CN108111522A - It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu - Google Patents
It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu Download PDFInfo
- Publication number
- CN108111522A CN108111522A CN201711463821.9A CN201711463821A CN108111522A CN 108111522 A CN108111522 A CN 108111522A CN 201711463821 A CN201711463821 A CN 201711463821A CN 108111522 A CN108111522 A CN 108111522A
- Authority
- CN
- China
- Prior art keywords
- resource
- task
- data
- onu
- geographical location
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of method that safe universal service protocol frame is stablized in realization on onu, this method comprises the following steps:Real time monitoring port is created, safe mobile phone connection is established, connects after finishing just release resource each time, ensure that resource is not wasted, resource is protected.By checking the legitimacy for detecting geographical location information, ensure geography information legitimacy, legal geography information passes to data processing task.The data interaction of management platform and onu carry out layered shaping, ensure the legitimacy of data, resource is discharged after data interaction is complete each time, ensure that resource is not wasted.The information obtained after data hierarchy parsing is put into task queue, and information needs to take the priority of current time and task, and message task performs weighting scheduling in scheduling, ensures the normal execution of task concurrent tasks.The present invention realizes a kind of cross-platform universal service and realizes frame, can be realized in different operating system, different hardware platforms.
Description
Technical field
It is realized the present invention relates to Home Gateway Technology more particularly to one kind on onu and stablizes safe universal service agreement frame
The method of frame.
Background technology
With the continuous popularization of Chinese fiber bandwidth accessing user, the continuous popularization of rural bandwidth, the quantity size of user
Constantly expand, O&M cost is higher and higher, and traditional terminal user management and maintenance can not meet regulatory requirement, to tackle broadband
The continuous increase of userbase is, it is necessary to a kind of simple and safe universal service specification.
《The special stationary client devices technology requirement of broadband universal service》It defines and fixes net for broadband universal service
The physical interface of the client router equipment of network upstream Interface, protocol interface, functions of the equipments, operation management maintainance function, property
Can requirement and other requirements etc., device power can discovering device location information, which provides a kind of simple fortune
Dimension mechanism.
Tradition is realized in protocol frame, is simply realized agreement, is not accounted for the safety and resource security of agreement, hold very much
System crash is easily led to, tackles the attacking ability deficiency of network.
The content of the invention
The defects of the technical problem to be solved in the present invention is to be directed in the prior art provides one kind and is realized surely on onu
The method of the full universal service protocol frame in Dingan County.
The technical solution adopted by the present invention to solve the technical problems is:One kind realizes that stablizing safety generally takes on onu
The method of business protocol frame, comprises the following steps:
S1) onu creates monitoring port, establishes safe mobile phone connection, and each connection uses special memory management, each time
Resource is just discharged after the completion of connection;The resource includes memory source and tcp resources;It is specific as follows:
S11) cell phone apparatus of access is authenticated by cryptographic technique, ensures that access device is legal;
S12) the access information of comparison connection cell phone apparatus, prevents warping apparatus from accessing;The access information is mobile phone
Mac addresses;
S13 the geographical location information of mobile phone) is gathered, geographical location information discharges resource after the completion of reporting, if even
Connect time-out release resource;
S14 the quantity of connection resource) is detected, if beyond resource threshold, just discharges resource;
S15) connected reference each time carries out reporting for geographical location information, and to prevent abnormal operation, access terminates
After release immediately resource;
S2) synchronization onu times and update local geographical location information storehouse, the geographical location information and geography reported to mobile phone
The time that location information reports carries out legitimacy and is checked, ensures geographical location information legitimacy;
S3 after) geographical location information detection is legal, management supports platform and onu to carry out data interaction, and interaction data is
HTTP forms, onu carry out layered shaping to interaction data, ensure the legitimacy of data, to resource after data interaction is complete each time
It is discharged, ensures that resource is not wasted;
S4 the mission bit stream obtained after) data hierarchy is parsed is put into task queue, when mission bit stream needs to take current
Between and task priority;
S5 task to be treated) is handled in task queue successively, is added according to the priority of task and task time
Right scheduling performs, and ensures the serial execution of concurrent tasks, so as to ensure that the normal utilization of resource.
By said program, the step S3) in carry out layered shaping to interaction data specific as follows:Layering analysis message,
The mac addresses of Platform Server are supported in parsing management, and mac is checked, prevents mac from cheating;Platform service is supported to management
The ip addresses of device are checked, prevent illegal ip from accessing;The http of Platform Server is supported management to carry out Inspection and analysis, is obtained
Need performing for task.
By said program, the step S1) in mobile phone access is set by WPA/WPA2-PSK cryptographic techniques when connecting
It is standby to be authenticated, ensure access device security.
By said program, the step S14) if middle release resource, which further includes mobile phone, connects no data friendship in socket5 seconds
Socket resources, while releasing memory resource are just discharged when mutually.
By said program, the step S14) if in linking number be more than 5 denied access, and discharge resource.
The beneficial effect comprise that:
1st, realize a kind of cross-platform universal service and realize frame, the present invention can be different in different operating system
Hardware platform on realize.
2nd, the detection to access device is passed through, it is therefore prevented that the access and attack of warping apparatus ensure that the safety fortune of agreement
Row.
3rd, concurrent tasks are realized with serial execution, memory is ensured that concurrent task serial performs, also protected using individually management
Hot job has been demonstrate,proved preferentially to perform.
4th, Installed System Memory, which efficiently uses, ensure that the independent management of memory.
Description of the drawings
Below in conjunction with accompanying drawings and embodiments, the invention will be further described, in attached drawing:
Fig. 1 is the method flow diagram of the embodiment of the present invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that specific embodiment described herein is not used to limit only to explain the present invention
The fixed present invention.
As shown in Figure 1, the present invention is a kind of to realize the method for stablizing safe universal service protocol frame on onu, implement step
It is rapid as follows:
S1) process 1 creates real time monitoring port, establishes safe mobile phone connection, and when socket discharges, connection every time uses
Special memory management each time after the completion of connection processing, discharges the memory of establishment
S2 the legitimacy of geographical location information) is detected, notice process 2 and management platform carry out data after geography information is legal
Interaction.
S3) process 2 create socket and management support platform carry out data interaction, interaction data be HTTP forms, process 2
Layered shaping is carried out to data, the legitimacy and resource for ensureing data normally discharge.
S4) current time and precedence information are put into task queue on the mission bit stream band obtained after data hierarchy parsing,
The serial execution of guarantee task prevents the concurrent of task, release resource after data processing is complete.
S5) process 3 handles task to be treated successively in task queue, according to the priority of task and task time
Priority is weighted out, task is serially performed according to priority.
S1 process 1 is created comprising following several steps in):
1. creating listening port 17999, it is 5 to set the maximum number of connections that 17999 ports receive simultaneously.
2. creating memory, the application of all 1 memories of process is using the memory, if application Out of Memory, dynamic increases should
Memory.
3. by ntp synchronization local zone times, synchronous local geographical location information.
The mobile phone connection of safety includes following several aspects:
1. mobile phone needs the equipment of access to be authenticated by WPA/WPA2-PSK cryptographic techniques when connecting, ensure access
Device security.
2. judging whether mobile phone mac is legal, illegality equipment is forbidden accessing, and ensures access device security.
In 3.socket connections 5 seconds socket resources, while releasing memory resource are just discharged during no data interaction.
4. detecting linking number, no more than 5, more than 5 with regard to denied access, and resource is discharged.
5. after the completion of geography information interaction, socket resources and memory source are released.
S2 process 1 notifies process 2 that can carry out data interaction by way of shared drive in), and process 1 is to shared drive
Write operation is carried out, process 2 carries out read operation, read-write operation mutual exclusion to shared drive.
S3 layering analysis message contains below step in):
1. parsing mac, mac is checked, prevents mac from cheating.
2. a couple ip is checked, prevent illegal ip from accessing.
3. couple http carries out Inspection and analysis, the needing to perform of the task is obtained.
S4 task first needs band current time and priority into enqueue in), and weighted calculation is needed before execution task most
Priority afterwards.
S5 process 3 handles priority scheduling and the execution of RPC tasks in), includes below step:
1. obtain mission bit stream from task queue.
2. execution priority is calculated according to time and priority, according to priority come implementing result.
It should be appreciated that for those of ordinary skills, can be improved or converted according to the above description,
And all these modifications and variations should all belong to the protection domain of appended claims of the present invention.
Claims (5)
1. a kind of realize the method for stablizing safe universal service protocol frame on onu, which is characterized in that comprises the following steps:
S1) onu creates monitoring port, establishes safe mobile phone connection, and each connection uses special memory management, connects each time
Resource is just discharged after finishing;The resource includes memory source and tcp resources;It is specific as follows:
S11) cell phone apparatus of access is authenticated by cryptographic technique, ensures that access device is legal;
S12) the access information of comparison connection cell phone apparatus, prevents warping apparatus from accessing;The access information for mobile phone mac
Location;
S13 the geographical location information of mobile phone) is gathered, geographical location information discharges resource after the completion of reporting, if connection is super
When discharge resource;
S14 the quantity of connection resource) is detected, if beyond resource threshold, just discharges resource;
S15) connected reference each time carries out reporting for geographical location information, to prevent abnormal operation, is stood after access
Discharge resource;
S2) synchronization onu times and update local geographical location information storehouse, the geographical location information reported to mobile phone and geographical location
The time of information reporting carries out legitimacy and is checked, ensures geographical location information legitimacy;
S3 after) geographical location information detection is legal, platform is supported in management and onu carries out data interaction, and interaction data is HTTP lattice
Formula, onu carry out layered shaping to interaction data, ensure the legitimacy of data, resource is released after data interaction is complete each time
It puts, ensures that resource is not wasted;
S4 the mission bit stream obtained after) data hierarchy is parsed is put into task queue, mission bit stream need to take current time and
The priority of task;
S5 task to be treated) is handled in task queue successively, tune is weighted according to the priority of task and task time
Degree performs, and ensures the serial execution of concurrent tasks, so as to ensure that the normal utilization of resource.
2. according to the method described in claim 1, the it is characterized in that, step S3) in layered shaping is carried out to interaction data
It is specific as follows:Layering analysis message, parsing management support the mac addresses of Platform Server, mac are checked, prevents mac from taking advantage of
It deceives;The ip addresses for supporting Platform Server to management check, prevent illegal ip from accessing;Platform Server is supported to management
Http carries out Inspection and analysis, obtains the needing to perform of the task.
3. according to the method described in claim 1, the it is characterized in that, step S1) in mobile phone when connecting by WPA or
WPA2-PSK cryptographic techniques are authenticated the equipment of access, ensure access device security.
4. according to the method described in claim 1, the it is characterized in that, step S14) if middle release resource further includes mobile phone company
It connects and just discharges socket resources, while releasing memory resource when no data interacts in socket5 seconds.
