CN110191139A - A kind of method for authenticating and system, the method for accessing terminal to network - Google Patents
A kind of method for authenticating and system, the method for accessing terminal to network Download PDFInfo
- Publication number
- CN110191139A CN110191139A CN201910646294.8A CN201910646294A CN110191139A CN 110191139 A CN110191139 A CN 110191139A CN 201910646294 A CN201910646294 A CN 201910646294A CN 110191139 A CN110191139 A CN 110191139A
- Authority
- CN
- China
- Prior art keywords
- terminal
- token
- access request
- mark
- right discriminating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Small-Scale Networks (AREA)
Abstract
The present embodiments relate to a kind of method for authenticating and system, the method for accessing terminal to network, Center Authentication system, edge right discriminating system, terminal.Wherein, this method comprises: in response to the access request received, obtain the token for the terminal that access request carries and the mark of terminal, token corresponding with mark is extracted from presetting database, judge whether the token of the token extracted and terminal is consistent, if consistent, then generate new token, obtain the uniform resource locator of edge right discriminating system belonging to terminal, new token and uniform resource locator are sent to terminal, new token and mark are sent to edge right discriminating system, avoid the technical problem that Authentication time is long in the prior art, realize the authentication pressure for reducing Center Authentication system, reduce the load of Center Authentication system, improve the operational efficiency of Center Authentication system, and then realize time-saving technical effect.
Description
Technical field
The present embodiments relate to Internet technical field more particularly to a kind of method for authenticating and system, terminal to access net
The method of network, Center Authentication system, edge right discriminating system.
Background technique
Content distributing network, full name in English are Content Delivery Network, English abbreviation CDN.It is basic
Thinking is the bottleneck and link for avoiding being possible to influence data transmission bauds and stability on internet as far as possible, makes content transmission
Faster, it is more stable.
In the prior art, in order to guarantee the safe and stable operation of CDN system, the malicious attack of hacker is prevented, outside is set
Standby (terminal) needs to carry out authentication when accessing CDN system, and the legitimate device that only the authentication is passed can be just allowed to access
System, the service provided using CDN system.But in the prior art, the main method using " centralization authentication " is to the external world
The access request of equipment verify.
Inventor is in implementing the present invention, it may, discovery at least sets the external world in the presence of the method using " centralization authentication "
When verify of standby access request, caused by the long technical problem of Authentication time.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of authentication for the drawbacks described above in the presence of the prior art
Method and system, the method for accessing terminal to network, Center Authentication system, edge right discriminating system, terminal, to solve the prior art
It is middle to there is a problem of what Authentication time was grown.
According to an aspect of an embodiment of the present invention, the embodiment of the invention provides a kind of method for authenticating, in response to receiving
The access request arrived obtains the token for the terminal that the access request carries and the mark of the terminal, wherein the access is asked
The access seeking the access request for the first time including being initiated by the terminal and/or being initiated by the terminal that edge right discriminating system forwards
Request;
Token corresponding with the mark is extracted from presetting database;
Judge whether the token extracted is consistent with the token of the terminal;
If consistent, new token is generated;
Obtain the uniform resource locator of edge right discriminating system belonging to the terminal;
The new token and the uniform resource locator are sent to the terminal, so that the terminal is based on described
Uniform resource locator initiates access request next time;
The new token and the mark are sent to the edge right discriminating system, so as to the edge right discriminating system pair
The access request next time received is verified.
In some embodiments, when the token of the terminal is encrypted token, then the access is obtained described
After requesting the token of the terminal carried and the mark of the terminal, the token for judging to extract and the terminal
Before whether token is consistent, the method also includes:
Public key corresponding with the mark of the terminal is extracted from the database;
The encrypted token is decrypted according to the public key, obtains the token of the terminal.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of method for authenticating, the side
Method includes:
Receive the corresponding token of each terminal and mark that Center Authentication system is sent, wherein a terminal is corresponding
One token and a mark;
Establish the token of each terminal and the mapping relations of mark;
In response to the access request that target terminal is initiated, it is corresponding to obtain the target terminal that the access request carries
Token and mark;
Target spoke corresponding with the mark of the target terminal is determined according to the mapping relations;
Judge whether the target spoke is consistent with the token of the target terminal;
If consistent, the information that the authentication is passed is sent to the target terminal.
In some embodiments, the access request initiated in response to the target terminal, the method also includes:
In response to the access request that the target terminal is initiated, judge whether current operating parameter meets the target
The access of terminal;
If satisfied, then executing the corresponding token of the target terminal and mark for obtaining the access request carrying;
If not satisfied, the access request is then forwarded to the Center Authentication system, so as to the Center Authentication system
The access request is authenticated.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of side of accessing terminal to network
Method, which comprises
In response to getting the triggering information of access network, the access for generating the token of carried terminal and the mark of terminal is asked
It asks;
Judge whether the access request is access request for the first time;
If access request for the first time, then the access request is sent to Center Authentication system, to be reflected by the center
Power system verifies the access request;
If not access request for the first time, then be sent to edge right discriminating system for the access request, so as to by the edge
Right discriminating system verifies the access request.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of Center Authentication system, institute
Stating Center Authentication system includes:
First obtains module, for the access request in response to receiving, obtains the terminal that the access request carries
The mark of token and the terminal, wherein the access request include the access request for the first time initiated by the terminal and/or by
The access request that the terminal of edge right discriminating system forwarding is initiated;
Extraction module, for extracting token corresponding with the mark from presetting database;
Whether first judgment module, the token for judging to extract are consistent with the token of the terminal;
First generation module, if generating new token for consistent;
The first acquisition module is also used to, and obtains the unified resource positioning of edge right discriminating system belonging to the terminal
Symbol;
First sending module, for the new token and the uniform resource locator to be sent to the terminal, with
Toilet states the access request of terminal next time based on uniform resource locator initiation;
First sending module is also used to, and the new token and the mark are sent to edge authentication system
System, so that the edge right discriminating system verifies the access request described in receiving next time.
In some embodiments, the Center Authentication system further include:
The extraction module is also used to, and extracts public key corresponding with the mark of the terminal from the database;
Deciphering module obtains the order of the terminal for the encrypted token to be decrypted according to the public key
Board.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of edge right discriminating system, institute
Stating edge right discriminating system includes:
Receiving module, for receiving the corresponding token of each terminal and mark of the transmission of Center Authentication system, wherein one
The corresponding token of the terminal and a mark;
Module is established, for establishing the token of each terminal and the mapping relations of mark;
Second obtains module, and the access request for initiating in response to target terminal obtains what the access request carried
The corresponding token of the target terminal and mark;
Determining module, for determining target spoke corresponding with the mark of the target terminal according to the mapping relations;
Second judgment module, for judging whether the target spoke is consistent with the token of the target terminal;
Second sending module, if sending the information that the authentication is passed to the target terminal for consistent.
In some embodiments, the edge right discriminating system further include:
Second judgment module is also used to, and in response to the access request that the target terminal is initiated, judgement is current
Whether operating parameter meets the access of the target terminal;
The second acquisition module is also used to, if satisfied, then executing the mesh for obtaining the access request and carrying
Mark the corresponding token of terminal and mark;
Forwarding module, for if not satisfied, the access request is then forwarded to the Center Authentication system, so as to described
Center Authentication system authenticates the access request.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of terminal, the terminal packet
It includes:
Second generation module, in response to get access network triggering information, generate carried terminal token and
The access request of the mark of terminal;
Third judgment module, for judging whether the access request is access request for the first time;
Third sending module, if the access request is then sent to Center Authentication system for access request for the first time,
To be verified by the Center Authentication system to the access request;
The third sending module is also used to, if not access request for the first time, then be sent to edge for the access request
Right discriminating system, to be verified by the edge right discriminating system to the access request.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of right discriminating system, the mirror
Power system includes:
Center Authentication system as described above;
Edge as described above right discriminating system;
Terminal as described above.
The beneficial effect of the embodiment of the present invention is, due to using the access request in response to receiving, obtains access
Request carry terminal token and terminal mark, wherein access request include by terminal initiate access request for the first time and/
Or the access request initiated by the terminal that edge right discriminating system forwards, token corresponding with mark is extracted from presetting database,
Judge whether the token of the token extracted and terminal is consistent, if unanimously, generating new token, obtains edge belonging to terminal
New token and uniform resource locator are sent to terminal by the uniform resource locator of right discriminating system, so that terminal is based on system
One Resource Locator initiates access request next time, new token and mark is sent to edge right discriminating system, so as to edge
The technical solution that right discriminating system verifies the access request next time received avoids use " centralization authentication "
Method to when the verifying of access request of external device, caused by the long technical problem of Authentication time, reflect using by center
The mode that power system and edge right discriminating system authenticate respectively realizes the authentication pressure for reducing Center Authentication system, reduces center mirror
The load of power system improves the operational efficiency of Center Authentication system, and then realizes time-saving technical effect.
Detailed description of the invention
Fig. 1 is the schematic diagram of the method for authenticating of the embodiment of the present disclosure;
Fig. 2 is the schematic diagram of the method for authenticating of another embodiment of the disclosure;
Fig. 3 is the schematic diagram of the method for the accessing terminal to network of the embodiment of the present disclosure;
Fig. 4 is the schematic diagram of the Center Authentication system of the embodiment of the present disclosure;
Fig. 5 is the schematic diagram of the edge right discriminating system of the embodiment of the present disclosure;
Fig. 6 is the schematic diagram of the terminal of the embodiment of the present disclosure;
Fig. 7 is the schematic diagram of the right discriminating system of the embodiment of the present disclosure;
Appended drawing reference:
1, first module is obtained, 2, extraction module, 3, first judgment module, the 4, first generation module, 5, first sends mould
Block, 6, deciphering module, 21, receiving module, 22, establish module, 23, second obtains module, 24, determining module, the 25, second judgement
Module, the 26, second sending module, 27, forwarding module, the 31, second generation module, 32, third judgment module, 33, third transmission
Module, 100, Center Authentication system, 200, edge right discriminating system, 300, terminal.
Specific embodiment
In being described below, for illustration and not for limitation, propose such as specific system structure, interface, technology it
The detail of class, to understand thoroughly the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, omit to well-known system, circuit and
The detailed description of method, in case unnecessary details interferes description of the invention.
The embodiment of the invention provides a kind of method for authenticating and system, the method for accessing terminal to network, Center Authentication system,
Edge right discriminating system, terminal.
According to an aspect of an embodiment of the present invention, the embodiment of the invention provides a kind of method for authenticating.
Referring to Fig. 1, Fig. 1 is the schematic diagram of the method for authenticating of the embodiment of the present disclosure.
As shown in Figure 1, this method comprises:
S1: Center Authentication system in response to the access request that receives, obtain the terminal that access request carries token and
The mark of terminal, wherein access request includes the access request for the first time initiated by terminal and/or forwarded by edge right discriminating system
The access request that terminal is initiated.
Wherein, terminal includes the equipment for having access to CDN system.
S2: Center Authentication system extracts token corresponding with mark from presetting database.
In some embodiments, the mark and token of each terminal have been stored in advance in the database of Center Authentication system
Mapping relations.Therefore, when Center Authentication learns a certain mark, order corresponding with the mark can be determined based on the mapping relations
Board.
S3: Center Authentication system judges whether the token of the token extracted and terminal is consistent, if unanimously, executing S4,
If inconsistent, failed authentication, process terminates, and Center Authentication system can feed back the message of failed authentication to terminal.
S4: Center Authentication system generates new token.
S5: Center Authentication system obtains the uniform resource locator of edge right discriminating system belonging to terminal.
Wherein, there is no the relationships of absolute sequencing between S4 and S5.
S6: new token and uniform resource locator are sent to terminal by Center Authentication system, so that terminal is based on unification
Resource Locator initiates access request next time.
S7: new token and mark are sent to edge right discriminating system by Center Authentication system, so as to edge right discriminating system pair
The access request next time received is verified.
Wherein, there is no the relationships of absolute sequencing between S6 and S7.
The technical solution provided by the embodiment of the present disclosure can avoid in the prior art using the method for " centralization authentication "
To when the verifying of access request of external device, caused by the long technical problem of Authentication time, using by Center Authentication system
The mode that system and edge right discriminating system authenticate respectively realizes the authentication pressure for reducing Center Authentication system, reduces Center Authentication system
The load of system improves the operational efficiency of Center Authentication system, and then realizes time-saving technical effect.
In some embodiments, when the token of terminal is encrypted token, then in the institute for obtaining access request carrying
It, should before judging whether the token of the token extracted and terminal is consistent after stating the token of terminal and the mark of the terminal
Method further include:
S1 ': public key corresponding with the mark of terminal is extracted from database.
S2 ': encrypted token is decrypted according to public key, obtains the token of terminal.
Realize authentication, it can be achieved that in authentication process by way of " encryption and the decryption " that provides in the embodiment of the present disclosure
Safety and reliability.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of method for authenticating.
Referring to Fig. 2, Fig. 2 is the schematic diagram of the method for authenticating of another embodiment of the disclosure.
As shown in Fig. 2, this method comprises:
S21: edge right discriminating system receives the corresponding token of each terminal and mark that Center Authentication system is sent, wherein
The corresponding token of one terminal and a mark.
S22: edge right discriminating system establishes the token of each terminal and the mapping relations of mark.
S23: it is whole to obtain the target that access request carries for the access request that edge right discriminating system is initiated in response to target terminal
Hold corresponding token and mark.
S24: edge right discriminating system determines target spoke corresponding with the mark of target terminal according to mapping relations.
S25: edge right discriminating system judges whether the token of target spoke and target terminal is consistent, if unanimously, executing
S26, if inconsistent, failed authentication, process terminates, and edge right discriminating system can send the message of failed authentication to terminal.
S26: edge right discriminating system sends the information that the authentication is passed to target terminal.
Terminal can access in CDN system after receiving the information that the authentication is passed.
Certainly, in some embodiments, if the token of target terminal is encrypted token, edge right discriminating system needs
The encrypted token of target terminal is decrypted, for details, reference can be made to the descriptions in above-described embodiment, and details are not described herein again.
In some embodiments, this method further include:
S23 ': the access request initiated in response to target terminal, edge right discriminating system judge whether current operating parameter is full
The access of foot-eye terminal, if satisfied, the corresponding token of target terminal and mark for obtaining that access request carries then are executed, if not
Meet, then executes S24 '.
Wherein, when edge, right discriminating system is unable to operate normally, or when being in overload operation, then the current operation ginseng of explanation
Number is unable to satisfy the access of target terminal.
S24 ': when access request is forwarded to Center Authentication system by edge right discriminating system, so as to Center Authentication system docking
Enter request to be authenticated.
It in the embodiments of the present disclosure, then can be by being carried out by Center Authentication system when edge right discriminating system can not access
Access, and then ensure the reliability and high efficiency of terminal access.
Other side according to an embodiment of the present invention, the embodiment of the invention also provides a kind of sides of accessing terminal to network
Method.
Referring to Fig. 3, Fig. 3 is the schematic diagram of the method for the accessing terminal to network of the embodiment of the present disclosure.
As shown in figure 3, this method comprises:
S31: terminal accesses the triggering information of network in response to getting, and generates the token of carried terminal and the mark of terminal
Access request.
Such as: user is passed through the triggering information or user for issuing access network by way of touching the display of terminal
The mode of phonetic order issues the triggering information of access network.
S32: terminal judges whether access request is access request for the first time, if so, S33 is executed, if it is not, then executing
S34。
S33: access request is sent to Center Authentication system by terminal, is carried out to enter request by Center Authentication system docking
Verifying.
Wherein, the method that Center Authentication system docking enters that request is verified can be found in above-described embodiment, no longer superfluous herein
It states.
S34: access request is sent to edge right discriminating system by terminal, to be carried out by edge right discriminating system to access request
Verifying.
Wherein, the method that edge right discriminating system verifies access request can be found in above-described embodiment, no longer superfluous herein
It states.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of Center Authentication system.
Referring to Fig. 4, Fig. 4 is the schematic diagram of the Center Authentication system of the embodiment of the present disclosure.
As shown in figure 4, the Center Authentication system includes:
First obtains module 1, for the access request in response to receiving, obtains the token for the terminal that access request carries
With the mark of terminal, wherein access request includes the access request for the first time initiated by terminal and/or forwarded by edge right discriminating system
Terminal initiate access request;
Extraction module 2, for extracting token corresponding with mark from presetting database;
Whether the token of first judgment module 3, token and terminal for judging to extract is consistent;
First generation module 4, if generating new token for consistent;
First acquisition module 1 is also used to, and obtains the uniform resource locator of edge right discriminating system belonging to terminal;
First sending module 5, for new token and uniform resource locator to be sent to terminal, so that terminal is based on system
One Resource Locator initiates access request next time;
First sending module 5 is also used to, and new token and mark are sent to edge right discriminating system, is so that edge authenticates
System verifies the access request next time received.
In conjunction with Fig. 4 it is found that in some embodiments, Center Authentication system further include:
Extraction module 2 is also used to, and public key corresponding with the mark of terminal is extracted from database;
Deciphering module 6 obtains the token of terminal for encrypted token to be decrypted according to public key.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of edge right discriminating system.
Referring to Fig. 5, Fig. 5 is the schematic diagram of the edge right discriminating system of the embodiment of the present disclosure.
As shown in figure 5, the edge right discriminating system includes:
Receiving module 21, for receiving the corresponding token of each terminal and mark of the transmission of Center Authentication system, wherein one
The corresponding token of a terminal and a mark;
Module 22 is established, for establishing the token of each terminal and the mapping relations of mark;
Second obtains module 23, and the access request for initiating in response to target terminal obtains the mesh that access request carries
Mark the corresponding token of terminal and mark;
Determining module 24, for determining target spoke corresponding with the mark of target terminal according to mapping relations;
Whether the second judgment module 25, the token for judging target spoke and target terminal are consistent;
Second sending module 26, if sending the information that the authentication is passed to target terminal for consistent.
In conjunction with Fig. 5 it is found that in some embodiments, edge right discriminating system further include:
Second judgment module 25 is also used to, and in response to the access request that target terminal is initiated, judges that current operating parameter is
The no access for meeting target terminal;
Second acquisition module 23 is also used to, and obtains the corresponding order of target terminal that access request carries if satisfied, then executing
Board and mark;
Forwarding module 27, for if not satisfied, access request is then forwarded to Center Authentication system, so as to Center Authentication system
System authenticates access request.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of terminal.
Referring to Fig. 6, Fig. 6 is the schematic diagram of the terminal of the embodiment of the present disclosure.
As shown in fig. 6, the terminal includes:
Second generation module 31 generates the token of carried terminal for the triggering information in response to getting access network
With the access request of the mark of terminal;
Third judgment module 32, for judging whether access request is access request for the first time;
Third sending module 33, if access request is then sent to Center Authentication system for access request for the first time, with
Just enter request by Center Authentication system docking to be verified;
Third sending module 33 is also used to, if not access request for the first time, then be sent to edge authentication system for access request
System, to be verified by edge right discriminating system to access request.
According to the other side of the embodiment of the present disclosure, the embodiment of the present disclosure additionally provides a kind of right discriminating system.
Referring to Fig. 7, Fig. 7 is the schematic diagram of the right discriminating system of the embodiment of the present disclosure.
As shown in fig. 7, the right discriminating system includes:
Center Authentication system 100 described in any embodiment as above;
Edge right discriminating system 200 described in any embodiment as above;
Terminal 300 described in any embodiment as above.
Reader should be understood that in the description of this specification reference term " one embodiment ", " is shown " some embodiments "
The description of example ", " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, structure
Or feature is included at least one embodiment or example of the invention.In the present specification, to the schematic of above-mentioned term
Statement need not be directed to identical embodiment or example.Moreover, specific features, structure or the feature of description can be any
It can be combined in any suitable manner in a or multiple embodiment or examples.In addition, without conflicting with each other, the technology of this field
The feature of different embodiments or examples described in this specification and different embodiments or examples can be combined by personnel
And combination.
It is apparent to those skilled in the art that for convenience of description and succinctly, the dress of foregoing description
The specific work process with unit is set, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can select some or all of unit therein according to the actual needs to realize the mesh of the embodiment of the present invention
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product
To be stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention substantially or
Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products
Out, which is stored in a storage medium, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes all or part of each embodiment method of the present invention
Step.And storage medium above-mentioned include: USB flash disk, it is mobile hard disk, read-only memory (ROM, Read-Only Memory), random
Access various Jie that can store program code such as memory (RAM, Random Access Memory), magnetic or disk
Matter.
It should also be understood that magnitude of the sequence numbers of the above procedures are not meant to execute sequence in various embodiments of the present invention
It is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention
Journey constitutes any restriction.
More than, only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, and it is any to be familiar with
Those skilled in the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or substitutions,
These modifications or substitutions should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be wanted with right
Subject to the protection scope asked.
Claims (10)
1. a kind of method for authenticating, which is characterized in that the described method includes:
In response to the access request received, the token for the terminal that the access request carries and the mark of the terminal are obtained,
Wherein, the access request includes the access request for the first time initiated by the terminal and/or the institute that is forwarded by edge right discriminating system
State the access request of terminal initiation;
Token corresponding with the mark is extracted from presetting database;
Judge whether the token extracted is consistent with the token of the terminal;
If consistent, new token is generated;
Obtain the uniform resource locator of edge right discriminating system belonging to the terminal;
The new token and the uniform resource locator are sent to the terminal, so that the terminal is based on the unification
Resource Locator initiates access request next time;
The new token and the mark are sent to the edge right discriminating system, so that the edge right discriminating system is to reception
To the access request next time verified.
2. the method according to claim 1, wherein when the token of the terminal be encrypted token when, then
After the token of the terminal for obtaining the access request carrying and the mark of the terminal, the judgement is extracted
Token and the terminal token it is whether consistent before, the method also includes:
Public key corresponding with the mark of the terminal is extracted from the database;
The encrypted token is decrypted according to the public key, obtains the token of the terminal.
3. a kind of method for authenticating, which is characterized in that the described method includes:
Receive the corresponding token of each terminal and mark that Center Authentication system is sent, wherein a terminal is one corresponding
The token and a mark;
Establish the token of each terminal and the mapping relations of mark;
In response to the access request that target terminal is initiated, the corresponding token of the target terminal that the access request carries is obtained
And mark;
Target spoke corresponding with the mark of the target terminal is determined according to the mapping relations;
Judge whether the target spoke is consistent with the token of the target terminal;
If consistent, the information that the authentication is passed is sent to the target terminal.
4. according to the method described in claim 3, it is characterized in that, the access initiated in response to the target terminal is asked
It asks, the method also includes:
Judge whether current operating parameter meets the access of the target terminal;
If satisfied, then executing the corresponding token of the target terminal and mark for obtaining the access request carrying;
If not satisfied, the access request is then forwarded to the Center Authentication system, so that the Center Authentication system is to institute
Access request is stated to be authenticated.
5. a kind of Center Authentication system, which is characterized in that the Center Authentication system includes:
First obtains module, for the access request in response to receiving, obtains the token for the terminal that the access request carries
With the mark of the terminal, wherein the access request includes the access request for the first time initiated by the terminal and/or by edge
The access request that the terminal of right discriminating system forwarding is initiated;
Extraction module, for extracting token corresponding with the mark from presetting database;
Whether first judgment module, the token for judging to extract are consistent with the token of the terminal;
First generation module, if generating new token for consistent;
The first acquisition module is also used to, and obtains the uniform resource locator of edge right discriminating system belonging to the terminal;
First sending module, for the new token and the uniform resource locator to be sent to the terminal, with toilet
State the access request of terminal next time based on uniform resource locator initiation;
First sending module is also used to, and the new token and the mark are sent to the edge right discriminating system, with
Toilet is stated edge right discriminating system and is verified to the access request described in receiving next time.
6. Center Authentication system according to claim 5, which is characterized in that the Center Authentication system further include:
The extraction module is also used to, and extracts public key corresponding with the mark of the terminal from the database;
Deciphering module obtains the token of the terminal for the encrypted token to be decrypted according to the public key.
7. a kind of edge right discriminating system, which is characterized in that the edge right discriminating system includes:
Receiving module, for receiving the corresponding token of each terminal and mark of the transmission of Center Authentication system, wherein described in one
The corresponding token of terminal and a mark;
Module is established, for establishing the token of each terminal and the mapping relations of mark;
Second obtains module, and the access request for initiating in response to target terminal obtains the described of the access request carrying
The corresponding token of target terminal and mark;
Determining module, for determining target spoke corresponding with the mark of the target terminal according to the mapping relations;
Second judgment module, for judging whether the target spoke is consistent with the token of the target terminal;
Second sending module, if sending the information that the authentication is passed to the target terminal for consistent.
8. edge right discriminating system according to claim 7, which is characterized in that the edge right discriminating system further include:
Second judgment module is also used to, and in response to the access request that the target terminal is initiated, judges current operation
Whether parameter meets the access of the target terminal;
The second acquisition module is also used to, if satisfied, then executing the target end for obtaining the access request and carrying
Hold corresponding token and mark;
Forwarding module, for if not satisfied, the access request is then forwarded to the Center Authentication system, so as to the center
Right discriminating system authenticates the access request.
9. a kind of right discriminating system, which is characterized in that the right discriminating system includes:
Such as Center Authentication system described in claim 5 or 6;
Edge as claimed in claim 7 or 8 right discriminating system.
10. right discriminating system according to claim 9, which is characterized in that the right discriminating system further includes terminal, the terminal
Include:
Second generation module generates the token and terminal of carried terminal for the triggering information in response to getting access network
Mark access request;
Third judgment module, for judging whether the access request is access request for the first time;
Third sending module, if the access request is then sent to Center Authentication system for access request for the first time, so as to
The access request is verified by the Center Authentication system;
The third sending module is also used to, if not access request for the first time, then be sent to edge authentication for the access request
System, to be verified by the edge right discriminating system to the access request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646294.8A CN110191139A (en) | 2019-07-17 | 2019-07-17 | A kind of method for authenticating and system, the method for accessing terminal to network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646294.8A CN110191139A (en) | 2019-07-17 | 2019-07-17 | A kind of method for authenticating and system, the method for accessing terminal to network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110191139A true CN110191139A (en) | 2019-08-30 |
Family
ID=67725744
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910646294.8A Pending CN110191139A (en) | 2019-07-17 | 2019-07-17 | A kind of method for authenticating and system, the method for accessing terminal to network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110191139A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021115270A1 (en) * | 2019-12-10 | 2021-06-17 | 华为技术有限公司 | Edge application management method, and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106961451A (en) * | 2017-05-25 | 2017-07-18 | 网宿科技股份有限公司 | Method for authenticating, right discriminating system, fringe node and authentication server in CDN |
CN108038722A (en) * | 2017-12-07 | 2018-05-15 | 深圳慧逛信息服务有限公司 | A kind of interactive marketing system |
CN108377245A (en) * | 2018-02-26 | 2018-08-07 | 湖南科技学院 | A kind of optimizing demonstration method and system of network insertion request |
CN108881280A (en) * | 2018-07-11 | 2018-11-23 | 中国联合网络通信集团有限公司 | Cut-in method, content distribution network system and access system |
US20190171795A1 (en) * | 2017-12-04 | 2019-06-06 | Arris Enterprises Llc | System and method to limit content distribution |
CN110177102A (en) * | 2019-05-28 | 2019-08-27 | 深圳市网心科技有限公司 | Anti-attack method, electronic equipment, system and medium based on fringe node |
-
2019
- 2019-07-17 CN CN201910646294.8A patent/CN110191139A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106961451A (en) * | 2017-05-25 | 2017-07-18 | 网宿科技股份有限公司 | Method for authenticating, right discriminating system, fringe node and authentication server in CDN |
US20190171795A1 (en) * | 2017-12-04 | 2019-06-06 | Arris Enterprises Llc | System and method to limit content distribution |
CN108038722A (en) * | 2017-12-07 | 2018-05-15 | 深圳慧逛信息服务有限公司 | A kind of interactive marketing system |
CN108377245A (en) * | 2018-02-26 | 2018-08-07 | 湖南科技学院 | A kind of optimizing demonstration method and system of network insertion request |
CN108881280A (en) * | 2018-07-11 | 2018-11-23 | 中国联合网络通信集团有限公司 | Cut-in method, content distribution network system and access system |
CN110177102A (en) * | 2019-05-28 | 2019-08-27 | 深圳市网心科技有限公司 | Anti-attack method, electronic equipment, system and medium based on fringe node |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021115270A1 (en) * | 2019-12-10 | 2021-06-17 | 华为技术有限公司 | Edge application management method, and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3068093B1 (en) | Security authentication method and bidirectional forwarding detection method | |
CN109413201B (en) | SSL communication method, device and storage medium | |
EP3432523A1 (en) | Method and system for connecting virtual private network by terminal, and related device | |
US6892308B1 (en) | Internet protocol telephony security architecture | |
CN110099048B (en) | Cloud storage method and equipment | |
EP3182673A1 (en) | Main stream connection establishment method and device based on mptcp | |
CN111783068A (en) | Device authentication method, system, electronic device and storage medium | |
EP2981022B1 (en) | Method and system for transmitting and receiving data, method and device for processing message | |
CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
US10148636B2 (en) | Authentication methods and apparatus | |
CN104145465A (en) | Group based bootstrapping in machine type communication | |
CN106549925A (en) | Prevent method, the apparatus and system of cross-site request forgery | |
CN110958119A (en) | Identity verification method and device | |
CN109716725B (en) | Data security system, method of operating the same, and computer-readable storage medium | |
CN102638468A (en) | Method, sending end, receiving end and system for protecting information transmission safety | |
CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
US9887967B2 (en) | Portable security device, method for securing a data exchange and computer program product | |
CN113572765A (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
CN111031053A (en) | Identity authentication method and device, electronic equipment and readable storage medium | |
US10931662B1 (en) | Methods for ephemeral authentication screening and devices thereof | |
CN106712959A (en) | Implementation method and system of communication safety | |
CN106603512A (en) | SDN (software define network) architecture IS (Intermediate System)-IS (Intermediate System) routing protocol-based trusted authentication method | |
CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
CN110191139A (en) | A kind of method for authenticating and system, the method for accessing terminal to network | |
EP3361691B1 (en) | Method and device for verifying validity of identity of entity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190830 |
|
RJ01 | Rejection of invention patent application after publication |