, but Relay Server can also be and receive authorization service in mode two Preset authorization information is generated after original authorization message that device is sent, is then transmitted directly to the preset authorization information of generation newly Access device.
Specifically, Relay Server is receiving authorization server according to the request return of the authorization identifying of new access device Original authorization message after, Relay Server is by the equipment category according to original authorization message for receiving and new access device Property information, the new access device of can making of generation Portable device attribute information performs the preset authorization information authorized, i.e.,:To newly it connect The device attribute information for entering equipment replaces the device attribute information of the original access device carried in original authorization message, so as to The preset authorization information of new access device is just generated, finally according to the identification information of new access device by the preset authorization of generation Information is sent to new access device.
Such as when the new access device of bbb suppliers is linked into system, Relay Server can be new access device IP address is configured, and can also obtain the device attribute information bbb of the new access device of bbb suppliers, then Relay Server The authorization identifying request of new access device can be forwarded to authorization server, when authorization server returns aaa-Primary- After DNS=10.10.10.10 authorization message, Relay Server can the device attribute based on the new access device of bbb suppliers Information and authorization message, preset authorization information bbb-Primary-DNS=10.10.10.10 of corresponding bbb suppliers is generated, I.e.:The device attribute information of original access device is replaced with to the device attribute information of new access device, it is last to be supplied according to for bbb The IP address for answering the new access device of business to distribute, the preset authorization information of generation is forwarded to the new access device of bbb suppliers. Mandate is performed according to preset authorization information so as to the new access device can of bbb suppliers.
It can be in the above-described embodiments new access device allocation identification information after server, and obtain setting for new access device Standby attribute information, the preset authorization information of corresponding new access device is generated according to the device attribute information of new access device, finally Preset authorization information is sent to new access device corresponding to identification information, so avoids authorization server and reconfigure to award The process of information is weighed, reduces the configuration pressure of authorization server, while preset authorization information is carried out by Relay Server Matching not only improve the mandate speed of new access device, while also improve the mandate success rate of new access device.
Embodiment two:
Based on identical invention thinking, the embodiment of the present invention additionally provides a kind of server of device authorization, as shown in Figure 2 Include for a kind of structural representation of the server of device authorization, the server in the embodiment of the present invention:
First sending module 201, for receiving access current system, and set with original access in current system During the authorization identifying request of the standby new access device with distinct device attribute, authorization identifying request is forwarded in current system Authorization server;
Receiving module 202, the original authorization message for asking to return according to authorization identifying for receiving authorization server are original The device attribute information of original access device is carried in authorization message;
Determining module 203, for the device attribute information according to new access device and original authorization message, determine energy New access device is enough set to perform the preset authorization information authorized, preset authorization information carries the device attribute letter of new access device Breath, the attribute information of new access device have comprised at least one kind in the manufacturer's information or device class information of new access device Information;
Second sending module 204, for preset authorization information to be sent to new access device, indicate new access device according to Preset authorization information performs mandate.
The first sending module 201 and the second sending module 204 can be same modules in embodiments of the present invention, that is, Say that the two modules can be completed by One function module.
Further, determining module 203 is specifically used for the device attribute letter for obtaining new access device in embodiments of the present invention Breath, according to original authorization message and the device attribute information of new access device, generation Portable device attribute information can make New access device performs the preset authorization information authorized.
Further, as shown in figure 3, a kind of server of device authorization in embodiments of the present invention can also include:
Information generating module 301, be connected with receiving module 202, for original authorization message in current system with And the device attribute information of new access device, generation carry the preset authorization information of the device attribute information of new access device;
Memory module 302, it is connected with information generating module 301, for preserving the identification information of new access device and/or setting Standby corresponding relation between attribute information and preset authorization information;
Memory module 302 is connected with determining module 203, determining module 203, specifically for the identification information according to preservation And/or the corresponding relation between device attribute information and preset authorization information, it is determined that the identification information of new access device and/or setting Preset authorization information corresponding to standby attribute information.
Further, determining module 203 is specifically used for determining equipment category in original authorization message in embodiments of the present invention Property information field, by the device attribute information of original access device in field replace with new access device device attribute believe Breath, generation can make new access device perform the preset authorization information authorized.
Embodiment three:
Based on same invention thinking, a kind of Relay Server is additionally provided in the embodiment of the present invention, is illustrated in figure 4 this A kind of structural representation of Relay Server in inventive embodiments, including:
First communication interface 401, for receiving access current system, and set with original access in current system During the authorization identifying request of the standby new access device with distinct device attribute, authorization identifying request is forwarded in current system Authorization server, original authorization message that authorization server asks to return according to authorization identifying is received, in original authorization message Carry the device attribute information of original access device;
Processor 402, is connected with communication interface, for the device attribute information according to new access device and original mandate Information, determine that new access device can be made to perform the preset authorization information authorized, preset authorization information carries new access and set Standby device attribute information, the attribute information of new access device have comprised at least the manufacturer's information or equipment class of new access device A kind of information in other information;
Second communication interface 403, it is additionally operable to send preset authorization information to new access device, indicates new access device root Mandate is performed according to preset authorization information.
Wherein, the first communication interface 401 and the second communication interface 403 can be same communication interfaces.
Further, processor 402 in embodiments of the present invention, specifically for when accessing new access device in current system When, it is new access device allocation identification information, and the device attribute information of new access device corresponding to identification information is obtained, according to The device attribute information of original authorization message and new access device in current system, the equipment that generation carries new access device The preset authorization information of attribute information, the identification information and/or device attribute information for preserving new access device are believed with preset authorization Corresponding relation between breath, according to corresponding between the identification information of preservation and/or device attribute information and preset authorization information Relation, it is determined that preset authorization information corresponding to the identification information of new access device and/or device attribute information.
Further, processor 402 in embodiments of the present invention, believe specifically for the device attribute for obtaining new access device Breath, according to original authorization message and the device attribute information of new access device, generation Portable device attribute information can make New access device performs the preset authorization information authorized.
Further, processor 402 in embodiments of the present invention, specifically for determining device attribute in original authorization message The field of information, the device attribute information of original access device in field is replaced with to the device attribute information of new access device, Generation can make new access device perform the preset authorization information authorized.
It can be in the above-described embodiments new access device allocation identification information after server, and obtain setting for new access device Standby attribute information, the pre- of corresponding new access device is then obtained according to the identification information of new access device and device attribute information If authorization message, preset authorization information is sent to new access device corresponding to identification information, so avoids authorization server The process of authorization message is reconfigured, reduces the configuration pressure of authorization server, while is carried out by Relay Server pre- If the matching of authorization message not only improves the mandate speed of new access device, at the same also improve the mandate of new access device into Power.
The present invention is with reference to method according to embodiments of the present invention, equipment(System)And the flow of computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (10)

  1. A kind of 1. method for device authorization, it is characterised in that including:
    Access current system is being received, and with original access device in current system there is the new of distinct device attribute to connect When entering the authorization identifying request of equipment, authorization identifying request is forwarded to authorization server in the current system;
    Original authorization message that authorization server asks to return according to the authorization identifying is received, is taken in original authorization message Device attribute information with original access device;
    According to the device attribute information of the new access device and original authorization message, determine to make described newly to connect Enter equipment and perform the preset authorization information authorized, the preset authorization information carries the device attribute letter of the new access device Breath, the device attribute information of the new access device include in the manufacturer's information or device class information of new access device A kind of information;
    The preset authorization information is sent to the new access device, indicates the new access device according to the preset authorization Information performs mandate.
  2. 2. the method as described in claim 1, it is characterised in that authorization identifying request is being forwarded to the current system In authorization server before, including:
    It is the new access device allocation identification information when accessing new access device in the current system, and described in acquisition The device attribute information of new access device corresponding to identification information;
    The device attribute information of original authorization message and the new access device in the current system, generation carry The preset authorization information of the device attribute information of the new access device;
    Preserve the new access device identification information and/or device attribute information and the preset authorization information between it is corresponding Relation;
    It is described to determine that the new access device be made to perform the preset authorization information authorized, be specially:
    According to the corresponding relation between the identification information of preservation and/or device attribute information and the preset authorization information, Determine the new access device identification information and/or device attribute information corresponding to preset authorization information.
  3. 3. the method as described in claim 1, it is characterised in that the device attribute information according to the new access device with And original authorization message, determine that the new access device can be made to perform the preset authorization information authorized, including:
    Obtain the device attribute information of the new access device;
    According to original authorization message and the device attribute information of the new access device, generation carries the device attribute Information can make the new access device perform the preset authorization information authorized.
  4. 4. the method as described in any claim in claim 2~3, it is characterised in that the generation carries the device attribute Information can make the new access device perform the preset authorization information authorized, including:
    The field of device attribute information is determined in original authorization message;
    The device attribute information of original access device in the field is replaced with to the device attribute information of the new access device, Generation can make the new access device perform the preset authorization information authorized.
  5. A kind of 5. server being used for for device authorization, it is characterised in that including:
    First sending module, for receiving access current system, and have with original access device in current system During the authorization identifying request of the new access device of distinct device attribute, authorization identifying request is forwarded to the current system In authorization server;
    Receiving module, the original authorization message for asking to return according to the authorization identifying for receiving authorization server, the original There is the device attribute information that original access device is carried in authorization message;
    Determining module, for the device attribute information according to the new access device and original authorization message, determine The new access device can be made to perform the preset authorization information authorized, the preset authorization information carries the new access and set Standby device attribute information, the attribute information of the new access device have comprised at least the manufacturer's information of new access device or set A kind of information in standby classification information;
    Second sending module, set for the preset authorization information to be sent to the new access device, the instruction new access It is standby that mandate is performed according to the preset authorization information.
  6. 6. server as claimed in claim 5, it is characterised in that the equipment also includes:
    Information generating module, for original authorization message in the current system and the equipment of the new access device Attribute information, generation carry the preset authorization information of the device attribute information of the new access device;
    Memory module, for preserving the identification information and/or device attribute information and the preset authorization of the new access device Corresponding relation between information;
    The determining module, awarded specifically for the identification information according to preservation and/or device attribute information with described preset Weigh information between corresponding relation, determine the new access device identification information and/or device attribute information corresponding to preset Authorization message.
  7. 7. server as claimed in claim 5, it is characterised in that the determining module, specifically for obtaining the new access The device attribute information of equipment, according to original authorization message and the device attribute information of the new access device, generation Carry the device attribute information can make the new access device perform the preset authorization information authorized.
  8. 8. the server as described in any claim in claim 6~7, it is characterised in that the determining module, specifically for The field of device attribute information is determined in original authorization message, the device attribute of original access device in the field is believed Breath replaces with the device attribute information of the new access device, and generation can make default the awarding of the new access device execution mandate Weigh information.
  9. A kind of 9. Relay Server, it is characterised in that including:
    First communication interface, for receiving access current system, and have with original access device in current system During the authorization identifying request of the new access device of distinct device attribute, authorization identifying request is forwarded to the current system In authorization server, receive authorization server according to the authorization identifying ask return original authorization message, it is described original The device attribute information of original access device is carried in authorization message;
    Processor, it is connected with the communication interface, for the device attribute information according to the new access device and the original There is authorization message, determine that the new access device can be made to perform the preset authorization information authorized, the preset authorization information The device attribute information of the new access device is carried, the attribute information of the new access device has comprised at least new access and set A kind of information in standby manufacturer's information or device class information;
    Second communication interface, it is additionally operable to send the preset authorization information to the new access device, indicates the new access Equipment performs mandate according to the preset authorization information.
  10. 10. server as claimed in claim 9, it is characterised in that the processor, specifically for when in the current system It is the new access device allocation identification information, and obtain new access corresponding to the identification information when accessing new access device The device attribute information of equipment, the equipment category of original authorization message and the new access device in the current system Property information, generation carries the preset authorization information of the device attribute information of the new access device, preserves the new access device Identification information and/or device attribute information and the preset authorization information between corresponding relation, according to the mark of preservation Know the corresponding relation between information and/or device attribute information and the preset authorization information, determine the new access device Preset authorization information corresponding to identification information and/or device attribute information;Or
    The processor, the device attribute information specifically for obtaining the new access device, according to original authorization message And the device attribute information of the new access device, the generation carrying device attribute information can set the new access It is standby to perform the preset authorization information authorized;Or
    The processor, the field specifically for determining device attribute information in original authorization message, by the field In the device attribute information of original access device replace with the device attribute information of the new access device, generation can make described New access device performs the preset authorization information authorized.
CN201310589806.4A 2013-11-20 2013-11-20 A kind of device authorization method and server Active CN104660403B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310589806.4A CN104660403B (en) 2013-11-20 2013-11-20 A kind of device authorization method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310589806.4A CN104660403B (en) 2013-11-20 2013-11-20 A kind of device authorization method and server

Publications (2)

Publication Number Publication Date
CN104660403A CN104660403A (en) 2015-05-27
CN104660403B true CN104660403B (en) 2018-02-23

Family

ID=53251140

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310589806.4A Active CN104660403B (en) 2013-11-20 2013-11-20 A kind of device authorization method and server

Country Status (1)

Country Link
CN (1) CN104660403B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112486500B (en) * 2020-11-03 2022-10-21 杭州云嘉云计算有限公司 System authorization deployment method
CN113194119B (en) * 2021-03-29 2022-05-27 新华三大数据技术有限公司 Configuration file acquisition method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1631036A2 (en) * 2004-08-27 2006-03-01 NTT DoCoMo, Inc. Device authentication in a service control system
CN101534501A (en) * 2008-03-13 2009-09-16 华为技术有限公司 Method, system and equipment for registering local mobile anchor point
CN101958900A (en) * 2010-09-27 2011-01-26 中兴通讯股份有限公司 Service processing method and device for server
CN102611683A (en) * 2011-12-14 2012-07-25 上海聚力传媒技术有限公司 Method, device, equipment and system for executing third-party authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1631036A2 (en) * 2004-08-27 2006-03-01 NTT DoCoMo, Inc. Device authentication in a service control system
CN101534501A (en) * 2008-03-13 2009-09-16 华为技术有限公司 Method, system and equipment for registering local mobile anchor point
CN101958900A (en) * 2010-09-27 2011-01-26 中兴通讯股份有限公司 Service processing method and device for server
CN102611683A (en) * 2011-12-14 2012-07-25 上海聚力传媒技术有限公司 Method, device, equipment and system for executing third-party authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"WLAN无感知认证关键技术探讨";李林江;《电信科学》;20130930;1-10 *

Also Published As

Publication number Publication date
CN104660403A (en) 2015-05-27

Similar Documents

Publication Publication Date Title
CN108881232B (en) Sign-on access method, apparatus, storage medium and the processor of operation system
CN104348777B (en) The access control method and system of a kind of mobile terminal to third-party server
CN103428696B (en) Virtual SIM card achieving method and system and relevant device
US9438683B2 (en) Router-host logging
CN103368913A (en) Account login method, apparatus and system, and network server
CN101166173A (en) A single-node login system, device and method
CN103873449B (en) Method for network access and system
CN106936772A (en) A kind of access method, the apparatus and system of cloud platform resource
CN109586969A (en) Content distributing network disaster recovery method, device, computer equipment and storage medium
CN104809369B (en) Packet sets method, client, server and the system of equipment access rights
CN104301311B (en) The method and apparatus of DNS screen data contents
CN104767714A (en) Method, terminal and system for associating user resource information
CN105228140A (en) A kind of data access method and device
CN106302448A (en) remote access control method and device
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
CN106506515A (en) A kind of authentication method and device
CN110086813A (en) Access right control method and device
CN106331003A (en) Method and device for accessing application portal system on cloud desktop
CN102984046A (en) Processing method of instant messaging business and corresponding network equipment
CN109274705A (en) Service providing method, apparatus and system based on user identity
CN108377499A (en) A kind of method for network access, routing device and terminal
CN104660403B (en) A kind of device authorization method and server
CN106302479B (en) A kind of single-point logging method and system for multi-service internet site
CN105959982A (en) Network access control method server and electronic equipment
CN104410517A (en) Backspace configuring method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant