CN107835195A - A kind of distributed network application node integrated management method - Google Patents
A kind of distributed network application node integrated management method Download PDFInfo
- Publication number
- CN107835195A CN107835195A CN201711260094.6A CN201711260094A CN107835195A CN 107835195 A CN107835195 A CN 107835195A CN 201711260094 A CN201711260094 A CN 201711260094A CN 107835195 A CN107835195 A CN 107835195A
- Authority
- CN
- China
- Prior art keywords
- network application
- application node
- node
- management method
- integrated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of distributed network application node integrated management method, specifically include, the equipment and server-side application network application node to access realize that Multilevel Iteration accesses using tree-shaped access infrastructure;In the system of connection, must could effectively it be connected by registration and safe authentication procedure, system also provides unified session management mechanism for distributed network application node.By the management method, realize to the differentiated control to example in network application node;Univesral distribution formula session management, server-side application developer is helped to realize more main frame multiple terminals distributed conversation;The legitimacy of access system node is verified, solves the problems, such as security invocation between node;By the unified authorization call-by mechanism of node, across the account band Authority sharing of resource between software and hardware network application node is realized.
Description
Technical field
The present invention relates to field of computer, more particularly in Open Network application architecture, for
Legitimate secure is accessed between the application of the network according to application of function DLL (hereinafter referred to as API) first number of the system
Interoperated according to definition, the method for status tracking and rights management.
Background technology
In the prior art, in order to realize the integrated of the application apparatus of the application software of internet or Internet of Things, currently
Generally use the development approach based on API couplings.Disclosed in American invention specification US8706800B1 a kind of for safety
Access and the application service of platform trustship and associated customer data systems and method, the system and method are coupled by internet
The security and unity authentication and safety for solving multi-user's multiserver application program of internet (internet) coupling connect
Mouth access problem.
But above-mentioned technology is not carried out the complete lattice between the objects such as software, equipment, do not account for equipment access
Support, a session administrative mechanism is not led to the existing multiserver application program disposed yet.
The content of the invention
It is an object of the invention to provide a kind of distributed network application node integrated management method, for distributed server
Application program and embedded networking applications equipment is held to provide service so that the API progress that these nodes can be based on unified definition
Mutually call, and the status format based on unified definition carries out mutual state and obtained.For server-side application,
The system provides distributed conversation administrative mechanism, allows developer to pay close attention to ins and outs and may be implemented in multiple server processes
Between share user conversation.For network application apparatus, the system can support father and son's equipment of multistage tree-shaped attachment structure, and in fact
Now the unified of access process is encapsulated.
To realize the purpose of invention above, the present invention provides a kind of distributed network application node integrated management method, should
Management method is preferably applied in following system:
The system includes application node administrative center, (including device service module and server end should for front end services module
With procedure service module), application node service unit;Described front end services module (device service module, server end application
Procedure service module) expansible distributed frame is used, multiple processes can be disposed;Each application node service unit encapsulation
Far call to application node administration center, to the long-range of other application node serve unit connected network application node
Invoked procedure and the monitoring logic to network application node state, are operated in inside respective front ends service module, and taken by front end
Module of being engaged in is called, and application node service unit monitors the status information for being connected to network application node in front end services module, and
Application node administrative center is reported to, utility control center is held according to corresponding status information, application of instruction node serve unit
The corresponding processing procedure of row;Each network application node can include the application example of more than 1, and these examples can be distributed in
In multiple front end services module process;Described application node administrative center is connected by described front end services module indirect control
Network application node is connect, the unified management that application node administrative center is used to provide to the terminal applies node of IP based network takes
Business, and the API metamessages and state metamessage of unified definition application node;The network application node of access system includes:It is embedding
Enter formula network application apparatus and its sub- equipment, and the system account is possessed in a server-side application
Resource.Described front end services module includes server-side application service module (service front end services module), and
Device service module (device front end services module).The front end services of different types of network application node access corresponding types
In module.
Access tree-shaped connection flow and manager of the network application node of said system using equipment application father and son's node
Method, described father node is the example for being inherited from network application node, by network connection to system, and with physically or logically side
Formula connects and manages one or more sub- application nodes;Described child node is to be inherited from the example of network application node, with thing
Reason or logical course are connected to the sub- application node of father node.
