CN107204843A - A kind of public-key process method and apparatus - Google Patents

A kind of public-key process method and apparatus Download PDF

Info

Publication number
CN107204843A
CN107204843A CN201710233046.1A CN201710233046A CN107204843A CN 107204843 A CN107204843 A CN 107204843A CN 201710233046 A CN201710233046 A CN 201710233046A CN 107204843 A CN107204843 A CN 107204843A
Authority
CN
China
Prior art keywords
public key
user
information
public
acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710233046.1A
Other languages
Chinese (zh)
Other versions
CN107204843B (en
Inventor
吴岩
翁迟迟
丁浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing QIYI Century Science and Technology Co Ltd
Original Assignee
Beijing QIYI Century Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing QIYI Century Science and Technology Co Ltd filed Critical Beijing QIYI Century Science and Technology Co Ltd
Priority to CN201710233046.1A priority Critical patent/CN107204843B/en
Publication of CN107204843A publication Critical patent/CN107204843A/en
Application granted granted Critical
Publication of CN107204843B publication Critical patent/CN107204843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06313Resource planning in a project environment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Abstract

The embodiments of the invention provide a kind of public-key process method and apparatus, wherein, described method includes:The public key of user in each user's set is collected, wherein, each user's set at least includes a user, one public key of each user's correspondence;Public key request is obtained, wherein, the public key request is sent by installation system, and the installation system is used to be destination server installation operation system, and the public key request includes the first set information that application logs in destination server user;First set information is obtained from public key request, the public key of user in the corresponding user's set of the first set information is determined;The public key of the determination is back to the installation system, so that the public key of the determination is stored in the destination server by the installation system;Need to log in the efficiency of the public key of destination server user so as to improve to collect.

Description

A kind of public-key process method and apparatus
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of public-key process method and apparatus.
Background technology
With continuing to develop for Internet technology, Internet firm is also being continuously increased and expanded.It is most of large-scale mutual Networking company high-frequency can buy server and come into operation to improve the experience of user.
Before for server installation system, installation personnel need to artificially collect the public affairs for the employee for needing to log in this server Key, during then the public key of collection is uploaded onto the server.So as to which after server comes into operation, public key is preserved in this server Employee this server can be logged in by the mode of safety shell protocol (Secure Shell, ssh).But artificially collect needs The method efficiency for logging in the public key of this server employee is low.
The content of the invention
Technical problem to be solved of the embodiment of the present invention is to provide a kind of public-key process method, to solve in the prior art Artificially collect need login service device user public key efficiency it is low the problem of.
Accordingly, the embodiment of the present invention additionally provides a kind of public-key process device, to ensure the above method realization and Using.
In order to solve the above problems, the invention discloses a kind of public-key process method, specifically include:Collect each user's set The public key of middle user, wherein, each user's set at least includes a user, one public key of each user's correspondence;Obtain public key Request, wherein, the public key request is sent by installation system, and the installation system is used to be destination server installation operation System, the public key request includes the first set information that application logs in destination server user;Obtained from public key request First set information is taken, the public key of user in the corresponding user's set of the first set information is determined;By the public affairs of the determination Key is back to the installation system, so that the public key of the determination is stored in the destination server by the installation system.
The invention also discloses a kind of public-key process device, specifically include:Collection module, for collecting in each user's set The public key of user, wherein, each user's set at least includes a user, one public key of each user's correspondence;Acquisition request mould Block, for obtaining public key request, wherein, the public key request is sent by installation system, and the installation system is used to be mesh Server installation operation system is marked, the public key request includes the first set information that application logs in destination server user;Really Cover half block, for obtaining first set information from public key request, determines the corresponding user's collection of the first set information The public key of user in conjunction;Module is returned to, for the public key of the determination to be back into the installation system, so that the installation system The public key of the determination is stored in the destination server by system.
Compared with prior art, the embodiment of the present invention includes advantages below:
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system For for destination server installation operation system, the public key request to include the first set of application login destination server user Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems The installation system so that the public key of the determination is stored in the destination server by installation system;So as to improve receipts Collection needs to log in the efficiency of the public key of destination server user.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of public-key process embodiment of the method for the present invention;
Fig. 2 is a kind of public-key management systems, LDAP systems and installation phylogenetic relationship schematic diagram of the present invention;
Fig. 3 is the step flow chart of another public-key process embodiment of the method for the present invention;
Fig. 4 is a kind of structured flowchart of public-key process device embodiment of the present invention;
Fig. 5 is the structured flowchart of another public-key process device embodiment of the present invention.
Embodiment
In order to facilitate the understanding of the purposes, features and advantages of the present invention, it is below in conjunction with the accompanying drawings and specific real Applying mode, the present invention is further detailed explanation.
One of design of the embodiment of the present invention is that public-key management systems are first according to the public key that user is collected in user's set; Installation system is being received during for destination server installation system operating system, during the public key request of transmission, by correspondence The public key of user is sent to installation system, so that the system of installing can store corresponding public affairs during installation operation system Key, improves the efficiency for collecting the public key of user.
Embodiment one
Reference picture 1, shows a kind of step flow chart of public-key process embodiment of the method for the present invention, can specifically include Following steps:
Step 101, the public key for collecting user in each user's set.
The embodiment of the present invention provides a kind of public-key process method, applies in public-key management systems, for installation system for The corresponding public key of destination server user is logged in there is provided application during destination server installation operation system, wherein, it is described Public-key management systems are used for the public key for storing and managing each user's aggregate user, and the destination server is to need installation operation system The server of system, the installation system is used to be destination server installation operation system.Each company includes multiple departments, such as flows Journey portion, development department etc., each department include at least one employee, one public key of each employee's correspondence;It therefore, it can according to portion Door is grouped, and a group is one user's set of correspondence, and the employee that all departments include is the user in correspondence user's set. Company is after for each employee distribution public key, and public-key management systems can collect the public key of each employee, then according to the spy of public key Reference is ceased, and public key is stored in corresponding user's set, wherein, at least include the public key of a user in each user's set, Each one public key of user in public-key management systems, the public key of each user is different.For example, company includes flow portion, exploitation Portion, test department, department of four, O&M portion, the employee that each department includes respectively has 20,40,50,10;Then public-key management systems In user's set include the set of flow portion, development department's set, test department set and the set of O&M portion, each user set is distinguished Including 20, the public key of 40,50,10 users.
Step 102, acquisition public key request, wherein, the public key request is sent by installation system, the installation system For for destination server installation operation system, the public key request to include the first set of application login destination server user Information.
In the embodiment of the present invention, installation system be destination server according to operating system before, log in destination server User's such as operation maintenance personnel, can to installation system submit log in destination server application, user submit application in can only User gathers corresponding first set information, the public key without filling in user, simple operation where filling in user.Installation system During for destination server installation operation system, the first set information in user's submission application, Ran Housheng can be extracted Public-key management systems are delivered into corresponding public key request Concurrency, wherein, the public key request includes application and logs in destination service The first set information of device user;Public-key management systems obtain the public key request that installation system is sent.
Step 103, the acquisition first set information from public key request, determine the corresponding use of the first set information The public key of user in the set of family.
Step 104, the public key of the determination is back to the installation system.
Public-key management systems are after public key request is obtained, and the corresponding public key of first set information is returned during can public key be asked It is back to installation system;Specifically, public-key management systems obtain corresponding first set information from public key request, it is then determined that public User's set corresponding with the first set information in key management system;The public affairs of all users of correspondence in user set are determined again Key, so that the public key of determination is back into installation system.Installation system is received after public key, for destination server installation operation system During system, the public key of reception is stored in destination server, so that after destination server installation operation system, application The user of destination server is logged in, destination server can be logged in by ssh modes in corresponding terminal.For example, O&M portion The employee Zhang San of door, submits to installation system and applies, Zhang San only need to fill in first set information such as O&M in the application of submission Department;Public-key management systems are obtained after O&M department from public key request, determine that corresponding user's collection is combined into the set of O&M portion, its In, the set of O&M portion includes the public key of 12 users, and 12 client public key are all returned during public-key management systems gather O&M portion It is back to installation system.The public key of this 12 users is stored on destination server by installation system during installation system, Zhang San can carry out O&M by corresponding terminal logs in destination server to destination server.Other certain 11 users' The corresponding user of public key, can also pass through corresponding terminal logs in destination server.
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system For for destination server installation operation system, the public key request to include the first set of application login destination server user Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems The installation system so that the public key of the determination is stored in the destination server by installation system;So as to improve receipts Collection needs to log in the efficiency of the public key of destination server user.
Embodiment two
In the embodiment of the present invention, public-key management systems can be from Light Directory Access Protocol (Lightweight Directory Access Protocol, LDAP) management information is obtained in system, then store user in each user's set according to management information Public key;After public key request is obtained, the public key of user in user's set with authority is back to installation system;Wherein, The relation of public-key management systems, LDAP systems and system of installing is as shown in Figure 2.Public-key management systems specifically collect public key and return The method of public key can refer to Fig. 3.Fig. 3 shows a kind of step flow chart of public key management embodiment of the method for the present invention, specifically It may include steps of:
Step 301, the public key for obtaining user.
Step 302, from Light Directory Access Protocol LDAP systems, inquire about the corresponding management letter of public key of the acquisition Breath, the management information includes second set information and authority information.
Public-key management systems collect the process of the public key of user in each user's set, are by the public key guarantor of each user of acquisition There is the process of each user's set, wherein, public-key management systems are believed according to the corresponding management of public key of each user in LDAP systems Breath, stores the public key of user.LDAP systems are used to store customer management information in the embodiment of the present invention, and the management information includes Second set information and authority information, the corresponding authority of the authority information include the authority for logging in destination server.It is any to use Family distribute a public key after, can be directly entered in public-key management systems corresponding public key or from LDAP systems to Public-key management systems send the instruction of addition public key;So as to which public-key management systems can be operated according to typing, or LDAP systems hair The public key for needing to store is obtained in the instruction sent.Public-key management systems by the public key of acquisition be stored in correspondence user set when, Inquiry request can be sent to LDAP systems, to inquire about the corresponding management information of public key of needs storage.LDAP systems are received To after the inquiry request of public-key management systems, the corresponding management information of public key in inquiry request is back to public-key management systems, And then, public-key management systems will need the public key of storage according to the management information of inquiry, added in corresponding user set, tool Body step is as follows:
Step 303, judge whether the public key for having created the acquisition corresponding user set;If so, then performing step 304;If it is not, then performing step 305.
Public-key management systems can obtain second set information from management system, it is determined that the user belonging to the public key obtained Set;Judge corresponding user's set whether has been created in public-key management systems again, if having created the public key correspondence of the acquisition User set, then perform step 304;If the corresponding user's set of the public key for not creating the acquisition, performs step 305.
Step 304, by the public key of the acquisition added to corresponding user set in.
If the corresponding user's set of the public key of the existing acquisition, directly deposits the public key of acquisition in public-key management systems Storage is in corresponding user gathers.
Step 305, the corresponding user's set of public key for setting up in public-key management systems the acquisition, and obtained to be described The corresponding authority information of public key corresponding user set configuration;And collect the public key of the acquisition added to corresponding user In conjunction.
If can believe in public-key management systems in the absence of the corresponding user's set of public key of the acquisition according to from management The second set information obtained in breath sets up corresponding user's set.Different departments has different power in the embodiment of the present invention Limit, possible some departments are without authority such as flow department, the test organization etc. for logging in destination server, and some departments have Log in authority such as O&M department, developing department etc. of destination server;Only there is the user's collection for logging in destination server authority Each user in conjunction, can log in destination server.Therefore, public-key management systems, can be from management when setting up user's set Authority information is obtained in information, and is the corresponding authority information of each user set configuration, there is authority to be returned to installation system Public key.Then the public key of acquisition is stored in the user of foundation set again.
For example, LDAP systems include four user's set:A, B, C, D, wherein, the member A1-A12 that A includes, B includes Member B1-B10, member C1-C18, the member D1-A30 that D includes that C includes;A and B has the power for logging in destination server Limit, C and D are without the authority for logging in destination server.User set A and D have been set up in public-key management systems, has worked as public key management When system obtains A10 public key, directly the corresponding public keys of A10 are stored in party A-subscriber's set;When obtaining B1, in public key pipe Set B is set up in reason system, the authority information of set B is reconfigured to log in the authority of destination server, it is then that B1 is corresponding Public key is stored in set B.
Step 306, acquisition public key request.
, can after the application of user's submission is received during installation system is destination server installation operation system To send public key request to public-key management systems, to obtain the corresponding public key of application of user's submission;Wherein, the public key request Can be HTTPS request, that is, system of installing sends public key request to the HTTPS interfaces of public-key management systems.Public-key management systems The public key is obtained by HTTPS interfaces to ask.
Step 307, the acquisition first set information from public key request, obtain the first set information correspondence user The authority information of set.
Application logs in user's set belonging to the user of destination server in the embodiment of the present invention, it may be possible to login mesh The user's set for marking server authority, it is also possible to without the user's set for logging in destination server authority;In order to ensure mesh The safety of server is marked, public-key management systems can be asked after the public key request that installation system is sent is obtained from the public key Middle to obtain corresponding first set information, the first set information that destination server is logged in application carries out the checking of authority, with Public key with user in the user's set for logging in destination server authority is back to installation system.Specifically, public key management System can determine corresponding user's set according to first set information, then obtain first set information correspondence user's collection The authority information of conjunction, to determine whether the corresponding user's set of first set information has login destination server in public key request Authority.
Step 308, according to the authority information judge whether user set has the authority for logging in destination server; If so, then performing step 309;If it is not, then performing the step of terminating.
Public-key management systems obtain user and gathered after corresponding authority information, and the user is judged according to the authority information Whether set has the authority for logging in destination server;When it is determined that user set is with the authority for logging in destination server When, then perform step 309;When it is determined that user set is without the authority for logging in destination server, then perform what is terminated Step.
Step 309, the public key for determining user in the corresponding user's set of the first set information.
Step 310, the public key of the determination is back to the installation system.
When it is determined that the corresponding user's set of first set information is with the authority for logging in destination server in public key request, The corresponding public key of all users in user set is determined, then the public key of determination is back to installation system.Installation system is being obtained Take after public key, during for destination server installation operation system, the public key of acquisition is stored in destination server;From And apply for logging in the user of destination server, destination server can be logged in.
For example, public-key management systems include four user's set:A, B, C, D, wherein, A includes A1-A12 public key, B Public key including B1-B10, C includes C1-C18 public key, and D includes D1-D30 public key;A and B, which has, logs in destination server Authority, C and D are without the authority for logging in destination server.When public-key management systems determine first set information in public key request Corresponding user's collection is combined into B, then B1-B10 public key is all back into installation system;When public-key management systems determine that public key please Ask middle first set information corresponding user collection to be combined into C, then do not return to the public key of any user to installation system.
In addition, receiving the fresh information that LDAP systems are sent, and corresponding user's set is updated according to the fresh information.
In the embodiment of the present invention, user's set in user's set and LDAP systems in public-key management systems is correspondence , when the user's set set up in LDAP systems updates, the deletion or addition of user, the change of the authority of user's set in such as user Change of title of change and user's set etc., user's set in public-key management systems is also required to carry out corresponding renewal. The specific method that public-key management systems obtain fresh information includes, and public-key management systems can be according to predetermined period to LDAP systems Send and update request, and then LDAP systems send corresponding fresh information to public-key management systems;In can also being LDAP systems User set in the updated, directly to public-key management systems send fresh information.Public-key management systems are receiving renewal letter After breath, according to the more corresponding user's set of fresh information.
The public-key management systems of the embodiment of the present invention are each setting up during the public key of user in collecting each user's set It is the corresponding authority information of each user's set configuration when user gathers;And then in the second set information asked according to public key, will The public key of user is back to installation server in user's set with authority, so as to ensure that the safety of server.In addition, public The fresh information that key management system can be sent according to the LDAP systems of reception, updates corresponding user's set, to ensure public key Each user gathers the accuracy of corresponding authority information in management system, and user's set belonging to the public key of user accuracy.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it to be all expressed as to a series of action group Close, but those skilled in the art should know, the embodiment of the present invention is not limited by described sequence of movement, because according to According to the embodiment of the present invention, some steps can be carried out sequentially or simultaneously using other.Secondly, those skilled in the art also should Know, embodiment described in this description belongs to preferred embodiment, the involved action not necessarily present invention is implemented Necessary to example.
Embodiment three
Reference picture 4, shows a kind of structured flowchart of public-key process device embodiment of the present invention, to ensure above-mentioned public affairs The implementation of key processing method, described device is specifically included:Collection module 401, acquisition request module 402, determining module 403 and return Module 404 is returned, wherein,
Collection module 401, the public key for collecting user in each user's set, wherein, each user's set at least includes One user, one public key of each user's correspondence.
Acquisition request module 402, for obtaining public key request, wherein, the public key request is sent by installation system, The installation system is used to be destination server installation operation system, and the public key request includes application login destination server and used The first set information at family.
Determining module 403, for obtaining first set information from public key request, determines the first set information The public key of user in corresponding user's set.
Module 404 is returned to, for the public key of the determination to be back into the installation system, so that installation system will be described The public key of determination is stored in the destination server.
In another embodiment of the present invention, module, and the submodule that each module includes also are included for described device Block is described in detail, specifically, described device also includes:Update module 405, the update module 405, for receiving The fresh information that LDAP systems are sent, and update corresponding user's set according to the fresh information.
Collection module 401 described in the embodiment of the present invention includes:Public key acquisition submodule 4011, inquiry submodule 4012 and Submodule 4013 is added, wherein,
Public key acquisition submodule 4011, the public key for obtaining user;
Submodule 4012 is inquired about, for from Light Directory Access Protocol LDAP systems, inquiring about the public key pair of the acquisition The management information answered, the management information includes second set information and authority information;
Submodule 4013 is added, for collecting the public key of the acquisition added to corresponding user according to the management information In conjunction.
In the embodiment of the present invention, the determining module 403 is additionally operable to it is determined that the corresponding user of the first set information In set before the public key of user, the authority information of first set information correspondence user's set is obtained;According to the authority When information determines user's set with the authority for logging in destination server, perform and determine that the first set information is corresponding In user's set the step of the public key of user.
The embodiment of the present invention is collected the public key of user in each user's set by public-key management systems, is collecting each user's set After public key, the public key request that installation system is sent is received, the public key request is sent by installation system, the installation system For for destination server installation operation system, the public key request to include the first set of application login destination server user Information;And then, the public key of user in the corresponding user's set of the first set information can be back to by public-key management systems The installation system so that installation system stores the public key of the determination into the destination server;So as to improve receipts Collection needs to log in the efficiency of the public key of destination server user.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related Part illustrates referring to the part of embodiment of the method.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with Between the difference of other embodiment, each embodiment identical similar part mutually referring to.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, device or calculate Machine program product.Therefore, the embodiment of the present invention can using complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can use it is one or more wherein include computer can With in the computer-usable storage medium (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code The form of the computer program product of implementation.
The embodiment of the present invention is with reference to method according to embodiments of the present invention, terminal device (system) and computer program The flow chart and/or block diagram of product is described.It should be understood that can be by computer program instructions implementation process figure and/or block diagram In each flow and/or square frame and the flow in flow chart and/or block diagram and/or the combination of square frame.These can be provided Computer program instructions are set to all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to produce a machine so that held by the processor of computer or other programmable data processing terminal equipments Capable instruction is produced for realizing in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames The device for the function of specifying.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing terminal equipments In the computer-readable memory worked in a specific way so that the instruction being stored in the computer-readable memory produces bag The manufacture of command device is included, the command device is realized in one flow of flow chart or multiple flows and/or one side of block diagram The function of being specified in frame or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing terminal equipments so that Series of operation steps is performed on computer or other programmable terminal equipments to produce computer implemented processing, so that The instruction performed on computer or other programmable terminal equipments is provided for realizing in one flow of flow chart or multiple flows And/or specified in one square frame of block diagram or multiple square frames function the step of.
Although having been described for the preferred embodiment of the embodiment of the present invention, those skilled in the art once know base This creative concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to Including preferred embodiment and fall into having altered and changing for range of embodiment of the invention.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, article or terminal device including a series of key elements are not only wrapped Those key elements, but also other key elements including being not expressly set out are included, or also include being this process, method, article Or the intrinsic key element of terminal device.In the absence of more restrictions, by wanting that sentence "including a ..." is limited Element, it is not excluded that also there is other identical element in the process including the key element, method, article or terminal device.
Above to a kind of public key setting method provided by the present invention and a kind of public key setting device, detailed Jie has been carried out Continue, specific case used herein is set forth to the principle and embodiment of the present invention, the explanation of above example is only It is the method and its core concept for being used to help understand the present invention;Simultaneously for those of ordinary skill in the art, according to this hair Bright thought, be will change in specific embodiments and applications, in summary, and this specification content should not be managed Solve as limitation of the present invention.

Claims (10)

1. a kind of public-key process method, it is characterised in that including:
The public key of user in each user's set is collected, wherein, each user's set at least includes a user, each user's correspondence One public key;
Public key request is obtained, wherein, the public key request is sent by installation system, and the installation system is used for for target clothes Business device installation operation system, the public key request includes the first set information that application logs in destination server user;
First set information is obtained from public key request, user in the corresponding user's set of the first set information is determined Public key;
The public key of the determination is back to the installation system, so that the public key of the determination is stored in by the installation system In the destination server.
2. according to the method described in claim 1, it is characterised in that it is determined that the corresponding user's set of the first set information Before the step of public key of middle user, in addition to:
Obtain the authority information of first set information correspondence user's set;
Determine whether user's set has the authority for logging in destination server according to the authority information;
If user's set is with the authority for logging in destination server, execution determines that the first set information is corresponding and used In the set of family the step of the public key of user.
3. according to the method described in claim 1, it is characterised in that the step of collecting the public key of user in each user's set, bag Include:
Obtain the public key of user;
From Light Directory Access Protocol system, the corresponding management information of public key of the acquisition, the management information bag are inquired about Include second set information and authority information;
During according to the management information, the public key of the acquisition is gathered added to corresponding user.
4. method according to claim 3, it is characterised in that add the public key of the acquisition according to the management information Step in gathering to corresponding user, including:
Second set information is obtained from the management information, the corresponding user's set of public key of the acquisition is determined;
Judge whether the corresponding user's set of the public key for having created the acquisition;
If the corresponding user's set of the public key for having created the acquisition, the public key of the acquisition is collected added to corresponding user In conjunction;
If the corresponding user's set of the public key for not creating the acquisition, sets up the public key of the acquisition in public-key management systems Corresponding user's set, and be the corresponding authority information of the corresponding user's set configuration of public key of the acquisition;And will be described During the public key of acquisition is gathered added to corresponding user.
5. according to the method described in claim 1, it is characterised in that also include:
The fresh information that Light Directory Access Protocol system is sent is received, and corresponding user's collection is updated according to the fresh information Close.
6. a kind of public-key process device, it is characterised in that including;
Collection module, the public key for collecting user in each user's set, wherein, each user's set at least includes a use Family, one public key of each user's correspondence;
Acquisition request module, for obtaining public key request, wherein, the public key request is sent by installation system, the dress Machine system is used to be destination server installation operation system, and public key request includes the of application login destination server user One aggregate information;
Determining module, for obtaining first set information from public key request, determines that the first set information is corresponding The public key of user in user's set;
Module is returned to, for the public key of the determination to be back into the installation system, so that the installation system will be described true Fixed public key is stored in the destination server.
7. device according to claim 6, it is characterised in that
The determining module, is additionally operable to it is determined that in the first set information corresponding user set before the public key of user, Obtain the authority information of first set information correspondence user's set;Determine that user's set is according to the authority information It is no that there is the authority for logging in destination server;If user's set is with the authority for logging in destination server, it is determined that described The public key of user in the corresponding user's set of first set information.
8. device according to claim 6, it is characterised in that the collection module includes:
Public key acquisition submodule, the public key for obtaining user;
Submodule is inquired about, for from Light Directory Access Protocol LDAP systems, inquiring about the corresponding management of public key of the acquisition Information, the management information includes second set information and authority information;
Submodule is added, used in gathering the public key of the acquisition added to corresponding user according to the management information.
9. device according to claim 8, it is characterised in that
The addition submodule, specifically for obtaining second set information from the management information, determines the public affairs of the acquisition The corresponding user's set of key;Judge whether the corresponding user's set of the public key for having created the acquisition;If having created described obtain The corresponding user's set of public key taken, then during the public key of the acquisition is gathered added to corresponding user;If not creating described The corresponding user's set of public key of acquisition, then set up the corresponding user's set of public key of the acquisition in public-key management systems, And be the corresponding authority information of the corresponding user's set configuration of public key of the acquisition;And be added to the public key of the acquisition In corresponding user's set.
10. device according to claim 6, it is characterised in that also include:
Update module, the fresh information for receiving the transmission of Light Directory Access Protocol system, and according to the fresh information more New corresponding user's set.
CN201710233046.1A 2017-04-11 2017-04-11 Public key processing method and device Active CN107204843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710233046.1A CN107204843B (en) 2017-04-11 2017-04-11 Public key processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710233046.1A CN107204843B (en) 2017-04-11 2017-04-11 Public key processing method and device

Publications (2)

Publication Number Publication Date
CN107204843A true CN107204843A (en) 2017-09-26
CN107204843B CN107204843B (en) 2020-10-27

Family

ID=59905548

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710233046.1A Active CN107204843B (en) 2017-04-11 2017-04-11 Public key processing method and device

Country Status (1)

Country Link
CN (1) CN107204843B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102986190A (en) * 2010-07-08 2013-03-20 国际商业机器公司 Resource access management
US20130117554A1 (en) * 2011-12-21 2013-05-09 Ssh Communications Security Corp User key management for the Secure Shell (SSH)
CN103873237A (en) * 2012-12-17 2014-06-18 上海格尔软件股份有限公司 Method for querying public key certificates of users between PKI (public key infrastructure)-system-based application systems
CN105100031A (en) * 2014-05-23 2015-11-25 北京奇虎科技有限公司 Method, device and system for adding trusts in batches
CN105872059A (en) * 2016-03-31 2016-08-17 北京奇艺世纪科技有限公司 Remote execution method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102986190A (en) * 2010-07-08 2013-03-20 国际商业机器公司 Resource access management
US20130117554A1 (en) * 2011-12-21 2013-05-09 Ssh Communications Security Corp User key management for the Secure Shell (SSH)
CN103873237A (en) * 2012-12-17 2014-06-18 上海格尔软件股份有限公司 Method for querying public key certificates of users between PKI (public key infrastructure)-system-based application systems
CN105100031A (en) * 2014-05-23 2015-11-25 北京奇虎科技有限公司 Method, device and system for adding trusts in batches
CN105872059A (en) * 2016-03-31 2016-08-17 北京奇艺世纪科技有限公司 Remote execution method and device

Also Published As

Publication number Publication date
CN107204843B (en) 2020-10-27

Similar Documents

Publication Publication Date Title
US10824398B2 (en) System and method for generating an application structure for an application in a computerized organization
US9923767B2 (en) Dynamic configuration of remote capture agents for network data capture
CN110708322A (en) Method for realizing proxy service of industrial internet identification analysis system
CN103685590B (en) Obtain the method and system of IP address
CN103957248A (en) Public real-time data management cloud service platform based on Internet of Things
CN110719194B (en) Network data analysis method and device
CN104243598A (en) Information recommendation method and device
CN110334297A (en) Loading method, terminal, server and the storage medium of terminal page
CN107453900B (en) Cloud analysis parameter setting management system and method for realizing parameter setting
CN105933234A (en) Node management method and system in CDN network
CN112925646A (en) Electric power data edge calculation system and calculation method
JP2024512111A (en) Federated learning methods, devices, electronic devices and storage media
US10410152B2 (en) System and method for automatically and efficiently monitoring software development life cycles
CN106168963B (en) Real-time streaming data processing method and device and server
CN105933226A (en) Content distributing method and system
CN106682206A (en) Method and system for big data processing
CN107784009A (en) Data query, data query processing method and processing device
US20230104626A1 (en) Securely sharing public and private blockchain data
CN110837657B (en) Data processing method, client, server and storage medium
CN107733709A (en) Date storage method, device and electronic equipment
US9400729B2 (en) System and method for determining topology of monitored entities
CN107204843A (en) A kind of public-key process method and apparatus
CN110515975A (en) Risk detecting system, method and device
CN106899550B (en) Cloud platform resource monitoring method and device
CN114793244A (en) Resource processing method, device, equipment and medium for block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant