CN108111522A - It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu - Google Patents

It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu Download PDF

Info

Publication number
CN108111522A
CN108111522A CN201711463821.9A CN201711463821A CN108111522A CN 108111522 A CN108111522 A CN 108111522A CN 201711463821 A CN201711463821 A CN 201711463821A CN 108111522 A CN108111522 A CN 108111522A
Authority
CN
China
Prior art keywords
resource
task
data
onu
geographical location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711463821.9A
Other languages
Chinese (zh)
Inventor
卢方增
杜军
郑直
田明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN YANGTZE OPTICAL TECHNOLOGY Co Ltd
Original Assignee
WUHAN YANGTZE OPTICAL TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN YANGTZE OPTICAL TECHNOLOGY Co Ltd filed Critical WUHAN YANGTZE OPTICAL TECHNOLOGY Co Ltd
Priority to CN201711463821.9A priority Critical patent/CN108111522A/en
Publication of CN108111522A publication Critical patent/CN108111522A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method that safe universal service protocol frame is stablized in realization on onu, this method comprises the following steps:Real time monitoring port is created, safe mobile phone connection is established, connects after finishing just release resource each time, ensure that resource is not wasted, resource is protected.By checking the legitimacy for detecting geographical location information, ensure geography information legitimacy, legal geography information passes to data processing task.The data interaction of management platform and onu carry out layered shaping, ensure the legitimacy of data, resource is discharged after data interaction is complete each time, ensure that resource is not wasted.The information obtained after data hierarchy parsing is put into task queue, and information needs to take the priority of current time and task, and message task performs weighting scheduling in scheduling, ensures the normal execution of task concurrent tasks.The present invention realizes a kind of cross-platform universal service and realizes frame, can be realized in different operating system, different hardware platforms.

Description

It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu
Technical field
It is realized the present invention relates to Home Gateway Technology more particularly to one kind on onu and stablizes safe universal service agreement frame The method of frame.
Background technology
With the continuous popularization of Chinese fiber bandwidth accessing user, the continuous popularization of rural bandwidth, the quantity size of user Constantly expand, O&M cost is higher and higher, and traditional terminal user management and maintenance can not meet regulatory requirement, to tackle broadband The continuous increase of userbase is, it is necessary to a kind of simple and safe universal service specification.
《The special stationary client devices technology requirement of broadband universal service》It defines and fixes net for broadband universal service The physical interface of the client router equipment of network upstream Interface, protocol interface, functions of the equipments, operation management maintainance function, property Can requirement and other requirements etc., device power can discovering device location information, which provides a kind of simple fortune Dimension mechanism.
Tradition is realized in protocol frame, is simply realized agreement, is not accounted for the safety and resource security of agreement, hold very much System crash is easily led to, tackles the attacking ability deficiency of network.
The content of the invention
The defects of the technical problem to be solved in the present invention is to be directed in the prior art provides one kind and is realized surely on onu The method of the full universal service protocol frame in Dingan County.
The technical solution adopted by the present invention to solve the technical problems is:One kind realizes that stablizing safety generally takes on onu The method of business protocol frame, comprises the following steps:
S1) onu creates monitoring port, establishes safe mobile phone connection, and each connection uses special memory management, each time Resource is just discharged after the completion of connection;The resource includes memory source and tcp resources;It is specific as follows:
S11) cell phone apparatus of access is authenticated by cryptographic technique, ensures that access device is legal;
S12) the access information of comparison connection cell phone apparatus, prevents warping apparatus from accessing;The access information is mobile phone Mac addresses;
S13 the geographical location information of mobile phone) is gathered, geographical location information discharges resource after the completion of reporting, if even Connect time-out release resource;
S14 the quantity of connection resource) is detected, if beyond resource threshold, just discharges resource;
S15) connected reference each time carries out reporting for geographical location information, and to prevent abnormal operation, access terminates After release immediately resource;
S2) synchronization onu times and update local geographical location information storehouse, the geographical location information and geography reported to mobile phone The time that location information reports carries out legitimacy and is checked, ensures geographical location information legitimacy;
S3 after) geographical location information detection is legal, management supports platform and onu to carry out data interaction, and interaction data is HTTP forms, onu carry out layered shaping to interaction data, ensure the legitimacy of data, to resource after data interaction is complete each time It is discharged, ensures that resource is not wasted;
S4 the mission bit stream obtained after) data hierarchy is parsed is put into task queue, when mission bit stream needs to take current Between and task priority;
S5 task to be treated) is handled in task queue successively, is added according to the priority of task and task time Right scheduling performs, and ensures the serial execution of concurrent tasks, so as to ensure that the normal utilization of resource.
By said program, the step S3) in carry out layered shaping to interaction data specific as follows:Layering analysis message, The mac addresses of Platform Server are supported in parsing management, and mac is checked, prevents mac from cheating;Platform service is supported to management The ip addresses of device are checked, prevent illegal ip from accessing;The http of Platform Server is supported management to carry out Inspection and analysis, is obtained Need performing for task.
By said program, the step S1) in mobile phone access is set by WPA/WPA2-PSK cryptographic techniques when connecting It is standby to be authenticated, ensure access device security.
By said program, the step S14) if middle release resource, which further includes mobile phone, connects no data friendship in socket5 seconds Socket resources, while releasing memory resource are just discharged when mutually.
By said program, the step S14) if in linking number be more than 5 denied access, and discharge resource.
The beneficial effect comprise that:
1st, realize a kind of cross-platform universal service and realize frame, the present invention can be different in different operating system Hardware platform on realize.
2nd, the detection to access device is passed through, it is therefore prevented that the access and attack of warping apparatus ensure that the safety fortune of agreement Row.
3rd, concurrent tasks are realized with serial execution, memory is ensured that concurrent task serial performs, also protected using individually management Hot job has been demonstrate,proved preferentially to perform.
4th, Installed System Memory, which efficiently uses, ensure that the independent management of memory.
Description of the drawings
Below in conjunction with accompanying drawings and embodiments, the invention will be further described, in attached drawing:
Fig. 1 is the method flow diagram of the embodiment of the present invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that specific embodiment described herein is not used to limit only to explain the present invention The fixed present invention.
As shown in Figure 1, the present invention is a kind of to realize the method for stablizing safe universal service protocol frame on onu, implement step It is rapid as follows:
S1) process 1 creates real time monitoring port, establishes safe mobile phone connection, and when socket discharges, connection every time uses Special memory management each time after the completion of connection processing, discharges the memory of establishment
S2 the legitimacy of geographical location information) is detected, notice process 2 and management platform carry out data after geography information is legal Interaction.
S3) process 2 create socket and management support platform carry out data interaction, interaction data be HTTP forms, process 2 Layered shaping is carried out to data, the legitimacy and resource for ensureing data normally discharge.
S4) current time and precedence information are put into task queue on the mission bit stream band obtained after data hierarchy parsing, The serial execution of guarantee task prevents the concurrent of task, release resource after data processing is complete.
S5) process 3 handles task to be treated successively in task queue, according to the priority of task and task time Priority is weighted out, task is serially performed according to priority.
S1 process 1 is created comprising following several steps in):
1. creating listening port 17999, it is 5 to set the maximum number of connections that 17999 ports receive simultaneously.
2. creating memory, the application of all 1 memories of process is using the memory, if application Out of Memory, dynamic increases should Memory.
3. by ntp synchronization local zone times, synchronous local geographical location information.
The mobile phone connection of safety includes following several aspects:
1. mobile phone needs the equipment of access to be authenticated by WPA/WPA2-PSK cryptographic techniques when connecting, ensure access Device security.
2. judging whether mobile phone mac is legal, illegality equipment is forbidden accessing, and ensures access device security.
In 3.socket connections 5 seconds socket resources, while releasing memory resource are just discharged during no data interaction.
4. detecting linking number, no more than 5, more than 5 with regard to denied access, and resource is discharged.
5. after the completion of geography information interaction, socket resources and memory source are released.
S2 process 1 notifies process 2 that can carry out data interaction by way of shared drive in), and process 1 is to shared drive Write operation is carried out, process 2 carries out read operation, read-write operation mutual exclusion to shared drive.
S3 layering analysis message contains below step in):
1. parsing mac, mac is checked, prevents mac from cheating.
2. a couple ip is checked, prevent illegal ip from accessing.
3. couple http carries out Inspection and analysis, the needing to perform of the task is obtained.
S4 task first needs band current time and priority into enqueue in), and weighted calculation is needed before execution task most Priority afterwards.
S5 process 3 handles priority scheduling and the execution of RPC tasks in), includes below step:
1. obtain mission bit stream from task queue.
2. execution priority is calculated according to time and priority, according to priority come implementing result.
It should be appreciated that for those of ordinary skills, can be improved or converted according to the above description, And all these modifications and variations should all belong to the protection domain of appended claims of the present invention.

Claims (5)

1. a kind of realize the method for stablizing safe universal service protocol frame on onu, which is characterized in that comprises the following steps:
S1) onu creates monitoring port, establishes safe mobile phone connection, and each connection uses special memory management, connects each time Resource is just discharged after finishing;The resource includes memory source and tcp resources;It is specific as follows:
S11) cell phone apparatus of access is authenticated by cryptographic technique, ensures that access device is legal;
S12) the access information of comparison connection cell phone apparatus, prevents warping apparatus from accessing;The access information for mobile phone mac Location;
S13 the geographical location information of mobile phone) is gathered, geographical location information discharges resource after the completion of reporting, if connection is super When discharge resource;
S14 the quantity of connection resource) is detected, if beyond resource threshold, just discharges resource;
S15) connected reference each time carries out reporting for geographical location information, to prevent abnormal operation, is stood after access Discharge resource;
S2) synchronization onu times and update local geographical location information storehouse, the geographical location information reported to mobile phone and geographical location The time of information reporting carries out legitimacy and is checked, ensures geographical location information legitimacy;
S3 after) geographical location information detection is legal, platform is supported in management and onu carries out data interaction, and interaction data is HTTP lattice Formula, onu carry out layered shaping to interaction data, ensure the legitimacy of data, resource is released after data interaction is complete each time It puts, ensures that resource is not wasted;
S4 the mission bit stream obtained after) data hierarchy is parsed is put into task queue, mission bit stream need to take current time and The priority of task;
S5 task to be treated) is handled in task queue successively, tune is weighted according to the priority of task and task time Degree performs, and ensures the serial execution of concurrent tasks, so as to ensure that the normal utilization of resource.
2. according to the method described in claim 1, the it is characterized in that, step S3) in layered shaping is carried out to interaction data It is specific as follows:Layering analysis message, parsing management support the mac addresses of Platform Server, mac are checked, prevents mac from taking advantage of It deceives;The ip addresses for supporting Platform Server to management check, prevent illegal ip from accessing;Platform Server is supported to management Http carries out Inspection and analysis, obtains the needing to perform of the task.
3. according to the method described in claim 1, the it is characterized in that, step S1) in mobile phone when connecting by WPA or WPA2-PSK cryptographic techniques are authenticated the equipment of access, ensure access device security.
4. according to the method described in claim 1, the it is characterized in that, step S14) if middle release resource further includes mobile phone company It connects and just discharges socket resources, while releasing memory resource when no data interacts in socket5 seconds.
5. according to the method described in claim 1, the it is characterized in that, step S14) if in linking number be more than 5 refusals It accesses, and discharges resource.
CN201711463821.9A 2017-12-28 2017-12-28 It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu Pending CN108111522A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711463821.9A CN108111522A (en) 2017-12-28 2017-12-28 It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711463821.9A CN108111522A (en) 2017-12-28 2017-12-28 It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu

Publications (1)

Publication Number Publication Date
CN108111522A true CN108111522A (en) 2018-06-01

Family

ID=62214259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711463821.9A Pending CN108111522A (en) 2017-12-28 2017-12-28 It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu

Country Status (1)

Country Link
CN (1) CN108111522A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020220694A1 (en) * 2019-04-29 2020-11-05 惠州Tcl移动通信有限公司 Router, network connection method and mobile terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101055533A (en) * 2007-05-28 2007-10-17 中兴通讯股份有限公司 Multithreading processor dynamic EMS memory management system and method
JP4262103B2 (en) * 2004-01-16 2009-05-13 日本電信電話株式会社 Communication outlet
CN102158487A (en) * 2011-04-01 2011-08-17 福建星网锐捷网络有限公司 Network access control method, system and device
CN103118410A (en) * 2013-02-18 2013-05-22 广州市动景计算机科技有限公司 Mobile communication method, mobile communication system and server for mobile communication
CN103530239A (en) * 2013-10-18 2014-01-22 深圳市新格林耐特通信技术有限公司 Method for improving performance of communication server by using memory pool
CN104881324A (en) * 2014-09-28 2015-09-02 北京匡恩网络科技有限责任公司 Memory management method in multi-thread environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4262103B2 (en) * 2004-01-16 2009-05-13 日本電信電話株式会社 Communication outlet
CN101055533A (en) * 2007-05-28 2007-10-17 中兴通讯股份有限公司 Multithreading processor dynamic EMS memory management system and method
CN102158487A (en) * 2011-04-01 2011-08-17 福建星网锐捷网络有限公司 Network access control method, system and device
CN103118410A (en) * 2013-02-18 2013-05-22 广州市动景计算机科技有限公司 Mobile communication method, mobile communication system and server for mobile communication
CN103530239A (en) * 2013-10-18 2014-01-22 深圳市新格林耐特通信技术有限公司 Method for improving performance of communication server by using memory pool
CN104881324A (en) * 2014-09-28 2015-09-02 北京匡恩网络科技有限责任公司 Memory management method in multi-thread environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
中华人民共和国工业和信化部: "《YD/T 3059-2016 宽带普遍服务专用固定客户端设备技术要求》", 5 April 2016 *
罗卫兵: "《airMAX无线网络原理、技术与应用》", 31 July 2014 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020220694A1 (en) * 2019-04-29 2020-11-05 惠州Tcl移动通信有限公司 Router, network connection method and mobile terminal

Similar Documents

Publication Publication Date Title
US10721258B2 (en) Technologies for secure personalization of a security monitoring virtual network function
US11533341B2 (en) Technologies for scalable security architecture of virtualized networks
JP6359766B2 (en) Technology for distributed detection of security anomalies
US9100242B2 (en) System and method for maintaining captive portal user authentication
CN103166996B (en) HTTP connects and HTTPS connects self-adaptation method, Apparatus and system
TW201600997A (en) Method, appliance and computer program product of dynamically generating a packet inspection policy for a policy enforcement point in a centralized management environment
CN113206814B (en) Network event processing method and device and readable storage medium
CN104104516A (en) Portal authentication method and device
CN103178988B (en) The monitoring method and system of the virtual resources that a kind of performance optimizes
CN107888613B (en) Management system based on cloud platform
EP3588856B1 (en) Technologies for hot-swapping a legacy appliance with a network functions virtualization appliance
JP6081386B2 (en) Information sharing apparatus, information sharing method, and information sharing program
CN102739684A (en) Portal authentication method based on virtual IP address, and server thereof
CN106792684B (en) Multi-protection wireless network safety protection system and protection method
KR20190029486A (en) Elastic honeynet system and method for managing the same
CN110990115A (en) Containerized deployment management system and method for honeypots
CN107800723A (en) CC attack guarding methods and equipment
CN107948157A (en) A kind of message processing method and device
CN108111522A (en) It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu
CN102316035A (en) Foreground and background communication and data safety processing method in cluster router system
CN104601578A (en) Recognition method and device for attack message and core device
CN107995199A (en) The port speed constraint method and device of the network equipment
Feng et al. DDoS attacks in experimental LTE networks
CN103685134A (en) WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device
Huang et al. A whole-process WiFi security perception software system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180601

RJ01 Rejection of invention patent application after publication