5. according to the method described in claim 1, the it is characterized in that, step S14) if in linking number be more than 5 refusals
It accesses, and discharges resource.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711463821.9A CN108111522A (en) | 2017-12-28 | 2017-12-28 | It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711463821.9A CN108111522A (en) | 2017-12-28 | 2017-12-28 | It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108111522A true CN108111522A (en) | 2018-06-01 |
Family
ID=62214259
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711463821.9A Pending CN108111522A (en) | 2017-12-28 | 2017-12-28 | It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108111522A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020220694A1 (en) * | 2019-04-29 | 2020-11-05 | 惠州Tcl移动通信有限公司 | Router, network connection method and mobile terminal |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101055533A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | Multithreading processor dynamic EMS memory management system and method |
JP4262103B2 (en) * | 2004-01-16 | 2009-05-13 | 日本電信電話株式会社 | Communication outlet |
CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
CN103118410A (en) * | 2013-02-18 | 2013-05-22 | 广州市动景计算机科技有限公司 | Mobile communication method, mobile communication system and server for mobile communication |
CN103530239A (en) * | 2013-10-18 | 2014-01-22 | 深圳市新格林耐特通信技术有限公司 | Method for improving performance of communication server by using memory pool |
CN104881324A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Memory management method in multi-thread environment |
-
2017
- 2017-12-28 CN CN201711463821.9A patent/CN108111522A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4262103B2 (en) * | 2004-01-16 | 2009-05-13 | 日本電信電話株式会社 | Communication outlet |
CN101055533A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | Multithreading processor dynamic EMS memory management system and method |
CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
CN103118410A (en) * | 2013-02-18 | 2013-05-22 | 广州市动景计算机科技有限公司 | Mobile communication method, mobile communication system and server for mobile communication |
CN103530239A (en) * | 2013-10-18 | 2014-01-22 | 深圳市新格林耐特通信技术有限公司 | Method for improving performance of communication server by using memory pool |
CN104881324A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Memory management method in multi-thread environment |
Non-Patent Citations (2)
Title |
---|
中华人民共和国工业和信化部: "《YD/T 3059-2016 宽带普遍服务专用固定客户端设备技术要求》", 5 April 2016 * |
罗卫兵: "《airMAX无线网络原理、技术与应用》", 31 July 2014 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020220694A1 (en) * | 2019-04-29 | 2020-11-05 | 惠州Tcl移动通信有限公司 | Router, network connection method and mobile terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10721258B2 (en) | Technologies for secure personalization of a security monitoring virtual network function | |
US11533341B2 (en) | Technologies for scalable security architecture of virtualized networks | |
JP6359766B2 (en) | Technology for distributed detection of security anomalies | |
US9100242B2 (en) | System and method for maintaining captive portal user authentication | |
CN103166996B (en) | HTTP connects and HTTPS connects self-adaptation method, Apparatus and system | |
TW201600997A (en) | Method, appliance and computer program product of dynamically generating a packet inspection policy for a policy enforcement point in a centralized management environment | |
CN113206814B (en) | Network event processing method and device and readable storage medium | |
CN104104516A (en) | Portal authentication method and device | |
CN103178988B (en) | The monitoring method and system of the virtual resources that a kind of performance optimizes | |
CN107888613B (en) | Management system based on cloud platform | |
EP3588856B1 (en) | Technologies for hot-swapping a legacy appliance with a network functions virtualization appliance | |
JP6081386B2 (en) | Information sharing apparatus, information sharing method, and information sharing program | |
CN102739684A (en) | Portal authentication method based on virtual IP address, and server thereof | |
CN106792684B (en) | Multi-protection wireless network safety protection system and protection method | |
KR20190029486A (en) | Elastic honeynet system and method for managing the same | |
CN110990115A (en) | Containerized deployment management system and method for honeypots | |
CN107800723A (en) | CC attack guarding methods and equipment | |
CN107948157A (en) | A kind of message processing method and device | |
CN108111522A (en) | It is a kind of that the method for stablizing safe universal service protocol frame is realized on onu | |
CN102316035A (en) | Foreground and background communication and data safety processing method in cluster router system | |
CN104601578A (en) | Recognition method and device for attack message and core device | |
CN107995199A (en) | The port speed constraint method and device of the network equipment | |
Feng et al. | DDoS attacks in experimental LTE networks | |
CN103685134A (en) | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device | |
Huang et al. | A whole-process WiFi security perception software system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180601 |
|
RJ01 | Rejection of invention patent application after publication |