CN107580004A - A kind of new authentication method and authentication center's framework - Google Patents
A kind of new authentication method and authentication center's framework Download PDFInfo
- Publication number
- CN107580004A CN107580004A CN201711043189.2A CN201711043189A CN107580004A CN 107580004 A CN107580004 A CN 107580004A CN 201711043189 A CN201711043189 A CN 201711043189A CN 107580004 A CN107580004 A CN 107580004A
- Authority
- CN
- China
- Prior art keywords
- authentication center
- authentication
- request
- authentication method
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a kind of new authentication method in authentication techniques field and authentication center's framework, the authentication method to comprise the following steps:First, the black and white lists certification of service request is carried out, secondly, the selection nearby in IP geographical position is carried out, again, judges whether authentication center can use, finally, the loading condition at analysis authentication center, chooses the best server of performance;Authentication center's framework uses clustered deploy(ment) mode, and authentication center's entrance does load balancing using using F5 or nginx.The authentication method and authentication center's aggregated structure mode of the present invention supports the certification request of high concurrent amount, support policy configuration, more efficient and safety.
Description
Technical field
The present invention relates to authentication techniques field, more specifically to a kind of authentication method and authentication center's framework.
Background technology
By taking colleges and universities, government and large-scale state-owned enterprise as an example, due to continually introducing application system, respective independent application system is not only
Log in user cumbersome, also cause the work of keeper to become poorly efficient, reduce the service efficiency of application system, introduce single-point and step on
Record and unified single sign-on system, reach simplified login, the purpose that convenience manages, but the introducing of unified single sign-on system
Also the problem of certain is generated.
Current most identity authorization system is all the pattern of single authentication server and multiple application systems, using more
Individual application Integrating, when having a large number of users access in peak period, authentication center's system easily occur because overload cause be
System paralysis, and entrance of the Verification System as multiple systems, and then cause a series of applications can not all access.
The content of the invention
The technical problem to be solved in the present invention is, easily causes authentication center's system for the authentication mode of prior art
A series of the defects of paralysing, and then causing applications can not all access, there is provided a kind of new authentication method and authentication center's framework.
The technical solution adopted for the present invention to solve the technical problems is:A kind of new authentication method is constructed, including it is following
Step:
First, the black and white lists certification of service request is carried out,
Secondly, the selection nearby in IP geographical position is carried out,
Again, judge whether authentication center can use,
Finally, the loading condition at analysis authentication center, the best server of performance is chosen.
In a kind of new authentication method of the present invention, the black and white lists authenticating step of the service request is specially
Request in the white list can be preferentially by the way that blacklist can shield the request of the frequent malice of application system.
In a kind of new authentication method of the present invention, the step of selection nearby in the IP geographical position especially by
CDN technologies, the geographical position where the request IP of user is analyzed, nearest authentication center's cluster will be requested assignment to.
In a kind of new authentication method of the present invention, it is described judge authentication center whether available step, it is specific logical
The spy work mechanism for crossing heartbeat packet is judged.
In a kind of new authentication method of the present invention, the step " loading condition at analysis authentication center, is chosen
The best server of performance " specifically by the loading condition of heartbeat packet analysis authentication Center List, including internal memory service condition,
Cpu usage, the certification request of load, chosen by load balancing algorithm from list at a best server of performance
Manage the request.
A kind of authentication center's framework, the authentication center is by the way of aggregated structure deployment.
In authentication center's framework of the present invention, authentication center's entrance is negative using being done using F5 or nginx
Carry balanced.
In authentication center's framework of the present invention, the aggregated structure is managed collectively session, by the session of user
Session information is stored in Redis.
Implement the new authentication method of the present invention, have the advantages that:The present invention is carried by the configuration of certification policy
The high efficiency of certification request, can shield the request in blacklist, improve the efficiency of service of authentication center, and by negative
Balancing technique is carried, the maximum performance of server can be played, reduces the financial cost of company;Pass through the deployment of authentication center's cluster
Mode, so that any one machine, which is broken whole system, remains to normal operation, it is possible to reduce Single Point of Faliure quantity, realize
The high availability of authentication center, while clustered deploy(ment) mode supports the certification request of high concurrent amount, support policy configures, relative to
Original Verification System is more efficiently and safe;Clustered deploy(ment) mode is managed collectively session, by the session Session information of user
It is stored in Redis, is easy to the extending transversely of authentication center's cluster.
Brief description of the drawings
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the new authentication method flow chart of the present invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
As shown in figure 1, in a kind of new authentication method of the present invention, comprise the following steps:
First, the black and white lists certification of service request is carried out, the request in white list can preferentially can be with by, blacklist
Shield the request of the frequent malice of application system;
Secondly, the selection nearby in IP geographical position is carried out, by CDN technologies, analyzes the geography where the request IP of user
Position, nearest authentication center's cluster will be requested assignment to, so maximumlly reduced due to network caused by geographic distance
Delay;
Again, judge whether authentication center can use, after user's request has passed through first two steps, lived by the spy of heartbeat packet
Mechanism, judges whether authentication center can use, and judges whether to distribute to the authentication center, if the authentication center is unavailable, selects
Another nearer authentication center is taken, by that analogy, finally gets available and nearest from user authentication center's list.
Finally, the loading condition at analysis authentication center, the best server of performance is chosen.Get and can use simultaneously in previous step
And after authentication center's list nearest from user, made by the loading condition of heartbeat packet analysis authentication Center List, including internal memory
With situation, cpu usage, the certification request of load, it is best that a performance is chosen from list by load balancing algorithm
The server process request.
Analyzed according to the availability of system, the weight of each certification policy is followed successively by black and white lists certification>IP geographical position
Select nearby>Whether authentication center can use>The loading condition of authentication center.
A kind of authentication center's framework using above-mentioned authentication method, by the way of aggregated structure deployment, in authentication center
Entrance does load balancing using F5 or nginx, when there is multiple application Integratings, when there is a large number of users access peak period, leads to
The certification request of high concurrent amount can be supported by crossing clustered deploy(ment) mode, support policy configuration, make certification more efficiently and safe, separately
The deployment way of outer authentication center's cluster so that any one machine be broken whole system still can normal operation, reduce list
Point failure quantity, and the high availability of authentication center is realized, single authentication server is avoided in peak period a large number of users
Occur during access because overload cause systemic breakdown the problem of.
Further, authentication center's aggregated structure unified management session of the invention, by the session Session information of user
It is stored in Redis, consequently facilitating authentication center cluster is extending transversely.
In the new authentication method of the present invention, application system policy-based configuration selection authentication center, by service
The black and white lists certification of request, can shield the request in blacklist, improve the efficiency of certification request, pass through IP geographical position
The whether available analysis of selection nearby and authentication center, improve the efficiency of service of authentication center;It is and equal by loading
Weighing apparatus technology, the maximum performance of server can be played, reduce the financial cost of company.
Although being disclosed by above example to the present invention, protection scope of the present invention is not limited thereto,
Under conditions of without departing from present inventive concept, any modification for being made within the spirit and principles of the invention, equivalent substitution
With improve etc., should be included in the scope of the protection.
Claims (8)
1. a kind of new authentication method, it is characterised in that comprise the following steps:
First, the black and white lists certification of service request is carried out,
Secondly, the selection nearby in IP geographical position is carried out,
Again, judge whether authentication center can use,
Finally, the loading condition at analysis authentication center, the best server of performance is chosen.
2. new authentication method according to claim 1, it is characterised in that the black and white lists certification step of the service request
Suddenly the request specially in the white list can be preferentially by the way that blacklist can shield asking for the frequent malice of application system
Ask.
3. new authentication method according to claim 1, it is characterised in that the selection step nearby in the IP geographical position
Especially by CDN technologies, the geographical position where the request IP of user is analyzed, nearest authentication center will be requested assignment to and collected
Group.
4. new authentication method according to claim 1, it is characterised in that described to judge whether authentication center use step
Suddenly, judged especially by the spy work mechanism of heartbeat packet.
5. new authentication method according to claim 1, it is characterised in that the step " load at analysis authentication center
Situation, choose the best server of performance " specifically by the loading condition of heartbeat packet analysis authentication Center List, including internal memory
Service condition, cpu usage, the certification request of load, it is best that a performance is chosen from list by load balancing algorithm
The server process request.
6. authentication center's framework of a kind of new authentication method according to described in claim 1, it is characterised in that authentication center adopts
The mode disposed with aggregated structure.
7. authentication center's framework according to claim 6, it is characterised in that authentication center's entrance use using F5 or
Person nginx does load balancing.
8. authentication center's framework according to claim 6 or 7, it is characterised in that the aggregated structure is managed collectively session,
The session Session information of user is stored in Redis.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711043189.2A CN107580004A (en) | 2017-10-31 | 2017-10-31 | A kind of new authentication method and authentication center's framework |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711043189.2A CN107580004A (en) | 2017-10-31 | 2017-10-31 | A kind of new authentication method and authentication center's framework |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107580004A true CN107580004A (en) | 2018-01-12 |
Family
ID=61040796
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711043189.2A Pending CN107580004A (en) | 2017-10-31 | 2017-10-31 | A kind of new authentication method and authentication center's framework |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107580004A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109510775A (en) * | 2018-11-12 | 2019-03-22 | 网宿科技股份有限公司 | Orient dispatching method, authentication device, the network equipment and the storage medium of flow |
CN111125653A (en) * | 2019-12-18 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | High-concurrency unified authentication method based on Nginx and Redis |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1588879A (en) * | 2004-08-12 | 2005-03-02 | 复旦大学 | Internet content filtering system and method |
CN101699894A (en) * | 2009-11-10 | 2010-04-28 | 广州杰赛科技股份有限公司 | Method and device for processing authentication request in authentication server cluster |
CN104184730A (en) * | 2014-08-20 | 2014-12-03 | 小米科技有限责任公司 | Access processing method, device and electronic equipment |
CN105516264A (en) * | 2015-11-30 | 2016-04-20 | 努比亚技术有限公司 | Distributed cluster system based session sharing method, apparatus and system |
CN105554126A (en) * | 2015-12-22 | 2016-05-04 | 内蒙古农业大学 | Method for realizing distributed deployment of multiple data centers through CDN acceleration mechanism |
CN105871888A (en) * | 2016-05-16 | 2016-08-17 | 乐视控股(北京)有限公司 | Identity authentication method, device and system |
CN106961451A (en) * | 2017-05-25 | 2017-07-18 | 网宿科技股份有限公司 | Method for authenticating, right discriminating system, fringe node and authentication server in CDN |
US20170272485A1 (en) * | 2014-10-29 | 2017-09-21 | DLVR, Inc. | Generating and using manifest files including content delivery network authentication data |
-
2017
- 2017-10-31 CN CN201711043189.2A patent/CN107580004A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1588879A (en) * | 2004-08-12 | 2005-03-02 | 复旦大学 | Internet content filtering system and method |
CN101699894A (en) * | 2009-11-10 | 2010-04-28 | 广州杰赛科技股份有限公司 | Method and device for processing authentication request in authentication server cluster |
CN104184730A (en) * | 2014-08-20 | 2014-12-03 | 小米科技有限责任公司 | Access processing method, device and electronic equipment |
US20170272485A1 (en) * | 2014-10-29 | 2017-09-21 | DLVR, Inc. | Generating and using manifest files including content delivery network authentication data |
CN105516264A (en) * | 2015-11-30 | 2016-04-20 | 努比亚技术有限公司 | Distributed cluster system based session sharing method, apparatus and system |
CN105554126A (en) * | 2015-12-22 | 2016-05-04 | 内蒙古农业大学 | Method for realizing distributed deployment of multiple data centers through CDN acceleration mechanism |
CN105871888A (en) * | 2016-05-16 | 2016-08-17 | 乐视控股(北京)有限公司 | Identity authentication method, device and system |
CN106961451A (en) * | 2017-05-25 | 2017-07-18 | 网宿科技股份有限公司 | Method for authenticating, right discriminating system, fringe node and authentication server in CDN |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109510775A (en) * | 2018-11-12 | 2019-03-22 | 网宿科技股份有限公司 | Orient dispatching method, authentication device, the network equipment and the storage medium of flow |
CN111125653A (en) * | 2019-12-18 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | High-concurrency unified authentication method based on Nginx and Redis |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107209659B (en) | Mobile authentication in mobile virtual networks | |
EP2875430B1 (en) | Control pool based enterprise policy enabler for controlled cloud access | |
EP2790370B1 (en) | Authentication method and system oriented to heterogeneous network | |
CN111654862B (en) | Registration method and device of terminal equipment | |
CN101459836B (en) | Service processing method and system for content distributing network of interactive network television | |
CN105592180B (en) | A kind of method and apparatus of Portal certification | |
WO2024169595A1 (en) | Service invocation method in hybrid cloud environment, and electronic device and system | |
US9100390B1 (en) | Method and system for enrolling and authenticating computing devices for data usage accounting | |
CN101163085A (en) | Method and system for implementing CDMA1xLNS load balancing | |
US20230354017A1 (en) | DIRECT SMF CONTROL PLANE WITH gNB | |
CN111818081B (en) | Virtual encryption machine management method, device, computer equipment and storage medium | |
CN103368780A (en) | Service control method and equipment | |
CN107580004A (en) | A kind of new authentication method and authentication center's framework | |
EP4091313A1 (en) | Wireless lan (wlan) public identity federation trust architecture | |
Jiang et al. | Dependability analysis of 5G-AKA authentication service from server and user perspectives | |
US20150381597A1 (en) | Enterprise management for secure network communications over ipsec | |
CN102420808A (en) | Method for realizing single signon on telecom on-line business hall | |
CN102480403B (en) | Method for providing virtual private network service, device and system | |
CN107819610A (en) | A kind of integrated method of Regulation system single-point | |
CN104753774B (en) | A kind of distributed enterprise comprehensive access gate | |
CN109861982A (en) | A kind of implementation method and device of authentication | |
CN112953932B (en) | Identity authentication gateway integration design method and system based on CA certificate | |
WO2009006770A1 (en) | Method of p2p node management | |
Li et al. | A survey on smart collaborative identifier networks | |
WO2017092403A1 (en) | Control method and device for group network access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180112 |