Pass through the tree-shaped connected mode of father and son's node so that system can be by parent equipment application node with different physics
Connected mode (such as:ZigBee, CAN, bluetooth etc.) the more sub- device instances of access, because system is using coarseness
Way to manage, upstream node are only responsible for directly connecting the state of downstream node so that the external network of access system
The state of the rudimentary child node of application node also can be quick, is accurately positioned the status information of object instance.
Further, described network application node refers to the system account institute in a server-side application
The resource possessed, therefore a server-side application network application node may have multiple examples simultaneously, and each
Example has the connection status of oneself respectively, but these examples share the state described by one group of service condition machine.Even if these
The different application server for serving same logical network application node is connected to different server-side application services
On Module nodes, its session status equally can be by present system ensure that synchronous.Session one of these examples under distributed environment
Sex chromosome mosaicism and state synchronized is caused to provide support by the system, therefore the developer of server-side application need to only pay close attention to itself and answer
With program traffic without paying close attention to session uniformity caused by distributed development and calling synchronous sex chromosome mosaicism, this management method
Design reduce the development difficulty and workload of developer.
For further improvement of the present invention, to realize between network application node having the right for (including father node and child node)
The calling of limit, conditional UNICOM, the method used for, access the system network application node in the process mutually called
In, it is necessary to by authorizing, such as:Support to reading and writing, the mandate respectively of execution authority.By calling the setting of limit power, realize
Resource is limited shared between network application node.
Further carry out source problem to solve access network application node legitimacy, process require that the network application of access
Node must be registered in advance, and be authenticated accessing before each access system.
By taking father node access system as an example, specific step is as described below, but other child nodes are also or network application section
The registration of point, verification process are equally applicable to this step.
1. front end services module of the father node into system provides unique identifier (generally by specific front end services module
Authorize or itself have the pledge system of the unique code in the whole world:As application software can be authorized directly by service front-end service module, firmly
MAC Address and the combination of unique number inside our factory can be used in part equipment)
2. systems inspection uniquely identifies:
If uniquely identify registered mistake:User bound is checked whether, is directly determined as that registration is lost if user bound
Lose, downstream is entered if unbound;If unique mark distributes new network application node ID without registering.Should
Generated with node center management module and distribute new token (token) (if having token (token) before directly covering, if
Do not write direct then).
The father node that the step can prevent owner, be stolen is reconnected on platform by other after being reset
Account number uses, if original owner needs to shift father node assets, it is necessary to discharge the ownership to the father node in advance.Register flow path
Terminate, be transferred to identifying procedure.
3. identifying procedure:
Father node passes through front end services module synchronization client-server timestamp with application node center management module;
Father node is according to current time stamp (ts), token (token), and with HMAC, (current time stamp millisecond value, system authorize the object
Token) mode calculate authorization code;Father node forward end service module provide network application node ID, authorization code, it is current when
Between stab ts (in a upper flow synchronization), by application service module certificate parameter integrality;
Whether the correctness of application service module proving time stamp (ts) (is allowing in the range of the time difference, depending on deployment scenario
The length of adjustable institute patient time difference, as may be set to 0.5s in same broadcast domain, 2s is may be set in same range of countries,
Transcontinental communication may be set to several seconds etc.), refuse certification if timestamp is not in the range of the time difference of permission;The step can prevent
Checking message is unexpected to be intercepted and is cracked afterwards permanently using the mandate code value access server of certain access, even if allowing by third party
Can still interceptor be allowed to be obtained under and the worst condition that cracks intercepted in the encrypted transmission passage for transmitting authorization code
Obtain authorization code to fail in a short time, ensure that the safety for establishing passage is legal;
According to network application node ID, token (token), timestamp ts is had verified that, using consistent with father node client
Algorithm checking computations authorization code;The authorization code must use the current timestamp ts being verified and without channel transfer
Token (token) calculate can just obtain with ask in the consistent result of authorization code, be run through to prevent stabbing ts by modification time
The situation of ts certifications occurs, and further ensures that the safety of interface channel building process;
Further improvement to the above method, an account of system can be by its own father node and its connections
The one or more of of child node call authority to authorize other systems account, and described network application node can be answered other networks
Carried out carrying out mandate point-to-point, that point is to group with node, realize that the account that the node of network application is belonged to is entered to other accounts
The limited access of row Authorized operation (such as:Support to reading and writing, the mandate respectively of execution authority), realize across account resource-sharing.
Brief description of the drawings
Fig. 1 is the system structure diagram that this management method is preferably applied
Fig. 2 is the tree-shaped management schematic diagram of father and son's node of access device
Fig. 3 is that system bearing distributed frame server unifies conversation mechanism schematic diagram
Fig. 4 is the network application endpoint registration certification schematic flow sheet
Fig. 5 is the first example structure schematic diagram of the invention
Fig. 6 is the comparison diagram of traditional forms of enterprises's intergration model and second of embodiment intergration model of the invention
Embodiment
This management method is preferably employed on following network application node integrated system, and the system is as shown in figure 1, bag
Include application node administrative center and front end services module (comprising device service module and server end application program service module)
And application node service unit;
Described front end services module uses expansible distributed frame, and external each network application node can wrap
Include the application example of more than 1;
Described application node administrative center connects network application node by described front end services module indirect control,
The unified management that application node administrative center is used to provide to the terminal applies node of IP based network services unified definition application
The API metamessages and state metamessage of node, there is provided define the mechanism of application node state machine;In described application node management
The heart provides network application node grained state management, and same network in an even application node service module be present should
With the more than one example of node, bar state record is then only preserved in application node administrative center, both a network should
With state of the node in an application node service module.
Each application node service unit encapsulates the far call to application node administration center, to other application section
The far call process of point service unit connected network application node and the monitoring logic to network application node state, operation
Called inside respective front ends service module, and by front end services module, the monitoring of application node service unit is connected to front end clothes
The status information of network application node in module of being engaged in, and application node administrative center is reported to, utility control center is according to corresponding
Status information, application of instruction node serve unit performs corresponding processing procedure.
As shown in Fig. 2 the network application of access can use tree-shaped connection flow and the manager of equipment application father and son's node
Method, described father node are the entities for being inherited from network application node, by the application node of network connection to front-end server,
It may be connected in a manner of physically or logically and manage one or more sub- application nodes;Described child node is to inherit automatic network to answer
With the entity of node, the equipment that the sub- application node access of father node is connected in a manner of physically or logically
As shown in figure 3, described server-side application can be carried by more than 1 application server, these clothes
Business device is allowed to be connected on the server-side application Service-Modules instance of more than 1;And server end should in the system
Definition with the network application node corresponding to program is:One the system account is gathered around in a server-side application
Some resources, therefore a server-side application network application node may have multiple examples simultaneously, and it is each real
Example has the connection status of oneself respectively, but these examples share the state described by one group of service condition machine.Even if these take
It is engaged in being connected to different server-side application service module sections in the different application server of same Logic application node
On point, its session status equally can be by present system ensure that synchronous.Session uniformity of these examples under distributed environment is asked
Topic and state synchronized provide support by the system, therefore the developer of server-side application need to only pay close attention to itself application program
Business without pay close attention to distributed development caused by session uniformity and API Calls synchronization sex chromosome mosaicism, the system this
Design reduces the development difficulty and workload of developer.
As shown in figure 4, as a further improvement on the present invention, described network application node is by registering with certification with being
System forms connection, and enjoys unique account.
Its specific authentication registration flow is as follows:
Network application node register flow path:
(generally taken 1. network application node forward end service module offer unique identifier uniquely identifies by specific front-end
Business module is authorized or itself has the pledge system of the unique code in the whole world:As application software directly can service mould by service front-end
Block is authorized, and MAC Address and the combination of unique number inside our factory can be used in hardware device);
2. if network application node provides network application node ID, authorization code and timestamp (ts), turning to network should
With entity authentication flow;
3. check that unique identifier uniquely identifies:
3.1. if unique identifier uniquely identifies registered mistake:User bound is checked whether, it is straight if user bound
Connect and be determined as registration failure, downstream is entered if unbound;
3.2. uniquely if mark without registering, distributes new network application node ID to unique identifier.
4. application node administrative center generates and to distribute new token (token) (direct if having token (token) before
Covering, writes direct if not);
5. register flow path terminates, identifying procedure is transferred to.
Network application node verification process:
1. network application node passes through the front end services module synchronization client-server time with application node administrative center
Stamp;
2. network application node is according to current time stamp (ts), token (token), with HMAC (current time stamp millisecond value,
System authorizes the token of the object) mode calculate authorization code,
3. network application node forward end service module provide network application node ID, authorization code, current time stamp ts (on
It is synchronous in one flow), by application node service module certificate parameter integrality;
4. interface channel structure is completed.
Fig. 5 is the structural representation of the first embodiment of the invention, and the number of users of smart home application is big and is distributed ground
Domain is wide, it is necessary to the device category for accessing support is various and generally have the characteristic of layering connection, is the applicable typical field of the system
One of scape.
Include using the smart home application integrating system implementation method of the present patent application:
1) ZigBee gateways (IP device) are connected, ZigBee low-power consumption short-distance wireless Networking protocol is run through and accesses sub- level
Equipment, including:The housed devices such as switch panel, electrically driven curtain, intelligent door lock, VMC, air-conditioning;Access door and window magnetic inductor
(a kind of induction installation for perceiving Switch for door and window), human body sensor, human body biological characteristics identifier (fingerprint, iris, infrared array
Sensor etc.) etc. life state aware equipment;Access the rings such as illuminance sensor, combustible gas sensor, air borne sensor
Border sensing equipment, the state of environment is perceived to be adjusted according to control strategy to controlled plant.
2) further in order to ensure the safety of access device, the equipment for accessing the system must be by authentication registration stream
Journey, for example Intelligent home gateway equipment is when accessing this intelligent domestic system, it is necessary to its MAC Address is provided and dispatched from the factory internal unique
Numbering combination is authenticated, if the data can not be provided, is illustrated that this Intelligent home gateway equipment is non-and is dispatched from the factory through regular manufacturer, system
Platform will be accessed not to the equipment.The equipment that system can be submitted before foundation is connected with the credit of the equipment room according to user
ID carries out legitimate verification with password;If equipment does not provide the combination of device id and password or verified not by examining when connecting
Look into whether data combination had bound user, be that new ID is distributed for the Intelligent home gateway equipment if unbound.
3) parent/sub- level equipment, smart home application program seamless can be obtained by realizing API defined in the system
Top level control application program and periphery application apparatus, such as switch panel, electrically driven curtain, intelligent door lock, VMC, air-conditioning
The control instruction and status information that housed device etc. is distributed, and perform corresponding operating.Such as when air-conditioning equipment or smart home
Gateway device monitors indoor someone and temperature is too low by obtaining the status data of environmental sensor, human body sensor, can be with
Open the warm wind pattern of air-conditioning;Likewise, after server end smart home Application Monitoring is too low to temperature, can also root
The API of air-conditioning equipment is called according to the control strategy in software so that room temperature to be promoted to set acceptable level.
4) receive the service condition of the said equipment real time propelling movement by state machine, perceive manipulation row of the user to equipment
For when such as turning on light/turning off the light, the change of switch panel state by the state machine of real-time synchronization to the system and will notify periphery to set
It is standby, so that smart home application software learns user's behavior pattern, and then build intelligentized feedback and control strategy.Such as:
For " RGB bulbs ", its state includes " power supply is opened (PowerOn) " and " power supply closes (PowerOff) ", wherein " power supply
Open " state also includes two parameters:" brightness (brightness) " parameter, its span are [0,1], are single-precision floating point class
Type;" color (color) " parameter, its value be a length be 3 byte arrays (24 binary digits, represent R, G, B respectively
Value).The service condition machine of the equipment can switch between " PowerOn " and " PowerOff ", be switched to " PowerOn " shape
Need that for two parameter assignment, default parameters otherwise will be used during state.When the service condition of RGB bulbs changes, its
Corresponding service condition machine can also change therewith in the system, no matter its source is platform end API Calls, it voluntarily changes
Become service condition or control its change through the outer other modes of platform.
5) smart home application software can formulate to specific device A PI regulative strategy (clocked flip/condition triggering,
Multiple equipment API calling sequencing and its call parameters is described with directed acyclic graph) and perform.For example, work as server end
The state that smart home application software listens to the door status sensor of door by the system is changed into " opening " and human body sensor
State be changed into " someone " after, can be by calling " to boil water " API of electric kettle, and be higher than set comfort threshold in room temperature
(such as 30) or " start and design temperature " API that air-conditioning equipment is called during less than set comfortable threshold values (such as 20 degrees centigrade)
And set preferred temperature parameter (such as 25 degree).
6) intelligent domestic system is server-end application system, has more front-end servers, and allow same use
Multiple different clients access at family, and these different clients are likely to be and are connected to different front-end servers, therefore
Need to use the distributed conversation synchronization mechanism that the system is provided.
7) user 1 only by the execution authority of door lock at the appointed time in the range of be shared with user 2, user 2 only switchs certain
The read right of panel status information is shared with user 1 etc., so as to realize the equipment belt Authority sharing between multi-user.
The server of smart home application and the equipment of multiple users can be respectively connected to the system.As depicted in fig. 5
The multiple client of two users, that is, it is possible to access identical application front end server and is also possible to access different services
Device.Even if the client of same user accesses different application server, can also by present system guarantees that distributed conversation it is same
Step property.The system realize to the parent device (ZigBee gateways) of two users and the connection status management of institute's connexon equipment with
And service condition management, the holder and the person of being shared of equipment can obtain the related announcement of equipment state renewal;If for example, with
Family 1 by the collaborative share held to user 2, then user 2 can equally see in his smart home applications client by
Shared equipment, and carry out the operation in authority allowed band.In the equipment and other network application nodes of access the system,
All application nodes for realizing API needed for smart home application can be presented on the client.
In complicated enterprise application system Integrated scenario, multisystem get through be usually associated with complexity system API
Adaptation exploitation and the data syn-chronization from multiple different systems and the problem of reintegrating storage according to new business need, new
The Data Consistency maintenance work following to system causes more pressure.It is more intricate during multiple system combinations
Authority dependence bring complexity for system integration work, it may have bring new safety for the operation system after integrated
The risk of hidden danger.For the enterprise application system module of efficient, safe integrated numerous isomeries, second of embodiment of the invention
In be business event integrated system, specifically include:
1) expansible unified API definition:By the API unified definitions involved by this organization business in the present system, for
Different business modules is realized or called;Different business module need to only pay close attention to the function that other modules can provide and resource (with
Realize that some API form embodies) directly it can be used in the case where authority allows, without paying close attention to the technology of module in itself
Details, it need not more consider the adaptation issues (having been solved when realizing unified API) to isomeric data.
2) unified rights management mechanism:With reading and writing, performing classified service device end application program node, (user is a certain
Example in server-side application, and its corresponding resource) or equipment client rights, spy is awarded in user's group management
Determine the list of authority user, complicated enterprise applies mandate relation with the structure management of this flattening, realizes that safety is integrated.
Fig. 6 a describe the integrated basic mode of traditional forms of enterprises's operation system:It is different for same (a little) business module
Third party's module need respectively to be adapted to the API of these business modules respectively, it is final to obtain data or calling function.By
Different in different business module developers, its form, parameter verification rule, authority admittable regulation are totally different, and docking port is fitted
The cumbersome processes such as exploitation document, application access right, joint debugging are obtained with needing successively to pass through to link up;Between different business module
Numerous and jumbled dependence, since also allowing between business module the management of relation turn into the huge challenge that information system is safeguarded in tissue.
Fig. 6 b describe applies polymerization methodses based on the system.Although towards the existing business application software of enterprise procurement
The API issue adapter assemblies that module (such as ERP, CRM) is write towards the system are still unavoidable work, but pass through this
System need to only be carried out once, and other operation systems can also be accessed these existing application software by the system and be carried afterwards
The API of confession.Enterprise data integration platform newly developed no longer needs to apply for the API rights to use to the director of existing application software
Limit, exploitation document is obtained, only can need to directly access ERP, CRM towards the API Access authorization rule exploitation that the system is provided
The data and function provided Deng application module.Meanwhile the API that application software newly developed can be provided itself is published to
Called in the system for other operation systems.
In the present embodiment, enterprises have built that business is various, IT system that each can not be compatible respectively, buying
Source be also not quite similar.The finance and resource management system (ERP), CRM system (CRM), all kinds of differences of enterprise
Business process system (BPM) it is completely mutually isolated, greatly reduce the operating efficiency of company personnel:Common employee needs to login
Special account could inquire about oneself wage details and performance appraisal state, submission and inquiry reimbursement information shape in ERP system;
Need the special account for logining daily WorkForm System to obtain and handle routine work affairs;Need to login CRM special account
Number managing customer information and client's related work affairs could be handled.Lack unified single sign-on system and employee's account authority pipe
Reason system, the account management of all kinds of operation systems and rights management are isolated, and leaders and key business role approver's examines
It is chaotic to criticize rights management.Employee can not obtain the company basis related to oneself in time in unified " instrument board " page
Flow of transactions, client traffic flow, the related announcement of work transaction flow and processing state, also can not pair work related to oneself
It is very clear to make progress.Prior, the manager of enterprise can not get curent audit data, enterprise by unified entrance
Needed when carrying out business and financial audit with week, the moon, season, half a year, year equigranular by inquiring about and copying a multitude of names
Operation system, the database of operation system behind are even with means ability such as extraction bank transaction flowing water, interview, mail trackings
Complete.
Described scheme has reached following effect in implementation, 1) the unified identity authentication mechanism based on the system, unified power
Limit administrative mechanism develops the BPM application for management institutional framework and power of examination and approval relation and operation flow notice
Component (BPM), there is provided the permit business process base component of specification;2) unified fit is carried out to the business API of each system in enterprise
With and register in the present system;3) each business process system is accessed into enterprise uniform permission administration platform, allows every financial approval
There is unified authority managing and controlling entrance with routine work business approval flow, lower business caused by authority confusion and financial wind
The possibility of danger, reduce the development amount of business process system;4) it is based on by function API, authentication and rights management
Mechanism, BPM function access this enterprise key business component of the system, the unified API provided using the system
Access entrance and access control mechanisms exploitation enterprise data integration platform, each industry related to oneself can be immediately seen by being provided for employee
Business and financial process are reminded and the instrument board page of status progression;5) can be straight based on registered each operation system API exploitations
The company manager's page for taking enterprise's curent audit data and cycle Audit data is obtained, and iteration can be continued according to audit demand
Exploitation;6) each enterprise's application component can obtain the data on periphery by platform under authority managing and controlling, call the function of perimeter systems,
To realize originally each collaboration of isolated blob, as ERP system can directly monitor CRM client traffics flow correlation behavior machine to obtain
Status data is taken, with the status information of real-time synchronization accounts receivable/paid funds on account.
Claims (10)
1. a kind of distributed network application node integrated management method, is mainly included the following steps that:
Defined in the integrated system of network application node and store the API metamessages of at least one network application node to be accessed
And/or state metamessage;
Each network application node to be accessed is arranged to the management mode of the multistage tree-shaped connection of father and son's node, the father node leads to
Network connection is crossed to the integrated system of the network application node, and is connected in a manner of physically and/or logically and manages at least one
Individual child node;
By network application node integrated system between each application node, mutually called according to System Privileges and/or self-defined authority
API, and the connection status and/or business state information of other side are obtained, the mutual calling between network application node to be accessed is realized,
The network application node to be accessed includes at least one example.
2. the distributed network application node integrated management method according to right 1, it is characterised in that:Described is each to be accessed
Network application node can be defined on the authority limit during mutually calling when accessing the integrated system of network application node
System.
3. the distributed network application node integrated management method according to right 1, it is characterised in that:Described network application
The resource that node is possessed by the integrated system account of the network application node in any one server-side application
And/or application apparatus and its sub- equipment of the integrated system of the access network application node.
4. distributed network application node integrated management method according to claim 3, it is characterised in that:Each network
Application node, it is a server-side application network application node, can has multiple examples, and each example point simultaneously
Not Ju You the connection status of oneself, the integrated system of the network application node provides simultaneous session mechanism for these examples, this
A little examples share the state described by one group of service condition machine.
5. distributed network application node integrated management method according to claim 1, it is characterised in that:Described network
Application node example by the integrated system specifically identified to the network application node registered and certification after, Cai Nengtong
The system forms connection.
6. distributed network application node integrated management method according to claim 5, it is characterised in that:Described is specific
The combination of the MAC Address of example apparatus and internal unique number of dispatching from the factory is identified as, or server-side application example is by institute
State the unique identifier that the integrated system of network application node is authorized.
7. distributed network application node integrated management method according to claim 5, it is characterised in that:Described network
Application node or the child node of its management are to be noted by the system after the integrated system registration of the network application node
Each network application node of volume distributes an ID and new token.
8. distributed network application node integrated management method according to claim 7, it is characterised in that:Described network
The integrated system of application node is that each network application node registered distributes an ID and the process of new token is specifically wrapped
Include:
The integrated system of described network application node check unique identifier whether binding system user account, what is bound
In the case of enter identifying procedure;Under no binding system user account, system is that network application node or the example distribute
New network application node ID;In the case where example directly provides network application node ID, authentication procedure is directly entered;System
New token is distributed for the network application node of access.
9. distributed network application node integrated management method according to claim 5, it is characterised in that:Each network
Application node or the example authentication procedure of its management include:
The integrated system synchronized timestamp of network application node or the example of its management and the network application node;
Calculate the authorization code of the network application node or the example of its management;
There is provided the authorization code that calculates to the integrated system of the network application node, network application node ID and it is current when
Between stab, by the system verify various parameters, if parameter is correct, certification success, described network application node or example connection
Complete;If parameter error, authentification failure, described network application node or example connection failure.
10. distributed network application node integrated management method according to claim 8, it is characterised in that:The network
One account of the integrated system of application node can be by its own father node and its one kind or several of the child node of connection
Kind calls authority to authorize other systems account.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711260094.6A CN107835195B (en) | 2017-12-04 | 2017-12-04 | Distributed network application node integrated management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711260094.6A CN107835195B (en) | 2017-12-04 | 2017-12-04 | Distributed network application node integrated management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107835195A true CN107835195A (en) | 2018-03-23 |
| CN107835195B CN107835195B (en) | 2021-06-15 |
Family
ID=61641428
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711260094.6A Active CN107835195B (en) | 2017-12-04 | 2017-12-04 | Distributed network application node integrated management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107835195B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109587277A (en) * | 2019-01-14 | 2019-04-05 | 山东建筑大学 | A kind of building networked virtualization management platform and management method |
| CN109783470A (en) * | 2018-12-13 | 2019-05-21 | 中国平安人寿保险股份有限公司 | Owner's follow-up mechanism, method and the storage medium of database subsystem |
| CN110708298A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for centralized management of dynamic instance identity and access |
| CN111147509A (en) * | 2019-12-30 | 2020-05-12 | 北京三快在线科技有限公司 | Network isolation method, device, server and storage medium |
| CN111200644A (en) * | 2019-12-27 | 2020-05-26 | 福建升腾资讯有限公司 | Mirror image caching method and system based on relay server under internet environment |
| CN111274587A (en) * | 2018-12-05 | 2020-06-12 | 北京嘀嘀无限科技发展有限公司 | System and method for controlling user access to objects |
| CN111399787A (en) * | 2020-03-25 | 2020-07-10 | 中孚安全技术有限公司 | Distributed printing auditing system and auditing method |
| CN111654379A (en) * | 2020-06-08 | 2020-09-11 | 杭州安恒信息技术股份有限公司 | Multi-server unified token generation method and authentication method |
| CN111865931A (en) * | 2020-06-29 | 2020-10-30 | 北京明略软件系统有限公司 | Security control method and device for data center station and computer readable storage medium |
| CN112651690A (en) * | 2021-01-05 | 2021-04-13 | 上海中通吉网络技术有限公司 | End three-party mail service docking method, device and system |
| CN113965536A (en) * | 2021-10-19 | 2022-01-21 | 广州华多网络科技有限公司 | Message token updating method and device, equipment, medium and product thereof |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN103873332A (en) * | 2014-03-28 | 2014-06-18 | 浪潮软件集团有限公司 | Method for providing enterprise service bus of unified service environment by tax system |
| CN105278946A (en) * | 2015-06-12 | 2016-01-27 | 浙江大学 | RESTful API visualization method |
| CN105550583A (en) * | 2015-12-22 | 2016-05-04 | 电子科技大学 | Random forest classification method based detection method for malicious application in Android platform |
| US20160277374A1 (en) * | 2011-10-31 | 2016-09-22 | Reid Consulting Group | System and method for securely storing and sharing information |
| CN106685771A (en) * | 2016-12-14 | 2017-05-17 | 国网浙江省电力公司 | Unified access method for all service channels of electric power marketing |
-
2017
- 2017-12-04 CN CN201711260094.6A patent/CN107835195B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160277374A1 (en) * | 2011-10-31 | 2016-09-22 | Reid Consulting Group | System and method for securely storing and sharing information |
| CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN103873332A (en) * | 2014-03-28 | 2014-06-18 | 浪潮软件集团有限公司 | Method for providing enterprise service bus of unified service environment by tax system |
| CN105278946A (en) * | 2015-06-12 | 2016-01-27 | 浙江大学 | RESTful API visualization method |
| CN105550583A (en) * | 2015-12-22 | 2016-05-04 | 电子科技大学 | Random forest classification method based detection method for malicious application in Android platform |
| CN106685771A (en) * | 2016-12-14 | 2017-05-17 | 国网浙江省电力公司 | Unified access method for all service channels of electric power marketing |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111274587A (en) * | 2018-12-05 | 2020-06-12 | 北京嘀嘀无限科技发展有限公司 | System and method for controlling user access to objects |
| CN111274587B (en) * | 2018-12-05 | 2023-10-03 | 北京嘀嘀无限科技发展有限公司 | System and method for controlling user access to objects |
| CN109783470A (en) * | 2018-12-13 | 2019-05-21 | 中国平安人寿保险股份有限公司 | Owner's follow-up mechanism, method and the storage medium of database subsystem |
| CN109783470B (en) * | 2018-12-13 | 2024-02-06 | 中国平安人寿保险股份有限公司 | Owner tracking device, method and storage medium of database subsystem |
| CN109587277A (en) * | 2019-01-14 | 2019-04-05 | 山东建筑大学 | A kind of building networked virtualization management platform and management method |
| CN110708298A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for centralized management of dynamic instance identity and access |
| CN111200644A (en) * | 2019-12-27 | 2020-05-26 | 福建升腾资讯有限公司 | Mirror image caching method and system based on relay server under internet environment |
| CN111147509A (en) * | 2019-12-30 | 2020-05-12 | 北京三快在线科技有限公司 | Network isolation method, device, server and storage medium |
| CN111399787B (en) * | 2020-03-25 | 2023-04-21 | 中孚安全技术有限公司 | Distributed printing auditing system and auditing method |
| CN111399787A (en) * | 2020-03-25 | 2020-07-10 | 中孚安全技术有限公司 | Distributed printing auditing system and auditing method |
| CN111654379A (en) * | 2020-06-08 | 2020-09-11 | 杭州安恒信息技术股份有限公司 | Multi-server unified token generation method and authentication method |
| CN111865931B (en) * | 2020-06-29 | 2023-04-07 | 北京明略软件系统有限公司 | Security control method and device for data center station and computer readable storage medium |
| CN111865931A (en) * | 2020-06-29 | 2020-10-30 | 北京明略软件系统有限公司 | Security control method and device for data center station and computer readable storage medium |
| CN112651690A (en) * | 2021-01-05 | 2021-04-13 | 上海中通吉网络技术有限公司 | End three-party mail service docking method, device and system |
| CN113965536A (en) * | 2021-10-19 | 2022-01-21 | 广州华多网络科技有限公司 | Message token updating method and device, equipment, medium and product thereof |
| CN113965536B (en) * | 2021-10-19 | 2023-06-02 | 广州华多网络科技有限公司 | Message token updating method and device, equipment, medium and product thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107835195B (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107835195A (en) | A kind of distributed network application node integrated management method | |
| US11038868B2 (en) | System and method for identity management | |
| US20210326426A1 (en) | System and Method for Identity Management | |
| CN105009131B (en) | Promote the multilayer authentication method communicated between intelligent home equipment and server based on cloud | |
| WO2017166823A1 (en) | Intelligent household energy internet of things system for intelligent city system | |
| US9876803B2 (en) | System and method for identity management | |
| CN100542092C (en) | Distributed access control method in multistage securities | |
| CN109729168A (en) | A kind of data share exchange system and method based on block chain | |
| CN110050474A (en) | The type name of subobject for the composite object in Internet of Things network and block chain | |
| CN108111334B (en) | Integration system and method of network application node | |
| CN105117657B (en) | A kind of design method and system of the open mandate access based on intelligence s ervice | |
| CN109034720A (en) | A kind of mobile oa platform and device suitable for power scheduling service management | |
| CN104813685A (en) | Subscription-notification mechanisms for synchronization of distributed states | |
| CN108876669B (en) | Course notarization system and method applied to multi-platform education resource sharing | |
| CN111177695A (en) | Intelligent household equipment access control method based on block chain | |
| CA2514004A1 (en) | System and method for controlling network access | |
| CN108510626A (en) | A kind of dynamic password access control management method and its management system | |
| CN104331669A (en) | Application of wisdom medical sensitive data encryption technique | |
| CN110502927A (en) | A kind of information processing method and relevant apparatus | |
| CN109361753A (en) | A kind of Internet of things system framework and encryption method | |
| CN104754287B (en) | Video monitoring equipment configuration parameter delivery method and system | |
| CN108092945A (en) | Definite method and apparatus, the terminal of access rights | |
| CN111786954A (en) | Power grid data access method based on block chain and user role control and computer equipment | |
| WO2019101156A1 (en) | Device control method, and related device for same | |
| CN107066839A (en) | The license distribution carried out for the third party's service operated in association with licensed first party service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |