CN107204843A - A kind of public-key process method and apparatus - Google Patents
A kind of public-key process method and apparatus Download PDFInfo
- Publication number
- CN107204843A CN107204843A CN201710233046.1A CN201710233046A CN107204843A CN 107204843 A CN107204843 A CN 107204843A CN 201710233046 A CN201710233046 A CN 201710233046A CN 107204843 A CN107204843 A CN 107204843A
- Authority
- CN
- China
- Prior art keywords
- public key
- user
- information
- public
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06313—Resource planning in a project environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Abstract
The embodiments of the invention provide a kind of public-key process method and apparatus, wherein, described method includes:The public key of user in each user's set is collected, wherein, each user's set at least includes a user, one public key of each user's correspondence;Public key request is obtained, wherein, the public key request is sent by installation system, and the installation system is used to be destination server installation operation system, and the public key request includes the first set information that application logs in destination server user;First set information is obtained from public key request, the public key of user in the corresponding user's set of the first set information is determined;The public key of the determination is back to the installation system, so that the public key of the determination is stored in the destination server by the installation system;Need to log in the efficiency of the public key of destination server user so as to improve to collect.
Description
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of public-key process method and apparatus.
Background technology
With continuing to develop for Internet technology, Internet firm is also being continuously increased and expanded.It is most of large-scale mutual
Networking company high-frequency can buy server and come into operation to improve the experience of user.
Before for server installation system, installation personnel need to artificially collect the public affairs for the employee for needing to log in this server
Key, during then the public key of collection is uploaded onto the server.So as to which after server comes into operation, public key is preserved in this server
Employee this server can be logged in by the mode of safety shell protocol (Secure Shell, ssh).But artificially collect needs
The method efficiency for logging in the public key of this server employee is low.
The content of the invention
Technical problem to be solved of the embodiment of the present invention is to provide a kind of public-key process method, to solve in the prior art
Artificially collect need login service device user public key efficiency it is low the problem of.
Accordingly, the embodiment of the present invention additionally provides a kind of public-key process device, to ensure the above method realization and
Using.
In order to solve the above problems, the invention discloses a kind of public-key process method, specifically include:Collect each user's set
The public key of middle user, wherein, each user's set at least includes a user, one public key of each user's correspondence;Obtain public key
Request, wherein, the public key request is sent by installation system, and the installation system is used to be destination server installation operation
System, the public key request includes the first set information that application logs in destination server user;Obtained from public key request
First set information is taken, the public key of user in the corresponding user's set of the first set information is determined;By the public affairs of the determination
Key is back to the installation system, so that the public key of the determination is stored in the destination server by the installation system.
The invention also discloses a kind of public-key process device, specifically include:Collection module, for collecting in each user's set
The public key of user, wherein, each user's set at least includes a user, one public key of each user's correspondence;Acquisition request mould
Block, for obtaining public key request, wherein, the public key request is sent by installation system, and the installation system is used to be mesh
Server installation operation system is marked, the public key request includes the first set information that application logs in destination server user;Really
Cover half block, for obtaining first set information from public key request, determines the corresponding user's collection of the first set information
The public key of user in conjunction;Module is returned to, for the public key of the determination to be back into the installation system, so that the installation system
The public key of the determination is stored in the destination server by system.
Compared with prior art, the embodiment of the present invention includes advantages below:
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set
After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system
For for destination server installation operation system, the public key request to include the first set of application login destination server user
Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems
The installation system so that the public key of the determination is stored in the destination server by installation system;So as to improve receipts
Collection needs to log in the efficiency of the public key of destination server user.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of public-key process embodiment of the method for the present invention;
Fig. 2 is a kind of public-key management systems, LDAP systems and installation phylogenetic relationship schematic diagram of the present invention;
Fig. 3 is the step flow chart of another public-key process embodiment of the method for the present invention;
Fig. 4 is a kind of structured flowchart of public-key process device embodiment of the present invention;
Fig. 5 is the structured flowchart of another public-key process device embodiment of the present invention.
Embodiment
In order to facilitate the understanding of the purposes, features and advantages of the present invention, it is below in conjunction with the accompanying drawings and specific real
Applying mode, the present invention is further detailed explanation.
One of design of the embodiment of the present invention is that public-key management systems are first according to the public key that user is collected in user's set;
Installation system is being received during for destination server installation system operating system, during the public key request of transmission, by correspondence
The public key of user is sent to installation system, so that the system of installing can store corresponding public affairs during installation operation system
Key, improves the efficiency for collecting the public key of user.
Embodiment one
Reference picture 1, shows a kind of step flow chart of public-key process embodiment of the method for the present invention, can specifically include
Following steps:
Step 101, the public key for collecting user in each user's set.
The embodiment of the present invention provides a kind of public-key process method, applies in public-key management systems, for installation system for
The corresponding public key of destination server user is logged in there is provided application during destination server installation operation system, wherein, it is described
Public-key management systems are used for the public key for storing and managing each user's aggregate user, and the destination server is to need installation operation system
The server of system, the installation system is used to be destination server installation operation system.Each company includes multiple departments, such as flows
Journey portion, development department etc., each department include at least one employee, one public key of each employee's correspondence;It therefore, it can according to portion
Door is grouped, and a group is one user's set of correspondence, and the employee that all departments include is the user in correspondence user's set.
Company is after for each employee distribution public key, and public-key management systems can collect the public key of each employee, then according to the spy of public key
Reference is ceased, and public key is stored in corresponding user's set, wherein, at least include the public key of a user in each user's set,
Each one public key of user in public-key management systems, the public key of each user is different.For example, company includes flow portion, exploitation
Portion, test department, department of four, O&M portion, the employee that each department includes respectively has 20,40,50,10;Then public-key management systems
In user's set include the set of flow portion, development department's set, test department set and the set of O&M portion, each user set is distinguished
Including 20, the public key of 40,50,10 users.
Step 102, acquisition public key request, wherein, the public key request is sent by installation system, the installation system
For for destination server installation operation system, the public key request to include the first set of application login destination server user
Information.
In the embodiment of the present invention, installation system be destination server according to operating system before, log in destination server
User's such as operation maintenance personnel, can to installation system submit log in destination server application, user submit application in can only
User gathers corresponding first set information, the public key without filling in user, simple operation where filling in user.Installation system
During for destination server installation operation system, the first set information in user's submission application, Ran Housheng can be extracted
Public-key management systems are delivered into corresponding public key request Concurrency, wherein, the public key request includes application and logs in destination service
The first set information of device user;Public-key management systems obtain the public key request that installation system is sent.
Step 103, the acquisition first set information from public key request, determine the corresponding use of the first set information
The public key of user in the set of family.
Step 104, the public key of the determination is back to the installation system.
Public-key management systems are after public key request is obtained, and the corresponding public key of first set information is returned during can public key be asked
It is back to installation system;Specifically, public-key management systems obtain corresponding first set information from public key request, it is then determined that public
User's set corresponding with the first set information in key management system;The public affairs of all users of correspondence in user set are determined again
Key, so that the public key of determination is back into installation system.Installation system is received after public key, for destination server installation operation system
During system, the public key of reception is stored in destination server, so that after destination server installation operation system, application
The user of destination server is logged in, destination server can be logged in by ssh modes in corresponding terminal.For example, O&M portion
The employee Zhang San of door, submits to installation system and applies, Zhang San only need to fill in first set information such as O&M in the application of submission
Department;Public-key management systems are obtained after O&M department from public key request, determine that corresponding user's collection is combined into the set of O&M portion, its
In, the set of O&M portion includes the public key of 12 users, and 12 client public key are all returned during public-key management systems gather O&M portion
It is back to installation system.The public key of this 12 users is stored on destination server by installation system during installation system,
Zhang San can carry out O&M by corresponding terminal logs in destination server to destination server.Other certain 11 users'
The corresponding user of public key, can also pass through corresponding terminal logs in destination server.
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set
After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system
For for destination server installation operation system, the public key request to include the first set of application login destination server user
Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems
The installation system so that the public key of the determination is stored in the destination server by installation system;So as to improve receipts
Collection needs to log in the efficiency of the public key of destination server user.
Embodiment two
In the embodiment of the present invention, public-key management systems can be from Light Directory Access Protocol (Lightweight Directory
Access Protocol, LDAP) management information is obtained in system, then store user in each user's set according to management information
Public key;After public key request is obtained, the public key of user in user's set with authority is back to installation system;Wherein,
The relation of public-key management systems, LDAP systems and system of installing is as shown in Figure 2.Public-key management systems specifically collect public key and return
The method of public key can refer to Fig. 3.Fig. 3 shows a kind of step flow chart of public key management embodiment of the method for the present invention, specifically
It may include steps of:
Step 301, the public key for obtaining user.
Step 302, from Light Directory Access Protocol LDAP systems, inquire about the corresponding management letter of public key of the acquisition
Breath, the management information includes second set information and authority information.
Public-key management systems collect the process of the public key of user in each user's set, are by the public key guarantor of each user of acquisition
There is the process of each user's set, wherein, public-key management systems are believed according to the corresponding management of public key of each user in LDAP systems
Breath, stores the public key of user.LDAP systems are used to store customer management information in the embodiment of the present invention, and the management information includes
Second set information and authority information, the corresponding authority of the authority information include the authority for logging in destination server.It is any to use
Family distribute a public key after, can be directly entered in public-key management systems corresponding public key or from LDAP systems to
Public-key management systems send the instruction of addition public key;So as to which public-key management systems can be operated according to typing, or LDAP systems hair
The public key for needing to store is obtained in the instruction sent.Public-key management systems by the public key of acquisition be stored in correspondence user set when,
Inquiry request can be sent to LDAP systems, to inquire about the corresponding management information of public key of needs storage.LDAP systems are received
To after the inquiry request of public-key management systems, the corresponding management information of public key in inquiry request is back to public-key management systems,
And then, public-key management systems will need the public key of storage according to the management information of inquiry, added in corresponding user set, tool
Body step is as follows:
Step 303, judge whether the public key for having created the acquisition corresponding user set;If so, then performing step
304;If it is not, then performing step 305.
Public-key management systems can obtain second set information from management system, it is determined that the user belonging to the public key obtained
Set;Judge corresponding user's set whether has been created in public-key management systems again, if having created the public key correspondence of the acquisition
User set, then perform step 304;If the corresponding user's set of the public key for not creating the acquisition, performs step 305.
Step 304, by the public key of the acquisition added to corresponding user set in.
If the corresponding user's set of the public key of the existing acquisition, directly deposits the public key of acquisition in public-key management systems
Storage is in corresponding user gathers.
Step 305, the corresponding user's set of public key for setting up in public-key management systems the acquisition, and obtained to be described
The corresponding authority information of public key corresponding user set configuration;And collect the public key of the acquisition added to corresponding user
In conjunction.
If can believe in public-key management systems in the absence of the corresponding user's set of public key of the acquisition according to from management
The second set information obtained in breath sets up corresponding user's set.Different departments has different power in the embodiment of the present invention
Limit, possible some departments are without authority such as flow department, the test organization etc. for logging in destination server, and some departments have
Log in authority such as O&M department, developing department etc. of destination server;Only there is the user's collection for logging in destination server authority
Each user in conjunction, can log in destination server.Therefore, public-key management systems, can be from management when setting up user's set
Authority information is obtained in information, and is the corresponding authority information of each user set configuration, there is authority to be returned to installation system
Public key.Then the public key of acquisition is stored in the user of foundation set again.
For example, LDAP systems include four user's set:A, B, C, D, wherein, the member A1-A12 that A includes, B includes
Member B1-B10, member C1-C18, the member D1-A30 that D includes that C includes;A and B has the power for logging in destination server
Limit, C and D are without the authority for logging in destination server.User set A and D have been set up in public-key management systems, has worked as public key management
When system obtains A10 public key, directly the corresponding public keys of A10 are stored in party A-subscriber's set;When obtaining B1, in public key pipe
Set B is set up in reason system, the authority information of set B is reconfigured to log in the authority of destination server, it is then that B1 is corresponding
Public key is stored in set B.
Step 306, acquisition public key request.
, can after the application of user's submission is received during installation system is destination server installation operation system
To send public key request to public-key management systems, to obtain the corresponding public key of application of user's submission;Wherein, the public key request
Can be HTTPS request, that is, system of installing sends public key request to the HTTPS interfaces of public-key management systems.Public-key management systems
The public key is obtained by HTTPS interfaces to ask.
Step 307, the acquisition first set information from public key request, obtain the first set information correspondence user
The authority information of set.
Application logs in user's set belonging to the user of destination server in the embodiment of the present invention, it may be possible to login mesh
The user's set for marking server authority, it is also possible to without the user's set for logging in destination server authority;In order to ensure mesh
The safety of server is marked, public-key management systems can be asked after the public key request that installation system is sent is obtained from the public key
Middle to obtain corresponding first set information, the first set information that destination server is logged in application carries out the checking of authority, with
Public key with user in the user's set for logging in destination server authority is back to installation system.Specifically, public key management
System can determine corresponding user's set according to first set information, then obtain first set information correspondence user's collection
The authority information of conjunction, to determine whether the corresponding user's set of first set information has login destination server in public key request
Authority.
Step 308, according to the authority information judge whether user set has the authority for logging in destination server;
If so, then performing step 309;If it is not, then performing the step of terminating.
Public-key management systems obtain user and gathered after corresponding authority information, and the user is judged according to the authority information
Whether set has the authority for logging in destination server;When it is determined that user set is with the authority for logging in destination server
When, then perform step 309;When it is determined that user set is without the authority for logging in destination server, then perform what is terminated
Step.
Step 309, the public key for determining user in the corresponding user's set of the first set information.
Step 310, the public key of the determination is back to the installation system.
When it is determined that the corresponding user's set of first set information is with the authority for logging in destination server in public key request,
The corresponding public key of all users in user set is determined, then the public key of determination is back to installation system.Installation system is being obtained
Take after public key, during for destination server installation operation system, the public key of acquisition is stored in destination server;From
And apply for logging in the user of destination server, destination server can be logged in.
For example, public-key management systems include four user's set:A, B, C, D, wherein, A includes A1-A12 public key, B
Public key including B1-B10, C includes C1-C18 public key, and D includes D1-D30 public key;A and B, which has, logs in destination server
Authority, C and D are without the authority for logging in destination server.When public-key management systems determine first set information in public key request
Corresponding user's collection is combined into B, then B1-B10 public key is all back into installation system;When public-key management systems determine that public key please
Ask middle first set information corresponding user collection to be combined into C, then do not return to the public key of any user to installation system.
In addition, receiving the fresh information that LDAP systems are sent, and corresponding user's set is updated according to the fresh information.
In the embodiment of the present invention, user's set in user's set and LDAP systems in public-key management systems is correspondence
, when the user's set set up in LDAP systems updates, the deletion or addition of user, the change of the authority of user's set in such as user
Change of title of change and user's set etc., user's set in public-key management systems is also required to carry out corresponding renewal.
The specific method that public-key management systems obtain fresh information includes, and public-key management systems can be according to predetermined period to LDAP systems
Send and update request, and then LDAP systems send corresponding fresh information to public-key management systems;In can also being LDAP systems
User set in the updated, directly to public-key management systems send fresh information.Public-key management systems are receiving renewal letter
After breath, according to the more corresponding user's set of fresh information.
The public-key management systems of the embodiment of the present invention are each setting up during the public key of user in collecting each user's set
It is the corresponding authority information of each user's set configuration when user gathers;And then in the second set information asked according to public key, will
The public key of user is back to installation server in user's set with authority, so as to ensure that the safety of server.In addition, public
The fresh information that key management system can be sent according to the LDAP systems of reception, updates corresponding user's set, to ensure public key
Each user gathers the accuracy of corresponding authority information in management system, and user's set belonging to the public key of user accuracy.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it to be all expressed as to a series of action group
Close, but those skilled in the art should know, the embodiment of the present invention is not limited by described sequence of movement, because according to
According to the embodiment of the present invention, some steps can be carried out sequentially or simultaneously using other.Secondly, those skilled in the art also should
Know, embodiment described in this description belongs to preferred embodiment, the involved action not necessarily present invention is implemented
Necessary to example.
Embodiment three
Reference picture 4, shows a kind of structured flowchart of public-key process device embodiment of the present invention, to ensure above-mentioned public affairs
The implementation of key processing method, described device is specifically included:Collection module 401, acquisition request module 402, determining module 403 and return
Module 404 is returned, wherein,
Collection module 401, the public key for collecting user in each user's set, wherein, each user's set at least includes
One user, one public key of each user's correspondence.
Acquisition request module 402, for obtaining public key request, wherein, the public key request is sent by installation system,
The installation system is used to be destination server installation operation system, and the public key request includes application login destination server and used
The first set information at family.
Determining module 403, for obtaining first set information from public key request, determines the first set information
The public key of user in corresponding user's set.
Module 404 is returned to, for the public key of the determination to be back into the installation system, so that installation system will be described
The public key of determination is stored in the destination server.
In another embodiment of the present invention, module, and the submodule that each module includes also are included for described device
Block is described in detail, specifically, described device also includes:Update module 405, the update module 405, for receiving
The fresh information that LDAP systems are sent, and update corresponding user's set according to the fresh information.
Collection module 401 described in the embodiment of the present invention includes:Public key acquisition submodule 4011, inquiry submodule 4012 and
Submodule 4013 is added, wherein,
Public key acquisition submodule 4011, the public key for obtaining user;
Submodule 4012 is inquired about, for from Light Directory Access Protocol LDAP systems, inquiring about the public key pair of the acquisition
The management information answered, the management information includes second set information and authority information;
Submodule 4013 is added, for collecting the public key of the acquisition added to corresponding user according to the management information
In conjunction.
In the embodiment of the present invention, the determining module 403 is additionally operable to it is determined that the corresponding user of the first set information
In set before the public key of user, the authority information of first set information correspondence user's set is obtained;According to the authority
When information determines user's set with the authority for logging in destination server, perform and determine that the first set information is corresponding
In user's set the step of the public key of user.
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set
After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system
For for destination server installation operation system, the public key request to include the first set of application login destination server user
Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems
The installation system so that installation system stores the public key of the determination into the destination server;So as to improve receipts
Collection needs to log in the efficiency of the public key of destination server user.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related
Part illustrates referring to the part of embodiment of the method.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with
Between the difference of other embodiment, each embodiment identical similar part mutually referring to.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, device or calculate
Machine program product.Therefore, the embodiment of the present invention can using complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can use it is one or more wherein include computer can
With in the computer-usable storage medium (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention is with reference to method according to embodiments of the present invention, terminal device (system) and computer program
The flow chart and/or block diagram of product is described.It should be understood that can be by computer program instructions implementation process figure and/or block diagram
In each flow and/or square frame and the flow in flow chart and/or block diagram and/or the combination of square frame.These can be provided
Computer program instructions are set to all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to produce a machine so that held by the processor of computer or other programmable data processing terminal equipments
Capable instruction is produced for realizing in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames
The device for the function of specifying.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing terminal equipments
In the computer-readable memory worked in a specific way so that the instruction being stored in the computer-readable memory produces bag
The manufacture of command device is included, the command device is realized in one flow of flow chart or multiple flows and/or one side of block diagram
The function of being specified in frame or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing terminal equipments so that
Series of operation steps is performed on computer or other programmable terminal equipments to produce computer implemented processing, so that
The instruction performed on computer or other programmable terminal equipments is provided for realizing in one flow of flow chart or multiple flows
And/or specified in one square frame of block diagram or multiple square frames function the step of.
Although having been described for the preferred embodiment of the embodiment of the present invention, those skilled in the art once know base
This creative concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to
Including preferred embodiment and fall into having altered and changing for range of embodiment of the invention.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or terminal device including a series of key elements are not only wrapped
Those key elements, but also other key elements including being not expressly set out are included, or also include being this process, method, article
Or the intrinsic key element of terminal device.In the absence of more restrictions, by wanting that sentence "including a ..." is limited
Element, it is not excluded that also there is other identical element in the process including the key element, method, article or terminal device.
Above to a kind of public key setting method provided by the present invention and a kind of public key setting device, detailed Jie has been carried out
Continue, specific case used herein is set forth to the principle and embodiment of the present invention, the explanation of above example is only
It is the method and its core concept for being used to help understand the present invention;Simultaneously for those of ordinary skill in the art, according to this hair
Bright thought, be will change in specific embodiments and applications, in summary, and this specification content should not be managed
Solve as limitation of the present invention.
Claims (10)
1. a kind of public-key process method, it is characterised in that including:
The public key of user in each user's set is collected, wherein, each user's set at least includes a user, each user's correspondence
One public key;
Public key request is obtained, wherein, the public key request is sent by installation system, and the installation system is used for for target clothes
Business device installation operation system, the public key request includes the first set information that application logs in destination server user;
First set information is obtained from public key request, user in the corresponding user's set of the first set information is determined
Public key;
The public key of the determination is back to the installation system, so that the public key of the determination is stored in by the installation system
In the destination server.
2. according to the method described in claim 1, it is characterised in that it is determined that the corresponding user's set of the first set information
Before the step of public key of middle user, in addition to:
Obtain the authority information of first set information correspondence user's set;
Determine whether user's set has the authority for logging in destination server according to the authority information;
If user's set is with the authority for logging in destination server, execution determines that the first set information is corresponding and used
In the set of family the step of the public key of user.
3. according to the method described in claim 1, it is characterised in that the step of collecting the public key of user in each user's set, bag
Include:
Obtain the public key of user;
From Light Directory Access Protocol system, the corresponding management information of public key of the acquisition, the management information bag are inquired about
Include second set information and authority information;
During according to the management information, the public key of the acquisition is gathered added to corresponding user.
4. method according to claim 3, it is characterised in that add the public key of the acquisition according to the management information
Step in gathering to corresponding user, including:
Second set information is obtained from the management information, the corresponding user's set of public key of the acquisition is determined;
Judge whether the corresponding user's set of the public key for having created the acquisition;
If the corresponding user's set of the public key for having created the acquisition, the public key of the acquisition is collected added to corresponding user
In conjunction;
If the corresponding user's set of the public key for not creating the acquisition, sets up the public key of the acquisition in public-key management systems
Corresponding user's set, and be the corresponding authority information of the corresponding user's set configuration of public key of the acquisition;And will be described
During the public key of acquisition is gathered added to corresponding user.
5. according to the method described in claim 1, it is characterised in that also include:
The fresh information that Light Directory Access Protocol system is sent is received, and corresponding user's collection is updated according to the fresh information
Close.
6. a kind of public-key process device, it is characterised in that including;
Collection module, the public key for collecting user in each user's set, wherein, each user's set at least includes a use
Family, one public key of each user's correspondence;
Acquisition request module, for obtaining public key request, wherein, the public key request is sent by installation system, the dress
Machine system is used to be destination server installation operation system, and public key request includes the of application login destination server user
One aggregate information;
Determining module, for obtaining first set information from public key request, determines that the first set information is corresponding
The public key of user in user's set;
Module is returned to, for the public key of the determination to be back into the installation system, so that the installation system will be described true
Fixed public key is stored in the destination server.
7. device according to claim 6, it is characterised in that
The determining module, is additionally operable to it is determined that in the first set information corresponding user set before the public key of user,
Obtain the authority information of first set information correspondence user's set;Determine that user's set is according to the authority information
It is no that there is the authority for logging in destination server;If user's set is with the authority for logging in destination server, it is determined that described
The public key of user in the corresponding user's set of first set information.
8. device according to claim 6, it is characterised in that the collection module includes:
Public key acquisition submodule, the public key for obtaining user;
Submodule is inquired about, for from Light Directory Access Protocol LDAP systems, inquiring about the corresponding management of public key of the acquisition
Information, the management information includes second set information and authority information;
Submodule is added, used in gathering the public key of the acquisition added to corresponding user according to the management information.
9. device according to claim 8, it is characterised in that
The addition submodule, specifically for obtaining second set information from the management information, determines the public affairs of the acquisition
The corresponding user's set of key;Judge whether the corresponding user's set of the public key for having created the acquisition;If having created described obtain
The corresponding user's set of public key taken, then during the public key of the acquisition is gathered added to corresponding user;If not creating described
The corresponding user's set of public key of acquisition, then set up the corresponding user's set of public key of the acquisition in public-key management systems,
And be the corresponding authority information of the corresponding user's set configuration of public key of the acquisition;And be added to the public key of the acquisition
In corresponding user's set.
10. device according to claim 6, it is characterised in that also include:
Update module, the fresh information for receiving the transmission of Light Directory Access Protocol system, and according to the fresh information more
New corresponding user's set.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710233046.1A CN107204843B (en) | 2017-04-11 | 2017-04-11 | Public key processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710233046.1A CN107204843B (en) | 2017-04-11 | 2017-04-11 | Public key processing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107204843A true CN107204843A (en) | 2017-09-26 |
CN107204843B CN107204843B (en) | 2020-10-27 |
Family
ID=59905548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710233046.1A Active CN107204843B (en) | 2017-04-11 | 2017-04-11 | Public key processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204843B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102986190A (en) * | 2010-07-08 | 2013-03-20 | 国际商业机器公司 | Resource access management |
US20130117554A1 (en) * | 2011-12-21 | 2013-05-09 | Ssh Communications Security Corp | User key management for the Secure Shell (SSH) |
CN103873237A (en) * | 2012-12-17 | 2014-06-18 | 上海格尔软件股份有限公司 | Method for querying public key certificates of users between PKI (public key infrastructure)-system-based application systems |
CN105100031A (en) * | 2014-05-23 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for adding trusts in batches |
CN105872059A (en) * | 2016-03-31 | 2016-08-17 | 北京奇艺世纪科技有限公司 | Remote execution method and device |
-
2017
- 2017-04-11 CN CN201710233046.1A patent/CN107204843B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102986190A (en) * | 2010-07-08 | 2013-03-20 | 国际商业机器公司 | Resource access management |
US20130117554A1 (en) * | 2011-12-21 | 2013-05-09 | Ssh Communications Security Corp | User key management for the Secure Shell (SSH) |
CN103873237A (en) * | 2012-12-17 | 2014-06-18 | 上海格尔软件股份有限公司 | Method for querying public key certificates of users between PKI (public key infrastructure)-system-based application systems |
CN105100031A (en) * | 2014-05-23 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for adding trusts in batches |
CN105872059A (en) * | 2016-03-31 | 2016-08-17 | 北京奇艺世纪科技有限公司 | Remote execution method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107204843B (en) | 2020-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10824398B2 (en) | System and method for generating an application structure for an application in a computerized organization | |
US9923767B2 (en) | Dynamic configuration of remote capture agents for network data capture | |
CN110708322A (en) | Method for realizing proxy service of industrial internet identification analysis system | |
CN103685590B (en) | Obtain the method and system of IP address | |
CN103957248A (en) | Public real-time data management cloud service platform based on Internet of Things | |
CN110719194B (en) | Network data analysis method and device | |
CN104243598A (en) | Information recommendation method and device | |
CN110334297A (en) | Loading method, terminal, server and the storage medium of terminal page | |
CN107453900B (en) | Cloud analysis parameter setting management system and method for realizing parameter setting | |
CN105933234A (en) | Node management method and system in CDN network | |
CN112925646A (en) | Electric power data edge calculation system and calculation method | |
JP2024512111A (en) | Federated learning methods, devices, electronic devices and storage media | |
US10410152B2 (en) | System and method for automatically and efficiently monitoring software development life cycles | |
CN106168963B (en) | Real-time streaming data processing method and device and server | |
CN105933226A (en) | Content distributing method and system | |
CN106682206A (en) | Method and system for big data processing | |
CN107784009A (en) | Data query, data query processing method and processing device | |
US20230104626A1 (en) | Securely sharing public and private blockchain data | |
CN110837657B (en) | Data processing method, client, server and storage medium | |
CN107733709A (en) | Date storage method, device and electronic equipment | |
US9400729B2 (en) | System and method for determining topology of monitored entities | |
CN107204843A (en) | A kind of public-key process method and apparatus | |
CN110515975A (en) | Risk detecting system, method and device | |
CN106899550B (en) | Cloud platform resource monitoring method and device | |
CN114793244A (en) | Resource processing method, device, equipment and medium for block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |