CN107122630A - device authorization management method and device - Google Patents
device authorization management method and device Download PDFInfo
- Publication number
- CN107122630A CN107122630A CN201710281519.5A CN201710281519A CN107122630A CN 107122630 A CN107122630 A CN 107122630A CN 201710281519 A CN201710281519 A CN 201710281519A CN 107122630 A CN107122630 A CN 107122630A
- Authority
- CN
- China
- Prior art keywords
- control board
- authorization
- network equipment
- slave control
- main control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 284
- 238000007726 management method Methods 0.000 title claims abstract description 107
- 238000003860 storage Methods 0.000 claims abstract description 47
- 238000000034 method Methods 0.000 claims abstract description 19
- 230000001360 synchronised effect Effects 0.000 claims abstract description 18
- 238000009434 installation Methods 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims description 3
- 230000006855 networking Effects 0.000 abstract description 12
- 230000006870 function Effects 0.000 description 58
- 208000018208 Hyperimmunoglobulinemia D with periodic fever Diseases 0.000 description 6
- 206010072219 Mevalonic aciduria Diseases 0.000 description 6
- DTXLBRAVKYTGFE-UHFFFAOYSA-J tetrasodium;2-(1,2-dicarboxylatoethylamino)-3-hydroxybutanedioate Chemical compound [Na+].[Na+].[Na+].[Na+].[O-]C(=O)C(O)C(C([O-])=O)NC(C([O-])=O)CC([O-])=O DTXLBRAVKYTGFE-UHFFFAOYSA-J 0.000 description 6
- 230000004913 activation Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1011—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/108—Transfer of content, software, digital rights or licenses
- G06F21/1082—Backup or restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/108—Transfer of content, software, digital rights or licenses
- G06F21/1087—Synchronisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Abstract
The embodiments of the invention provide a kind of device authorization management method and device, in the network equipment identified applied to off host, the network equipment includes main control board and at least one slave control board, and this method includes:Main control board determines the authorization message of non-storage networking device at least one slave control board, and main control board is stored with the authorization message of the network equipment;The authorization message of storage is synchronized at least one slave control board by main control board, so as to generate temporary Authorization information at least one slave control board, temporary Authorization information includes at least one temporary Authorization management item, and each temporary Authorization management item includes the authorization message and empowerment management time at least one function of the network equipment.Device authorization management method provided in an embodiment of the present invention and device, that is, ensure that the authorization function of the network equipment and the normal of business are used, authorization function can be prevented to be illegally used again.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of device authorization management method and device.
Background technology
Because the deployed environment of the network equipment is varied, different user is also differed to the functional requirement of the network equipment,
The manufacturer of so network equipment is accomplished by setting for the network of different user and the different a variety of different models of deployed environment production
It is standby.But the network equipment for producing polytypic is produced for manufacturer and maintenance cost is all very high, therefore manufacturer's mesh
The various functions authority of the network equipment is controlled using software mode as previous, so as to be added with identical hardware configuration
Upper different software merit rating provides the network equipment of a variety of different abilities, reduces production and the maintenance cost of manufacturer.
The hardware configuration identical network equipment is supplied to different user in use, needing by the software in the network equipment
Different authorization controls are carried out, realizes and the authority of the various functions of the network equipment is controlled.Specifically, it is general at present to use
The combination of authorization code (License Key, LK) and active coding (Activation Key, AK) carries out authority to the network equipment
Control.Manufacturer provides the user a unique authorization code according to the different demands of user, and user uses authorization code and network
The unique mark of equipment obtains the active coding for activating network device software function privilege, then reuses active coding activation network
The corresponding function of network equipment.Such mode is on the basis of the network equipment of difference in functionality is provided for different user, additionally it is possible to
The network equipment function and business that can be used user carry out using control, and the user that only have purchased corresponding function can
Corresponding function is authorized to use, so as to protect the interests of manufacturer.
In order to prevent piracy, the authorization code that manufacturer provides the user is only capable of in an enterprising line activating of hardware carrier.But
Current network equipment mandate hardware mode is divided into host identification storage (Host-Id Storage, HIDS) and off host mark
(No Host-Id, NHID) two ways, has storage medium on the main frame of the network equipment wherein in HIDS patterns, and in NHID
There is no storage medium on the main frame of the network equipment.So in HIDS patterns, the authorization code of the network equipment is and host hardware letter
Breath binding, authorization message is also to store onto main frame, and each master control borad connected on the network equipment can be from main frame
Authorization message is obtained in memory, so as to control the network equipment to realize various functions.
But in NHID patterns, due to there is no storage medium on the main frame of the network equipment, then can only by authorization message with
The hardware information of one master control borad is bound, usually, and authorization message is bound with main control board, authorization message
It is to store onto main control board.But, because the network equipment is typically all configured using dual master control plate, in slave control board by
In with no authorized information, it will be unable to the control network equipment and realize every function controlled, if main control board breaks down, network
The function controlled of equipment will be unable to use, even if having carried out the active-standby switch of master control borad, it is also desirable to which function controlled is re-issued
Configuration, influence user uses.
If in NHID patterns, being that main control board and slave control board all buy mandate, then needing user to pay additionally
Cost, if authorizing main control board and slave control board while being bound using same, there is authorization function again
Stolen the problem of.Therefore, in the network equipment of NHID patterns, how to carry out device authorization management makes urgently to be resolved hurrily ask
Topic.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of device authorization management method and device, can set ensureing network
On the basis of the normal use of standby authorization function and business, enough authorization function is prevented to be illegally used.
The present embodiment concrete technical scheme is as follows:
First aspect provides a kind of device authorization management method, in the network equipment identified applied to off host, the net
Network equipment includes main control board and at least one slave control board, and methods described includes:
The main control board determines not storing the mandate letter of the network equipment at least one described slave control board
Breath, the main control board is stored with the authorization message of the network equipment;
The authorization message of storage is synchronized at least one described slave control board by the main control board, so that
Temporary Authorization information is generated at least one described slave control board, the temporary Authorization information includes at least one and awarded temporarily
Management item is weighed, each temporary Authorization management item includes managing the authorization message of at least one function of the network equipment and mandate
The reason time.
In a kind of possible implementation of first aspect, the main control board determines at least one described standby master control
The authorization message of the network equipment is not stored on plate, including:
When the main control board inserts the network equipment, at least one is standby described in the main control board inspection
Master control borad, it is determined that at least one described slave control board does not store the authorization message of the network equipment;
Or when the authorization message of the network equipment described in installation on the main control board, the main control board
At least one described slave control board is checked, it is determined that at least one described slave control board does not store the mandate of the network equipment
Information.
In a kind of possible implementation of first aspect, the main control board determines at least one described standby master control
The authorization message of the network equipment is not stored on plate, including:
It is described when the main control board receives the mandate synchronization request that at least one described slave control board is sent
The authorization message of the network equipment is not stored at least one described slave control board of main control board determination, the mandate is same
Step request is that at least one described slave control board is inserted after the network equipment, checks that this plate does not store the network equipment
Sent during authorization message.
In a kind of possible implementation of first aspect, the main control board determines at least one described standby master
The authorization message of the network equipment is not stored on control plate, including:
The main control board obtains the number of the empowerment management stored at least one described slave control board;
If the number of the empowerment management stored at least one described slave control board is equal to 0, the primary master control
Plate determines not storing the authorization message of the network equipment at least one described slave control board.
In a kind of possible implementation of first aspect, the main control board is synchronous by the authorization message of storage
Into at least one described slave control board, including:
Increase the default empowerment management time in the main control board empowerment management in the authorization message of storage,
Temporary Authorization management item is generated, the empowerment management in the authorization message is replaced with into corresponding temporary Authorization management item, and
Temporary Authorization management item number is added, the temporary Authorization information is generated;
The main control board is by the temporary Authorization synchronizing information at least one described slave control board.
Second aspect provides a kind of device authorization managing device, in the network equipment identified applied to off host, the net
Network equipment includes main control board and at least one slave control board, and the device authorization managing device is arranged at the primary master
Control on plate, the device authorization managing device includes:
Determining module, the mandate for determining not storing the network equipment at least one described slave control board is believed
Breath, the main control board is stored with the authorization message of the network equipment;
Synchronization module, for the authorization message of storage to be synchronized at least one described slave control board, so that
Temporary Authorization information is generated at least one described slave control board, the temporary Authorization information includes at least one and awarded temporarily
Management item is weighed, each temporary Authorization management item includes managing the authorization message of at least one function of the network equipment and mandate
The reason time.
In a kind of possible implementation of second aspect, the determining module, specifically for when the main control board
When inserting the network equipment, at least one described slave control board is checked, it is determined that at least one described slave control board is not deposited
Store up the authorization message of the network equipment;Or when the authorization message of the network equipment described in installation on the main control board
When, at least one described slave control board is checked, it is determined that at least one described slave control board does not store the network equipment
Authorization message.
In a kind of possible implementation of second aspect, the device authorization managing device also includes:Receiving module, is used
In receiving the mandate synchronization request that at least one described slave control board is sent, the mandate synchronization request be it is described at least one
Slave control board is inserted after the network equipment, checks that this plate does not store what is sent during the authorization message of the network equipment;
The determining module, specifically for receiving what at least one described slave control board was sent when the receiving module
When authorizing synchronization request, it is determined that the authorization message of the network equipment is not stored at least one described slave control board.
In a kind of possible implementation of second aspect, the determining module, specifically for obtain it is described at least one
The number of the empowerment management stored in slave control board;If the empowerment management stored at least one described slave control board
Number be equal to 0, it is determined that the authorization message of the network equipment is not stored at least one described slave control board.
In a kind of possible implementation of second aspect, the synchronization module, specifically for the authorization message in storage
In empowerment management in increase the default empowerment management time, temporary Authorization management item is generated, by the authorization message
Empowerment management item replaces with corresponding temporary Authorization management item, and adds temporary Authorization management item number, and generation is described to award temporarily
Weigh information;By the temporary Authorization synchronizing information at least one described slave control board.
In device authorization management method provided in an embodiment of the present invention and device, the network equipment applied to NHID patterns,
When the main control board of the authorization message for the network equipment that is stored with determines not deposit at least one slave control board of the network equipment
When storing up the authorization message of the network equipment, the authorization message of storage is synchronized at least one slave control board by main control board,
Make to generate temporary Authorization information at least one slave control board, wherein, temporary Authorization information includes at least one and awarded temporarily
Management item is weighed, when each temporary Authorization management item includes authorization message and the empowerment management at least one function of the network equipment
Between, so when the main control board of the network equipment breaks down, you can believed using the temporary Authorization stored in slave control board
Cease and the function or business of the network equipment are authorized, because each temporary Authorization management item in temporary Authorization information all includes awarding
Weigh the management time, therefore the slave control board for the temporary Authorization information that is stored with can not be also arranged in other network equipments by user
Normally use, that is, ensure that the authorization function of the network equipment and the normal of business are used, authorization function can be prevented illegal again
Use.Certainly, implementing any product or method of the present invention must be not necessarily required to while reaching all the above advantage.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is network equipment authorization flow;
Fig. 2 is the flow chart of device authorization management method embodiment one provided in an embodiment of the present invention;
Fig. 3 is the structural representation of device authorization managing device embodiment one provided in an embodiment of the present invention;
Fig. 4 is the structural representation of device authorization managing device embodiment two provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
The licensing scheme of the network equipment is typically all that will authorize specific hardware carrier to be matched, that is, the function of authorizing
Or business can be only applied on certain specific hardware carrier.Authorization message and the information of hardware carrier are bound, then the hardware
Software on carrier is only capable of the corresponding function of operation authorization message or business.The authorization message of equipment typically uses the shape of authorization code
Formula, the manufacturer of the network equipment provides authorization code to the user of the purchase network equipment, wherein, the authorization code buys net with user
The function or professional ability of network equipment are corresponding.Because authorization message needs to bind in hardware carrier, therefore user needs to obtain
The hardware information of the network equipment to be authorized, then using the authorization code and the network equipment hardware information the network equipment life
Registered on the mandate website that business men is provided, after the hardware information of authorization code and the network equipment is bound in mandate website,
Obtaining one is used to activate the active coding that the network equipment runs corresponding function.User inputs after the active coding in the network device,
The network equipment can run authorized function.
Fig. 1 is network equipment authorization flow, as shown in figure 1, the module for being used to carry out empowerment management in the network device can
To be referred to as authorizing platform, the authorization message for the network equipment that is stored with platform is authorized.When some functional module in the network equipment
Or business module need operation when, first to authorize platform inquire about whether the function or business are function controlled or business.Authorize
Platform is inquired about in switch list is authorized, if not finding or determining that the function or business are uncontrolled after inquiring about, to phase
The functional module or business module answered send information, and instruction directly runs the function or business.If being searched in switch list is authorized
It is controlled to the function or business, then sends information to corresponding functional module or business module, indicate the function or business
It is controlled, is used after need to authorizing.Functional module or business module inquire about awarding for the function to authorizing platform to send request message
Weigh information.In the authorization message stored on platform is authorized, including a plurality of empowerment management (License Manage Item,
LMI), every empowerment management includes the authorization message of one or more functions.Network is inquired about first in authorization message to set
Whether standby hardware information is matched with authorization message, and the function limitation of the functional module or business module is determined if mismatching,
It can not run.If the hardware information of the network equipment is matched with authorization message, further inquiry authorization message in whether include with
The function or the corresponding empowerment management of business, determine the function limitation of the functional module or business module if not including.If
Authorization message includes empowerment management corresponding with the function or business, then activates the functional module or business module, it is allowed to
Operation.
The licensing mode of the network equipment is divided into HIDS and NHID both of which, wherein HIDS patterns from hardware point of view
There is storage medium on the main frame of the middle network equipment, and do not have storage medium on the main frame of the network equipment in NHID.So exist
In HIDS patterns, the authorization code of the network equipment is bound with host hardware information, and active information is also to store onto main frame.
But in NHID patterns, due to there is no storage medium on the main frame of the network equipment, then can only be by authorization message and a master control
The hardware information of plate is bound, usually, and authorization message is bound with main control board, and authorization message is also that storage is arrived
On main control board.So, in NHID patterns, if main control board breaks down, the function controlled of the network equipment will
It can not use, even if having carried out the active-standby switch of master control borad, it is also desirable to configuration is re-issued to function controlled, influence user makes
With.
The embodiment of the present invention provides a kind of device authorization management method and device, the network equipment identified applied to off host
In, i.e., the hardware mode of empowerment management is in the network equipment of NHID patterns.Include a main control board in the network device
With at least one slave control board.
Fig. 2 is the flow chart of device authorization management method embodiment one provided in an embodiment of the present invention, as shown in Fig. 2 this
The method that embodiment is provided includes:
Step S201, main control board determines the authorization message of non-storage networking device at least one slave control board,
Main control board is stored with the authorization message of the network equipment.
In licensing mode in the network equipment of NHID patterns, be usually stored with net on the main control board of the network equipment
The authorization message of network equipment.Wherein, the authorization message stored on main control board is that user is carried using network equipment life manufacturer
The authorization code of confession and the hardware information of main control board, apply on website is authorized.User is when buying the network equipment, production
The chamber of commerce distributes an authorization code according to the demand of user for it, or user is after the purchase network equipment, according to different need
Seek the authorization code bought again at raw manufacturer.User also needs to inquire about the hardware letter of main control board on main control board
Breath, the generally device identification (Device ID, DID) of main control board.The DID of main control board can pass through the network equipment
Software tool inquiry obtain or directly identify on main control board.User using the authorization code that gets and
The hardware information of main control board, is registered on the mandate website that network equipment manufacturer provides, and authorizes website can be somebody's turn to do
Authorization code and hardware information carry out binding storage, and generate an active coding.Obtained active coding is inputted primary master control by user
In plate, main control board can generate authorization message according to active coding, be referred to as active coding file (Activation
File, AF).Wherein, AF includes active coding and associated ancillary information.The authorization message stored on main control board uses table
Form shown in 1, including header check, maximum empowerment management number, LMI numbers, version number, reserved field, LMI 0
To several LMI of LMI N.Every LMI is AK or the AF corresponding management information in authorization message storage region installed
List item.The authorization message of one or more functions or business is stored in every LMI.
The authorization message storage format of table 1
The LMI storage formats of table 2
Every LMI storage format is as shown in table 2, including identification-state, identity type, authorization data ID, mandate
Group ID, set-up time, unloading date, discharge time, absolute time timing, the list structure for recording overlaying relation, installation activation
The information such as file name, the reserved field of data.
Because in the network equipment of NHID patterns, the authorization message of the network equipment is stored on main control board.Network is set
For on startup, being typically all that authorization message is read from main control board, so that it is determined that the authority of each function.If but network is set
Standby main control board failure, and when needing to read authorization message from slave control board, he due to is not deposited on slave control board
The authorization message of the network equipment is stored up, causing the authorization function of the network equipment possibly can not normally use.The embodiment of the present invention in order to
This problem is solved, in the network equipment with master-slave back-up master control borad, when storing the network equipment on main control board
After authorization message, main control board will check the information stored on slave control board, determine on the slave control board of the network equipment
Whether be stored with the authorization message of the network equipment.Usually, the network equipment is all configuration of the master one for master control borad, then primary
As long as master control borad is checked in the information stored on one piece of slave control board, but the method for the present embodiment offer, primary master control
The information that plate will be stored on all slave control board for checking the network equipment.Mainly have and do not store network on one piece of main control board
The authorization message of equipment, you can carry out step S202 processing.
Whether main control board can determine to be stored with slave control board the mandate of the network equipment using different methods
Information.For example main control board can insert the network equipment and it is upper electric when, just to configured on the network equipment at least one is standby
Checked with master control borad.The authorization message of main control board network equipment it needs to be determined that itself has been stored with first, then
Main control board sends inquiry request to slave control board, and the inquiry response sent according to slave control board determines slave control board
On whether be stored with the authorization message of the network equipment.Main control board can also when installing the authorization message of the network equipment,
Trigger the inspection to slave control board.Or main control board can also receive the mandate synchronization request of slave control board transmission,
It is that slave control board is inserted after the network equipment to authorize synchronization request, is sent during the authorization message for checking the non-storage networking device of this plate
's.When main control board receives the mandate synchronization request of slave control board transmission, determine not storing institute on slave control board
State the authorization message of the network equipment.
The authorization message of storage is synchronized at least one slave control board by step S202, main control board, so that extremely
Temporary Authorization information is generated in a few slave control board, temporary Authorization information includes at least one temporary Authorization management item,
Each temporary Authorization management item includes the authorization message at least one function of the network equipment and empowerment management time.
When main control board determines the mandate letter of non-storage networking device at least one slave control board of the network equipment
During breath, the authorization message for the network equipment that main control board can store this plate is synchronized to the standby master for not storing authorization message
Control plate.In the network equipment that other NHID patterns are installed to due to the master control borad with complete authorization message, you can possess and award
The access right for each function that power information is authorized, then the master control borad for not buying authorization code may be caused also to be provided with completion
Authorization message, will so have influence on the normal sale of network equipment manufacturer, be also unfavorable for use to the network equipment and carry out
Management and control.So the authorization message of storage cannot directly be synchronized to slave control board by main control board, but need
Carry out certain processing.
The purpose that authorization message in main control board is synchronized into slave control board is to make the primary master control of the network equipment
When plate breaks down, remain to read authorization message from slave control board, allow the user to normally use.But user has found net
After the main control board of network equipment breaks down, it can be repaired as early as possible, therefore slave control board only needs to preserve certain time
Authorization message, treats that the fault restoration of main control board can be still using the authorization message on main control board.Standby
The authorization message of certain time is only preserved on master control borad, can both ensure the mandate of network equipment when main control board breaks down
Function is normally used, and can prevent user on other network equipments using the authorization message replicated again.
The form for the authorization message for understanding to store on main control board by Tables 1 and 2, wherein to the tool of function or business
Body authorization message is stored in each bar LMI, then main control board just can be to the synchronous authorization message of slave control board
When, certain change is carried out to the LMI for needing to replicate, the empowerment management time is added wherein, the empowerment management time will be added
LMI is referred to as interim LMI, each just includes managing the authorization message of at least one function of the network equipment and mandate in interim LMI
The reason time.The empowerment management time is all added in every LMI that main control board can be in the authorization message of storage, it is then synchronous
To slave control board, by all authorization messages for the network equipment that is stored with such slave control board.Certain main control board is also
The empowerment management time can be optionally added only in one or more LMI, and will only add the interim of empowerment management time
LMI is synchronized to the section entitlement information for the network equipment that is stored with slave control board, such slave control board.Due to the network equipment
Partial function or business belong to key function or business, can not be by it in order to ensure key function or the security of business
Slave control board is synchronized to, and only will be same to the pertinent authorization information of the less function of the safety effects of the network equipment or business
Walk to slave control board.The empowerment management time in interim LMI can be configured according to the actual demand of different user, be authorized
The management time can be according to user to the mean time between maintenance (MTBM) of main control board or maximum maintenance cycle determination, such as empowerment management
Time is 2 days.Other guide in the interim LMI and authorization message of generation is constituted temporary Authorization information by main control board, and
By temporary Authorization synchronizing information to slave control board.
When be stored with slave control board temporary Authorization information after, if the network equipment is by reading facing in slave control board
When authorization message obtain the use mandate of each function or business, then the mandate in the corresponding interim LMI of corresponding authorization message
The management time can start timing, when the empowerment management time then, slave control board will limit the corresponding function of the authorization message
Or the use of business.Slave control board can also delete the interim LMI of empowerment management time then.
Interim LMI storage format is for example shown in table 3, on the basis of table 2, when increase installed date and relative timing
Between list item, wherein relative timing time is the empowerment management time, after interim LMI is read by the network equipment to be installed, record peace
Date and set-up time are filled, and starts the timing of absolute timing time, when absolute timing time reaches relative timing time, is touched
Send out the limitation to the interim LMI.
The interim LMI storage formats of table 3
In the device authorization management method that the present embodiment is provided, the network equipment applied to NHID patterns, when the net that is stored with
The main control board of the authorization message of network equipment determines non-storage networking device at least one slave control board of the network equipment
Authorization message when, the authorization message of storage is synchronized at least one slave control board by main control board, makes at least one
Temporary Authorization information is generated in slave control board, wherein, temporary Authorization information includes at least one temporary Authorization management item, often
Individual temporary Authorization management item includes the authorization message and empowerment management time at least one function of the network equipment, so in net
When the main control board of network equipment breaks down, you can using the temporary Authorization information stored in slave control board to the network equipment
Function or business authorized, due to each temporary Authorization management item in temporary Authorization information all include the empowerment management time,
Therefore the slave control board for the temporary Authorization information that is stored with can not also be arranged in other network equipments and normally use by user, i.e.,
It ensure that the authorization function of the network equipment and the normal of business are used, authorization function can be prevented to be illegally used again.
Further, as can be seen from Table 1 and Table 2, the specific authorization message of the network equipment is all stored in each bar LMI
In, including the interim LMI stored in the LMI and slave control board stored in main control board.So main control board can be with
The LMI or interim LMI stored by obtaining in slave control board number determines the network that whether is stored with slave control board
The authorization message of equipment.If the LMI or interim LMI stored at least one slave control board number is equal to 0, primary master control
Plate determines the authorization message of non-storage networking device at least one slave control board.
Further, because the LMI that is stored in slave control board is interim LMI, in order to distinguish the LMI in authorization message and
Interim LMI, main control board can add temporary Authorization management item wherein when authorization message is synchronized into slave control board
Number.Certainly, while when main control board also needs to increase default empowerment management in the LMI in the authorization message of storage
Between, interim LMI is generated, the LMI in authorization message corresponding interim LMI is replaced with into, so as to generate temporary Authorization information.Then
Main control board is again by temporary Authorization synchronizing information to slave control board.
The storage format of temporary Authorization information is for example shown in table 4, on the basis of table 1, increase temporary Authorization management item number
Mesh, and LMI is replaced with into interim LMI.
The temporary Authorization format information memory of table 4
Fig. 3 is the structural representation of device authorization managing device embodiment one provided in an embodiment of the present invention, applied to nothing
In the network equipment of host identification, the network equipment includes main control board and at least one slave control board, and the present embodiment is carried
The device authorization managing device of confession is arranged on main control board.As shown in figure 3, the device authorization management dress that the present embodiment is provided
Put including:
Determining module 31, the authorization message for determining non-storage networking device at least one slave control board is primary
Master control borad is stored with the authorization message of the network equipment.
Synchronization module 32, for the authorization message of storage to be synchronized at least one slave control board, so that at least one
Temporary Authorization information is generated in individual slave control board, temporary Authorization information includes at least one temporary Authorization management item, each
Temporary Authorization management item includes the authorization message and empowerment management time at least one function of the network equipment.
The device authorization managing device that the present embodiment is provided is used for the technical side for realizing device authorization management method shown in Fig. 2
Case, its implementing principle and technical effect are similar, and here is omitted.
Further, on the basis of implementing shown in Fig. 3, determining module 31, specifically for inserting net when main control board
During network equipment, at least one slave control board is checked, the mandate letter of the non-storage networking device of at least one slave control board is determined
Breath;Or when the authorization message of the installation network equipment on main control board, at least one slave control board is checked, it is determined that
The authorization message of the non-storage networking device of at least one slave control board.
Fig. 4 is the structural representation of device authorization managing device embodiment two provided in an embodiment of the present invention, such as Fig. 4 institutes
Show, the present embodiment provide device authorization managing device on the basis of Fig. 3, in addition to:
Receiving module 33, the mandate synchronization request for receiving the transmission of at least one slave control board, authorizes synchronization request
It is after at least one slave control board insertion network equipment, to be sent during the authorization message for checking the non-storage networking device of this plate.
Determining module 31, synchronously please specifically for the mandate that the transmission of at least one slave control board is received when receiving module
When asking, the authorization message of non-storage networking device at least one slave control board is determined.
Further, on the basis of implementing shown in Fig. 3 or Fig. 4, determining module 31 is standby specifically for obtaining at least one
With the number of the empowerment management stored in master control borad;If the number of the empowerment management stored at least one slave control board
Equal to 0, it is determined that the authorization message of non-storage networking device at least one slave control board.
Further, on the basis of implementing shown in Fig. 3 or Fig. 4, synchronization module 32, specifically for the mandate letter in storage
Increase the default empowerment management time in empowerment management in breath, temporary Authorization management item is generated, by awarding in authorization message
Power management item replaces with corresponding temporary Authorization management item, and adds temporary Authorization management item number, generates temporary Authorization information;
By temporary Authorization synchronizing information at least one slave control board.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or deposited between operating
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability is included, so that process, method, article or equipment including a series of key elements not only will including those
Element, but also other key elements including being not expressly set out, or also include being this process, method, article or equipment
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Also there is other identical element in process, method, article or equipment including the key element.
Each embodiment in this specification is described by the way of related, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.It is real especially for system
Apply for example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in protection scope of the present invention
It is interior.
Claims (10)
1. a kind of device authorization management method, it is characterised in that in the network equipment identified applied to off host, the network is set
Standby to include main control board and at least one slave control board, methods described includes:
The main control board determines not storing the authorization message of the network equipment, institute at least one described slave control board
Main control board is stated to be stored with the authorization message of the network equipment;
The authorization message of storage is synchronized at least one described slave control board by the main control board, so that described
Temporary Authorization information is generated at least one slave control board, the temporary Authorization information includes at least one temporary Authorization pipe
Item is managed, when each temporary Authorization management item includes authorization message and the empowerment management at least one function of the network equipment
Between.
2. according to the method described in claim 1, it is characterised in that the main control board determines at least one described standby master
The authorization message of the network equipment is not stored on control plate, including:
When the main control board inserts the network equipment, the main control board checks at least one described standby master control
Plate, it is determined that at least one described slave control board does not store the authorization message of the network equipment;
Or when the authorization message of the network equipment described in installation on the main control board, the main control board inspection
At least one described slave control board, it is determined that at least one described slave control board does not store the mandate letter of the network equipment
Breath.
3. according to the method described in claim 1, it is characterised in that the main control board determines at least one described standby master
The authorization message of the network equipment is not stored on control plate, including:
It is described primary when the main control board receives the mandate synchronization request that at least one described slave control board is sent
The authorization message of the network equipment is not stored at least one described slave control board of master control borad determination, the mandate synchronously please
At least one slave control board described in Seeking Truth is inserted after the network equipment, checks that this plate does not store the mandate of the network equipment
Sent during information.
4. the method according to any one of claims 1 to 3, it is characterised in that described in the main control board determination at least
The authorization message of the network equipment is not stored on one slave control board, including:
The main control board obtains the number of the empowerment management stored at least one described slave control board;
If the number of the empowerment management stored at least one described slave control board is equal to 0, the main control board is true
The authorization message of the network equipment is not stored at least one fixed described slave control board.
5. method according to claim 4, it is characterised in that the main control board is same by the authorization message of storage
Walk at least one described slave control board, including:
Increase the default empowerment management time in the main control board empowerment management in the authorization message of storage, generate
Temporary Authorization management item, replaces with corresponding temporary Authorization management item, and add by the empowerment management in the authorization message
Temporary Authorization management item number, generates the temporary Authorization information;
The main control board is by the temporary Authorization synchronizing information at least one described slave control board.
6. a kind of device authorization managing device, it is characterised in that in the network equipment identified applied to off host, the network is set
Standby to include main control board and at least one slave control board, the device authorization managing device is arranged at the main control board
On, the device authorization managing device includes:
Determining module, the authorization message for determining not store the network equipment at least one described slave control board, institute
Main control board is stated to be stored with the authorization message of the network equipment;
Synchronization module, for the authorization message of storage to be synchronized at least one described slave control board, so that described
Temporary Authorization information is generated at least one slave control board, the temporary Authorization information includes at least one temporary Authorization pipe
Item is managed, when each temporary Authorization management item includes authorization message and the empowerment management at least one function of the network equipment
Between.
7. device authorization managing device according to claim 6, it is characterised in that the determining module, specifically for working as
When the main control board inserts the network equipment, check at least one described slave control board, it is determined that it is described at least one
Slave control board does not store the authorization message of the network equipment;Or when network described in installation on the main control board
During the authorization message of equipment, at least one described slave control board is checked, it is determined that at least one described slave control board is not stored
The authorization message of the network equipment.
8. device authorization managing device according to claim 6, it is characterised in that the device authorization managing device is also wrapped
Include:Receiving module, for receiving the mandate synchronization request that at least one described slave control board is sent, the mandate synchronization request
It is that at least one described slave control board is inserted after the network equipment, checks that this plate does not store the mandate letter of the network equipment
Sent during breath;
The determining module, specifically for receiving the mandate that at least one described slave control board is sent when the receiving module
During synchronization request, it is determined that the authorization message of the network equipment is not stored at least one described slave control board.
9. the device authorization managing device according to any one of claim 6~8, it is characterised in that the determining module, tool
Body is used for the number for obtaining the empowerment management stored at least one described slave control board;If at least one described standby master
The number of the empowerment management stored in control plate is equal to 0, it is determined that do not store the net at least one described slave control board
The authorization message of network equipment.
10. device authorization managing device according to claim 9, it is characterised in that the synchronization module, specifically for
Increase the default empowerment management time in empowerment management in the authorization message of storage, temporary Authorization management item is generated, by institute
State the item of the empowerment management in authorization message and replace with corresponding temporary Authorization management item, and add temporary Authorization management item number,
Generate the temporary Authorization information;By the temporary Authorization synchronizing information at least one described slave control board.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710281519.5A CN107122630B (en) | 2017-04-26 | 2017-04-26 | Equipment authorization management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710281519.5A CN107122630B (en) | 2017-04-26 | 2017-04-26 | Equipment authorization management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107122630A true CN107122630A (en) | 2017-09-01 |
| CN107122630B CN107122630B (en) | 2020-07-17 |
Family
ID=59725751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710281519.5A Active CN107122630B (en) | 2017-04-26 | 2017-04-26 | Equipment authorization management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107122630B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111534A (en) * | 2018-01-11 | 2018-06-01 | 新华三云计算技术有限公司 | A kind of method and device for controlling authorization |
| CN108200192A (en) * | 2018-01-30 | 2018-06-22 | 北京小米移动软件有限公司 | The method and device of control terminal apparatus bound |
| CN109063423A (en) * | 2018-07-16 | 2018-12-21 | 北京知道创宇信息技术有限公司 | application software authorization method and system |
| CN109088937A (en) * | 2018-08-28 | 2018-12-25 | 郑州云海信息技术有限公司 | A kind of cluster authorization method and device based on unified management |
| CN113010123A (en) * | 2021-03-12 | 2021-06-22 | 珠海奔图电子有限公司 | Equipment monitoring method and device and server |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040187012A1 (en) * | 2003-03-21 | 2004-09-23 | Hitachi, Ltd. | Hidden data backup and retrieval for a secure device |
| JP4258794B2 (en) * | 2001-12-25 | 2009-04-30 | 株式会社三共 | Game machine |
| CN101656628A (en) * | 2009-09-22 | 2010-02-24 | 杭州华三通信技术有限公司 | Fault diagnosis method and equipment of business board |
| CN101980476A (en) * | 2010-11-16 | 2011-02-23 | 北京星网锐捷网络技术有限公司 | Warm backup method and network equipment |
| CN102622538A (en) * | 2011-02-01 | 2012-08-01 | 中国电信股份有限公司 | Method and system for software licensing control |
| CN103036668A (en) * | 2012-12-11 | 2013-04-10 | 上海斐讯数据通信技术有限公司 | Rack-mounted equipment tab configuration synchronization method based on a command line |
| CN103473499A (en) * | 2013-09-16 | 2013-12-25 | 笔笔发信息技术(上海)有限公司 | Acquisition device and data authorization method thereof |
-
2017
- 2017-04-26 CN CN201710281519.5A patent/CN107122630B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4258794B2 (en) * | 2001-12-25 | 2009-04-30 | 株式会社三共 | Game machine |
| US20040187012A1 (en) * | 2003-03-21 | 2004-09-23 | Hitachi, Ltd. | Hidden data backup and retrieval for a secure device |
| CN101656628A (en) * | 2009-09-22 | 2010-02-24 | 杭州华三通信技术有限公司 | Fault diagnosis method and equipment of business board |
| CN101980476A (en) * | 2010-11-16 | 2011-02-23 | 北京星网锐捷网络技术有限公司 | Warm backup method and network equipment |
| CN102622538A (en) * | 2011-02-01 | 2012-08-01 | 中国电信股份有限公司 | Method and system for software licensing control |
| CN103036668A (en) * | 2012-12-11 | 2013-04-10 | 上海斐讯数据通信技术有限公司 | Rack-mounted equipment tab configuration synchronization method based on a command line |
| CN103473499A (en) * | 2013-09-16 | 2013-12-25 | 笔笔发信息技术(上海)有限公司 | Acquisition device and data authorization method thereof |
Non-Patent Citations (1)
| Title |
|---|
| 孙娟: "软件故障诊断方法浅析", 《学术·技术》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111534A (en) * | 2018-01-11 | 2018-06-01 | 新华三云计算技术有限公司 | A kind of method and device for controlling authorization |
| CN108111534B (en) * | 2018-01-11 | 2021-02-05 | 新华三云计算技术有限公司 | Method and device for controlling authorization permission |
| CN108200192A (en) * | 2018-01-30 | 2018-06-22 | 北京小米移动软件有限公司 | The method and device of control terminal apparatus bound |
| CN109063423A (en) * | 2018-07-16 | 2018-12-21 | 北京知道创宇信息技术有限公司 | application software authorization method and system |
| CN109063423B (en) * | 2018-07-16 | 2020-12-11 | 北京知道创宇信息技术股份有限公司 | Application software authorization method and system |
| CN109088937A (en) * | 2018-08-28 | 2018-12-25 | 郑州云海信息技术有限公司 | A kind of cluster authorization method and device based on unified management |
| CN109088937B (en) * | 2018-08-28 | 2021-10-26 | 郑州云海信息技术有限公司 | Cluster authorization method and device based on unified management |
| CN113010123A (en) * | 2021-03-12 | 2021-06-22 | 珠海奔图电子有限公司 | Equipment monitoring method and device and server |
| US11736632B2 (en) | 2021-03-12 | 2023-08-22 | Zhuhai Pantum Electronics Co., Ltd. | Device monitoring method, apparatus, server, and storage medium |
| CN113010123B (en) * | 2021-03-12 | 2023-09-05 | 珠海奔图电子有限公司 | Equipment monitoring method, device and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107122630B (en) | 2020-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107122630A (en) | device authorization management method and device | |
| EP1470466B1 (en) | License information exchange system | |
| US20170186117A1 (en) | License management apparatus, license management method, and license authentication program | |
| CN106415571A (en) | Modules to securely provision an asset to a target device | |
| KR100882143B1 (en) | Information processing device and method, and providing medium | |
| CN107705114A (en) | Copyright data processing method, system and storage medium based on block chain technology | |
| KR20050028244A (en) | Method for drm license supporting plural devices | |
| WO1998058327A1 (en) | System, method and article of manufacture for product return of software and other information | |
| KR101609078B1 (en) | License management device, license management system, license management method, and program | |
| CN110018840B (en) | Intelligent contract upgrading method and device, block chain link point equipment and medium | |
| KR20070036667A (en) | Method and system for transferring data | |
| CN105224832A (en) | A kind of method of License authorization set management | |
| EP1396798A1 (en) | A license file, a license management module and alicense management system | |
| CN109522760A (en) | A kind of data forwarding controlling method and system based on hardware control logic | |
| CN108876605A (en) | Digital asset method of commerce and device | |
| JP4897701B2 (en) | Partial revocation list | |
| KR100506530B1 (en) | Method for DRM license supporting plural devices | |
| US20220043434A1 (en) | Method for Managing a Production Process | |
| CN111611550B (en) | Computer system, computer device and authorization management method | |
| CN102289610A (en) | Offline certificate control and management system and method of digital rights management (DRM) of embedded device | |
| CN103164636A (en) | On-line reading digital content authentication method and system | |
| KR20080058838A (en) | Apparatus and method for managing rights object | |
| CN106991297B (en) | The management method and system and creation method and system of software license | |
| WO2013002258A1 (en) | License administration device and license administration method | |
| CN109167785A (en) | A kind of call method and service server of virtual credible root |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230628 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |