CN112202559A - Method and system for automatically registering management server - Google Patents
Method and system for automatically registering management server Download PDFInfo
- Publication number
- CN112202559A CN112202559A CN202011431768.6A CN202011431768A CN112202559A CN 112202559 A CN112202559 A CN 112202559A CN 202011431768 A CN202011431768 A CN 202011431768A CN 112202559 A CN112202559 A CN 112202559A
- Authority
- CN
- China
- Prior art keywords
- address
- client
- server
- management server
- partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a method and a system for automatically registering a management server, and relates to the field of communication. The method comprises the following steps: when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address; the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; the client sends the first IP address to the management server according to the second IP address sent by the partition server; when the authentication agent list comprises a first IP address, the management server acquires a shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; obtaining an authentication agent file according to a preset encryption key, a shared key, a first IP address and a third IP address; sending an authentication agent file to the client according to the first IP address; the client saves the authentication agent file.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and system for automatically registering a management server.
Background
A dynamic password (OTP, One-time password) is also called a One-time password, and is a strong authentication technology implemented by using a cryptographic technology to share a secret key between a client and a management server, so that One-time authentication is implemented to generate a dynamic password, and the dynamic password is used and then is invalidated; at present, dynamic password authentication is a very important two-factor authentication technology for enhancing static password authentication, and the application is very common; to perform two-factor authentication using the dynamic password technique, the file acquisition operation and the two-factor installation operation must be completed first:
the file acquisition operation specifically comprises the following steps: a user or an administrator of the management server manually copies the client IP address; the method comprises the steps that a client IP address is obtained from a mobile carrier (or communication software such as WeChat, Paibao and mail) comprising a U disk, a network disk and the like and is manually transmitted to a management server; the management server encrypts the client IP address, the management server IP address and the shared key to obtain an authentication agent file; transmitting the authentication agent file and the file compression package to the client through a mobile carrier or communication software;
furthermore, the two-factor installation operation is specifically: transmitting the file compression package and the authentication agent file to a client (a virtual machine or a physical machine) through a transport carrier; decompressing the file compression package to obtain a file installation package, wherein a user needs to manually input an authentication proxy path in the process of installing the file installation package, a two-factor installation operation is completed after the user confirms to enter the car, and then a first configuration file (for example, sshd files under/etc/pam.d path and the like) and a second configuration file (for example, sshd _ config files under/etc/ssh path) in the client login authentication module need to be manually modified; then restarting the service, and finally completing the two-factor installation operation. The existing file acquiring operation and two-factor installation operation have the following problems:
firstly, acquiring a file operation and a two-factor installation operation, wherein manual participation is required, for example, a first configuration file and a second configuration file of a login authentication module must be modified manually; manually modifying the configuration file is easy to make mistakes and takes long time; the operation of installation, decompression and the like takes long time; secondly, in the file obtaining operation, the client gives the IP address of the client to the management server; an administrator who needs to wait for the management server generates an authentication agent file according to the IP address of the client, and the time consumption is long; at present, a plurality of different management servers are deployed according to different areas such as public areas, internet areas and the like, the IP addresses of the different management servers are different, a large number of clients need to register the different management servers according to different areas, the workload of an administrator of the management server is increased, and the time consumed by the administrator of the management server for generating the authentication agent file according to the IP addresses of the clients is longer; based on the problems, the existing file acquisition operation and the existing two-factor installation operation are not suitable for the two-factor authentication of the large-batch installation required by the client; there is a need for a new method and system for automatically registering a management server to solve the above problems.
Disclosure of Invention
In order to solve the technical defects in the prior art, the invention provides a method and a system for automatically registering a management server.
The invention provides a method for automatically registering a management server, which comprises the following steps:
step S01: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step S02: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
step S03: the client sends a first IP address to the management server according to the second IP address;
step S04: the management server determines whether the stored authentication agent list includes the first IP address, if so, step S05 is executed; otherwise, sending error information to the client;
step S05: the management server acquires a shared secret key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
step S06: and the client saves the authentication agent file.
The invention also provides a method for automatically registering a management server, which comprises the following steps:
step R01: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step R02: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
step R03: the client sends a first IP address to the management server according to the second IP address;
step R04: the management server sends a first IP address to an authorization server;
step R05: the authorization server acquires an access token and correspondingly stores a first IP address and the access token; sending a first IP address and an access token to the management server;
step R06: the management server sends a first IP address and an access token to the authorization server;
step R07: the authorization server acquires an access token stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing the step R08; if the client side fails to verify, error reporting information is sent to the client side through the management server;
step R08: the management server receives verification success information; acquiring a shared secret key;
step R09: the management server encrypts the shared key, the first IP address and the second IP address of the management server by using a preset encryption key to obtain authentication proxy ciphertext data, and generates an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
step R10: and the client receives and stores the authentication agent file.
The invention also provides a system for automatically registering the management server, which comprises a client, a partition server and a management server;
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for judging whether the stored authentication agent list comprises a first IP address or not, and if so, acquiring a shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; otherwise, sending error information to the client;
the client is also used for storing the authentication agent file.
The invention also provides a system for automatically registering the management server, which comprises a client, a partition server, a management server and an authorization server;
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for sending a first IP address to the authorization server;
the authorization server is used for acquiring the access token and correspondingly storing the first IP address and the access token; sending a first IP address and an access token to the management server;
the management server is further used for sending a first IP address and an access token to the authorization server;
the authorization server is further used for acquiring an access token stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and receiving the authentication success information; acquiring a shared secret key; encrypting the shared key, the first IP address and the second IP address of the user by using a preset encryption key to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; if the client side fails to verify, error reporting information is sent to the client side through the management server;
and the client is also used for receiving and storing the authentication agent file.
The beneficial effects achieved by adopting the technical scheme are as follows: the invention provides a method and a system for automatically registering a management server; the method can greatly reduce the manual participation in the two-factor authentication installation process, reduce the error probability in the installation process and improve the accuracy of the installation process; the time of the two-factor authentication installation process is saved; in the method, the client communicates with the management server in the area where the client is located automatically and accurately through communication with the partition server to automatically generate the authentication proxy file, so that the process of manually generating the authentication proxy file is reduced, the error probability is reduced, and the time is saved; the method is more suitable for the condition of installing the double-factor authentication on the large-batch client side, and meets the requirement of the client needing to install the double-factor authentication on the large-batch client side.
Drawings
Fig. 1 is a flowchart of a method for automatically registering a management server according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a method for automatically registering a management server according to embodiment 2 of the present invention;
fig. 3 is a flowchart of a method for automatically registering a management server according to embodiment 3 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example 1
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services. The method is shown in fig. 1 and comprises the following steps:
step 101: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step 102: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
optionally, in step 102, the method further includes: the partition server judges whether a first IP address exists in the stored business service partition table, and if yes, a second IP address of a management server corresponding to the client is determined according to the first IP address and the business service partition table; otherwise, sending error information to the client.
Optionally, in step 102, the partition server determines, according to the first IP address and the service partition table, a second IP address of the management server corresponding to the client, which specifically is: and the partition server acquires a second IP address which is stored corresponding to the first IP address from the stored business service partition table.
Step 103: the client sends the first IP address to the management server according to the second IP address;
optionally, in step 105, the management server determines a third IP address of the authentication server according to the first IP address and the authentication proxy list, specifically: the management server acquires a third IP address of the authentication server which is stored in the authentication agent list and corresponds to the first IP address;
accordingly, the first IP address is stored in the authentication agent list in correspondence with the at least one third IP address.
Step 104: the management server judges whether the stored authentication agent list comprises a first IP address, if so, the step 105 is executed; otherwise, sending error information to the client;
step 105: the management server acquires a shared secret key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
optionally, in step 105, an authentication proxy file is generated according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address, and replacing the authentication agent file with: the management server sends authentication agent ciphertext data to the client according to the first IP address;
correspondingly, before step 106, the method further includes: the client receives authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
Optionally, in step 105, obtaining the shared key specifically includes: the management server randomly generates a shared secret key;
correspondingly, or specifically, the management server randomly selects a shared key from the preset key list;
accordingly, or specifically, the management server obtains the shared keys sequentially from the preset key list according to the preset order.
Optionally, in step 105, encrypting the shared key, the first IP address, and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication proxy ciphertext data, specifically: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and a third IP address corresponding to the first IP address; and encrypting the data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data.
Step 106: the client saves the authentication agent file.
Optionally, the method in this embodiment further includes step 100;
accordingly, step 100: when the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
correspondingly, the client data sheet at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
further, step 100 comprises the steps of:
further correspondingly, step 100-01: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
further correspondingly, steps 100-02: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step 100-03 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing step 100-04;
further correspondingly, steps 100-03: the partition server correspondingly stores the current first IP address and the current second IP address to a business service partition table, and executes the step 100-04;
further correspondingly, steps 100-04: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step 100-02 is returned; if the next first IP address is not acquired, step 101 is executed.
Optionally, step 106 is replaced by: the client updates the original proxy file with the authentication proxy file.
Optionally, the method in this embodiment further includes the following steps:
accordingly, step 107: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
accordingly, step 108: and the authentication server executes the client verification operation according to the user account and the dynamic token, and the operation is finished.
Optionally, in step 101 and step 102, the first IP address is replaced with the MAC address of the client.
Optionally, the method in this embodiment further includes: if the client receives the error information, the client finishes the error reporting.
Optionally, the management server and the authentication server share one IP address, and the second IP address is equal to the third IP address;
accordingly, step 102 is replaced with: the partition server determines a second IP address and a management port identifier of a management server of the area where the client is located according to the first IP address and the business service partition table; sending a second IP address and a management port identifier to the client;
accordingly, step 103 is replaced by: the client sends the first IP address to the management server according to the second IP address and the management port identifier;
accordingly, step 105 is replaced with: the management server acquires a shared secret key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address, a third IP address corresponding to the first IP address and the authentication port identification by using a preset encryption key to obtain authentication proxy ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; and sending the authentication agent file to the client according to the first IP address.
The present embodiment further provides a method for automatically registering a management server, including the following steps:
step Q01: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step Q02: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
step Q03: the client sends the first IP address to the management server according to the second IP address;
step Q04: the management server sends a first IP address to the authorization server;
step Q05: the authorization server acquires the access token and correspondingly stores the first IP address and the access token; sending the first IP address and the access token to a management server;
step Q06: the management server sends a first IP address and an access token to the authorization server;
step Q07: the authorization server acquires an access token stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing a step Q08; if the client side fails to verify, error reporting information is sent to the client side through the management server;
step Q08: the management server receives verification success information; acquiring a shared secret key;
step Q09: the management server encrypts the shared key, the first IP address and the second IP address of the management server by using a preset encryption key to obtain authentication proxy ciphertext data, and generates an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
step Q10: and the client receives and stores the authentication agent file.
Optionally, the method in this implementation further includes: when the partition server receives the business service partition table, the partition server stores the business service partition table;
further, the method in this implementation further includes step Q0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
further correspondingly, step Q04 is specifically: and the management server sends the first IP address to the authorization server according to the stored fourth IP address.
Further, step Q0 includes the following steps:
further correspondingly, step Q0-31: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
further correspondingly, steps Q0-32: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step Q0-33 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step Q0-34;
further correspondingly, steps Q0-33: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step Q0-34;
further correspondingly, steps Q0-34: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step Q0-32 is returned; if the next first IP address is not acquired, step Q01 is executed.
Optionally, the method further comprises step Q0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
correspondingly, the client data sheet at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server of the area where the client is located and the port type of the management server;
correspondingly, the management server and the authorization server share one second IP address;
further, step Q0 includes the following steps:
further correspondingly, step Q0-41: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
further correspondingly, steps Q0-42: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step Q0-43 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step Q0-44;
further correspondingly, steps Q0-43: the method comprises the steps that a partition server obtains a management port identifier of a management server; correspondingly storing the current first IP address, the current second IP address and the management port identification to a business service partition table, and executing a step Q0-44;
further correspondingly, steps Q0-44: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step Q0-42 is returned; if the next first IP address is not obtained, executing step Q01;
further correspondingly, step Q04 is specifically: the management server sends the first IP address to the authorization server.
Alternatively, step Q02-step Q05 is replaced with step Q14 to step Q16:
accordingly, step Q14: the partition server determines a second IP address of a management server of the area where the client is located and a fourth IP address of the authorization server according to the first IP address and the business service partition table; sending the second IP address and the fourth IP address to the client;
accordingly, step Q14: the client sends the first IP address to the authorization server according to the fourth IP address;
accordingly, step Q15: the authorization server acquires the access token and correspondingly stores the first IP address and the access token; sending an access token to the client;
accordingly, step Q16: the second IP address of the client sends the first IP address and the access token to the management server;
further, the method in this embodiment further includes step Q0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and a fourth IP address of the authorization server;
further correspondingly, step Q04 is specifically: the management server sends the first IP address to the authorization server according to the stored fourth IP address;
further, step Q0 includes the steps of:
still further correspondingly, steps Q0-51: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
still further correspondingly, steps Q0-52: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step Q0-53 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step Q0-54;
still further correspondingly, steps Q0-53: the partition server acquires a fourth IP address of the authorization server corresponding to the management server of the area where the client corresponding to the current first IP address is located, correspondingly stores the current first IP address, the current second IP address and the current fourth IP address to the service partition table, and executes step Q0-54;
still further correspondingly, steps Q0-54: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step Q0-52 is returned; if the next first IP address is not acquired, step Q01 is executed.
Alternatively, step Q02-step Q05 is replaced with step Q22 to step Q26;
accordingly, step Q22: the partition server determines a second IP address of a management server and an authorization server of the area where the client is located according to the first IP address and the business service partition table; acquiring a management port identifier and an authorized port identifier corresponding to the first IP address; sending the second IP address, the management port identification and the authorized port identification to the client;
accordingly, step Q23: the client sends the first IP address to the authorization server according to the second IP address and the authorization port identifier;
accordingly, step Q25: the authorization server acquires the access token and correspondingly stores the first IP address and the access token; sending an access token to the client;
accordingly, step Q26: the client sends the first IP address and the access token to the management server through the second IP address and the management port identifier;
further, the method in this embodiment further includes step Q0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and the authorization server, a management port identifier of the management server and an authorization port identifier of the authorization server;
further correspondingly, step Q04 is specifically: the management server sends the first IP address to the authorization server according to the stored fourth IP address;
further, step Q0 includes the steps of:
still further correspondingly, steps Q0-41: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
still further correspondingly, steps Q0-42: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step Q0-43 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step Q0-44;
still further correspondingly, steps Q0-43: the partition server acquires a management port identifier and an authorized port identifier corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address, the management port identifier and the authorization port identifier to the business service partition table, and executing a step Q0-44;
still further correspondingly, steps Q0-44: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step Q0-42 is returned; if the next first IP address is not acquired, step Q01 is executed.
Optionally, in step Q07, performing client authentication according to the received access token and the obtained access token, specifically: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client-side verification is successful, otherwise, the client-side verification fails.
Alternatively, step Q09 is replaced with: the management server encrypts the shared key, the first IP address and the stored second IP address by using a preset encryption key to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
correspondingly, before the step Q10, the method further includes: the client receives authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
Optionally, the method further comprises the steps of:
accordingly, step Q11: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
accordingly, step Q12: and the authentication server executes the client verification operation according to the user account and the dynamic token, and the operation is finished.
Example 2
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services.
In the embodiment, the client presets a first IP address of the client; the partition server presets own partition IP address; the management server presets a second IP address of the management server;
the embodiment provides a method for automatically registering a management server, as shown in fig. 2, including the following steps:
step 201: starting a client; when receiving a partition IP address input manually, the client sends a first IP address of the client to a partition server according to the partition IP address;
for example, client initiated; upon receiving the manually entered partition IP address (192.168.16.22), the client sends its own first IP address (192.168.16.11) to the partition server according to the partition IP address (192.168.16.22).
Step 202: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing a step 203, otherwise, sending error reporting information to the client, and executing a step C21;
for example, the partition server receives a first IP address (192.168.16.11); and judging whether a first IP address exists in the stored business service partition table (192.168.16.11), if so, executing the step 203, otherwise, sending error reporting information { "errorCode": 1), "message": client IP does not exist } to the client, and executing the step C21.
Step C21: the client receives the error reporting information and the error reporting is finished;
for example, the client receives error information { "error code": 1"," message ": client IP does not exist" }, and error reporting is finished.
For example, the business service partition table is
First IP Address and second IP Address
192.168.16.11 192.168.16.35
The business service partition table at least comprises a first IP address of the client and a second IP address of the management server of the area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client and a second IP address of a management server of an area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D21: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D21 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D21 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D21 includes the steps of:
step D21-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D21-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D21-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D21-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D21-24.
Step D21-13: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D21-14;
step D21-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D21-12 is returned; if the next first IP address is not acquired, step 201 is executed.
Further, step D21 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D21 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D21 includes the steps of:
step D21-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D21-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D21-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D21-24.
Step D21-23: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D21-24;
step D21-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D21-22 is returned; if the next first IP address is not acquired, step 201 is executed.
Step 203: the partition server determines a second IP address of a management server corresponding to the client according to the received first IP address and the business service partition table; sending the second IP address to the client;
optionally, the determining, by the partition server, the second IP address of the management server corresponding to the client according to the received first IP address and the service partition table specifically includes: and the partition server acquires a second IP address which is stored corresponding to the first IP address from the business service partition table.
Optionally, in steps 201 to 203, the first IP address is replaced with the MAC address of the client.
Step 204: the client receives a second IP address; sending the first IP address to a management server according to the second IP address;
for example, the client receives a second IP address (192.168.16.35); the first IP address (192.168.16.11) is sent to the management server according to the second IP address (192.168.16.35).
Optionally, after this step, the method further includes: the management server checks the client validity according to the received first IP address and the trusted list, and if the client is legal, the step 205 is executed; if the client is not eligible to send an error message to the client, step C21 is performed.
Step 205: the management server judges whether a preset authentication agent list comprises a first IP address, if so, step 206 is executed; otherwise, sending error information to the client, and executing the step C21;
for example, the management server determines whether the preset authentication agent list includes the first IP address (192.168.16.11), if yes, step 206 is executed; otherwise, sending error information { "error code": 101"," message ": authentication proxy IP does not exist } to the client, and executing the step C21;
step C21: the client receives the error reporting information and the error reporting is finished;
in this embodiment, the management server stores an authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client and a second IP address of the management server;
for example, the list of authentication agents is
First IP Address and second IP Address
192.168.16.11 192.168.16.35
Step 206: the management server determines a third IP address of the authentication server corresponding to the client according to the first IP address and the authentication agent list;
optionally, the step specifically includes: the management server determines a third IP address of the authentication server corresponding to the first IP address according to the first IP address and the authentication agent list;
optionally, the step is more specifically: the management server acquires a third IP address of the authentication server corresponding to the first IP address from the authentication agent list.
For example, the management server acquires a third IP address (192.168.16.35) of the authentication server corresponding to the first IP address (192.168.16.11) from the authentication agent list.
In this embodiment, the management server presets an authentication agent list; the authentication agent list at least correspondingly stores a first IP address of a client and a third IP address of an authentication server corresponding to the client; the client can correspond to a third IP address; the client can also simultaneously correspond to a plurality of third IP addresses; in the authentication proxy list, the first IP address of the client corresponds to the third IP address of the at least one authentication server.
Step 207: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server acquires a shared secret key from the secret key storage area;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
for example, the management server randomly generates a shared key 123456.
Optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step 208: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the third IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
for example, the management server organizes an array of bytes of data to be encrypted 192.168.16.11:123456:192.168.16.35:1915:1916 according to the shared key 123456, the first IP address (192.168.16.11) and the third IP address (192.168.16.35); encrypting data to be encrypted 192.168.16.11:123456:192.168.16.35:1915:1916 by using preset encryption keys gf5& Eo2Q% D7s # AC hash value according to a first preset algorithm RC4 to obtain authentication agent ciphertext data
# b-Ling N' 4"V muscle _ x001D __ x0012_ sits in
8 E | 8 i O-B < F G |
$
Food Weiguggu tuner \ mani K7\ b playing < m firefly ' ^ _ x0012 \\ u
9 _x0019_ "rendition _ x0019_ u9 sweep m ink ぜ G: _ x0019_ 7MR' _ G bouquet 7o _ x0010_2_ x0007_ AYo 0= (Eb _ x0019_ m _ watercolour block ぜ G = (Eb _ x _2_ x0007_ AYo ) = (Eb)
Generating an authentication proxy file according to the authentication proxy ciphertext data; the authentication proxy file is sent to the client based on the first IP address (192.168.16.11).
Step 209: the client receives and stores the authentication agent file, and the process is finished;
optionally, this step is replaced by: the client receives the authentication agent file, updates the original agent file by using the authentication agent file, and ends;
at this moment, before this step, the client presets the original agent file;
optionally, the step specifically includes: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Optionally, after step 209, the following steps 211 to 212 are further included:
step 211: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
In this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token; the authentication server presets a third IP address of the authentication server;
step 212: and the authentication server executes client verification operation according to the user account and the dynamic token, and the operation is finished.
In this embodiment, another method for automatically registering a management server is provided, in which step 208 to step 209 are replaced with step M21 to step M22:
step M21: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M22: and the client receives the authentication agent ciphertext data, generates and stores an authentication agent file according to the authentication agent ciphertext data, and ends.
In this embodiment, another method for automatically registering a management server is provided, in which step 208 to step 209 are replaced with step N21 to step N22:
step N21: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
accordingly, step N22 further includes: the client receives the first IP address.
Step N22: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
The embodiment also provides a method for automatically registering a management server, wherein a client presets a first IP address of the client; the partition server presets own partition IP address; the management server and the authentication server share a second IP address; the method comprises the following steps:
step P01: starting a client; when receiving a partition IP address input manually, the client sends a first IP address of the client to a partition server according to the partition IP address;
step P02: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing a step P03, otherwise, sending error report information to the client, and executing a step C21;
step C21: the client receives the error reporting information and the error reporting is finished;
the business service partition table at least comprises a first IP address of the client and a second IP address of the management server of the area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client and a second IP address of a management server of an area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D21: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D21 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D21 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D21 includes the steps of:
step D21-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D21-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D21-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D21-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D21-24.
Step D21-13: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D21-14;
step D21-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D21-12 is returned; if the next first IP address is not acquired, step P01 is executed.
Further, step D21 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D21 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D21 includes the steps of:
step D21-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D21-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D21-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D21-23 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D21-24.
Step D21-23: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D21-24;
step D21-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D21-22 is returned; if the next first IP address is not acquired, step P01 is executed.
Step P03: the partition server determines a second IP address and a management port identifier of a management server corresponding to the client according to the received first IP address and the business service partition table; sending a second IP address and a management port identifier to the client;
optionally, the determining, by the partition server, the second IP address of the management server corresponding to the client according to the received first IP address and the service partition table specifically includes: and the partition server acquires a second IP address and a management port identifier which are stored corresponding to the first IP address from the business service partition table.
Step P04: the client receives a second IP address and a management port identifier; sending the first IP address to a management server according to the second IP address and the management port identifier;
optionally, after this step, the method further includes: the management server checks the client validity according to the received first IP address and the trusted list, and if the client is legal, the step P05 is executed; if the client is not eligible to send an error message to the client, step C21 is performed.
Step P05: the management server judges whether the preset authentication agent list comprises a first IP address, if so, the step P06 is executed; otherwise, sending error information to the client, and executing the step C21;
step C21: the client receives the error reporting information and the error reporting is finished;
in this embodiment, the management server stores an authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client, a second IP address of the management server and the authentication server and an authentication port identifier of the authentication server;
step P06: the management server determines a second IP address and an authentication port identifier of an authentication server corresponding to the client according to the first IP address and the authentication agent list;
optionally, the step specifically includes: the management server determines a second IP address and an authentication port identifier of the authentication server corresponding to the first IP address according to the first IP address and the authentication agent list;
optionally, the step is more specifically: and the management server acquires a second IP address and an authentication port identifier of the authentication server corresponding to the first IP address from the authentication agent list.
In this embodiment, the management server presets an authentication agent list; the authentication agent list at least correspondingly stores a first IP address of a client and a second IP address and an authentication port identification of an authentication server corresponding to the client; the client can correspond to a third IP address; the client can also simultaneously correspond to a plurality of third IP addresses; in the authentication proxy list, the first IP address of the client corresponds to the second IP address and the authentication port identifier of the at least one authentication server.
Step P07: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server acquires a shared secret key from the secret key storage area;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step P08: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the third IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
step P09: the client receives and stores the authentication agent file;
optionally, this step is replaced by: the client updates and stores the original proxy file by using the authentication proxy file;
further, the client updates and saves the original proxy file by using the authentication proxy file, specifically: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Further, the original proxy file is updated by using the authentication proxy file under the preset proxy path, specifically: the client deletes the original proxy file under the preset proxy path; and saving the authentication agent file to a preset agent path.
Optionally, the method in this embodiment further includes steps P11 to P12:
step P11: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending a user account and a dynamic token to the authentication server according to the second IP address and the authentication port identification of the authentication server;
in this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
Step P12: the authentication server executes client verification operation according to the user account and the dynamic token, and the operation is finished;
in this embodiment, another method for automatically registering a management server is provided, in which the steps P08 to P09 are replaced with the steps M21 to M22:
step M21: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M22: the client receives the authentication agent ciphertext data and generates an authentication agent file according to the authentication agent ciphertext data; step P11 is executed.
In this embodiment, another method for automatically registering a management server is provided, in which the steps P08 to P09 are replaced with the steps N21 to N22:
step N21: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
accordingly, step N22 further includes: the client receives the first IP address.
Step N22: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file; step P11 is executed;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
Example 3
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services.
In the embodiment, the client presets a first IP address of the client; the partition server presets own partition IP address; the management server presets a second IP address of the management server; the authentication server presets a third IP address of the authentication server; the authorization server presets a fourth IP address of the authorization server; the second IP address of the management server is different from the fourth IP address of the authorization server;
the embodiment provides a method for automatically registering a management server, as shown in fig. 3, including the following steps:
step 301: starting a client; when receiving a partition IP address input manually, the client sends a first IP address stored by the client to a partition server according to the partition IP address;
step 302: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing a step 303, otherwise, sending error reporting information to the client, and executing a step C31;
step C31: and the client receives the error reporting information and finishes error reporting.
The business service partition table at least comprises a first IP address of the client and a second IP address of the management server of the area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client and a second IP address of a management server of an area where the client is located, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D31: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D31 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D31 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D31 includes the steps of:
step D31-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D31-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D31-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D31-13: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D31-14;
step D31-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D31-12 is returned; if the next first IP address is not acquired, step 301 is executed.
Further, step D31 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D31 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D31 includes the steps of:
step D31-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D31-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and if the area identifier is acquired, executing the step D31-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D31-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-23 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-24.
Step D31-23: the partition server correspondingly stores the current first IP address and the current second IP address to the business service partition table, and executes the step D31-24;
step D31-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D31-22 is returned; if the next first IP address is not acquired, step 301 is executed.
Step 303: the partition server determines a second IP address of a management server corresponding to the client according to the received first IP address and the business service partition table; sending the second IP address to the client;
optionally, the partition server determines a management server corresponding to the client according to the received first IP address and the service partition table, specifically: and the partition server acquires the management server of which the IP address corresponding to the first IP address is the second IP address from the business service partition table.
Step 304: the client receives a second IP address; sending the first IP address to a management server according to the second IP address;
step 305: the management server receives a first IP address; sending the first IP address to an authorization server according to a preset fourth IP address;
step 306: the authorization server receives a first IP address; obtaining an access token; correspondingly storing the first IP address and the access token; sending an access token and a first IP address to a management server;
optionally, the obtaining the access token specifically includes: the authorization server randomly generates an access token;
optionally, the obtaining the access token specifically includes: the authorization server randomly selects an access token from a preset access token list;
optionally, the obtaining the access token specifically includes: the authorization server obtains access tokens in sequence from a preset access token list according to a preset sequence; for example, the preset order may be an order from the first to the last of the preset access token list; or may be in order from the last to the first of the preset access token list; it may also be that the retrieval starts from an access token in the middle of the preset access token list, and then starts from the middle of the preset access token list.
Step 307: the management server receives the access token and the first IP address; sending the first IP address and the access token to an authorization server;
optionally, after the management server receives the access token and the first IP address, the method further includes the following steps:
step E31: the management server sends an access token to the client according to the first IP address;
step E32: the client receives the access token;
step E33: and the client sends the access token and the first IP address to the management server according to the second IP address.
Optionally, after the management server receives the access token and the first IP address, the method further includes: the management server checks the IP address of the client according to the first IP address and the trusted list, and if the IP address of the client is successfully checked, the management server sends the first IP address and the access token to the authorization server; if the client IP address check fails, sending error information to the client, and executing the step C31;
further, the management server checks the client IP address according to the first IP address and the trusted list, specifically: the management server judges whether the trusted list comprises a first IP address, if so, the client IP address is successfully verified; otherwise, the client IP address check fails.
Further, if the client IP address is successfully verified, the management server judges whether a preset authentication agent list comprises a first IP address, and if so, the management server sends the first IP address and the access token to the authorization server; otherwise, sending error information to the client, and executing the step C31;
at this time, in this embodiment, the management server stores the authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client and a second IP address of the management server.
Optionally, the step specifically includes: and the client receives the error report information, displays the IP address verification failure information of the client and finishes the operation.
Step 308: the authorization server receives the first IP address and the access token; acquiring an access token stored by the user according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing step 309; if the client fails to verify, sending an error message to the management server, and executing step F31;
optionally, the client authentication is performed according to the received access token and the obtained access token, specifically: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client-side verification is successful, otherwise, the client-side verification fails.
Step F31: the management server receives the error information, sends the error information to the client, and executes step F32;
step F32: and the client receives the error reporting information and finishes error reporting.
Step 309: the management server receives verification success information;
step 310: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step 311: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
step 312: the client receives and stores the authentication agent file;
optionally, this step is replaced by: the client updates the original proxy file by using the authentication proxy file;
further, the updating of the original proxy file by the client using the authentication proxy file specifically includes: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Further, the original proxy file is updated by using the authentication proxy file under the preset proxy path, specifically: the client receives an authentication agent file; deleting an original agent file under a preset agent path; and storing the authentication agent file to a preset agent path, and ending.
Optionally, the method in this embodiment further includes the following steps:
step 314: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
in this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
Step 315: and the authentication server executes client verification operation according to the user account and the dynamic token, and the operation is finished.
In this embodiment, another method for automatically registering a management server is provided, in which steps 311 to 312 are replaced with steps M31 to M32:
step M31: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M32: and the client receives the authentication agent ciphertext data, generates an authentication agent file according to the authentication agent ciphertext data and stores the authentication agent file.
In this embodiment, another method for automatically registering a management server is provided, in which steps 311 to 312 are replaced with steps N31 to N32:
step N31: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
accordingly, step N32 further includes: the client receives the first IP address.
Step N32: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file and storing the authentication agent file;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
Example 4
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services.
In the embodiment, the client presets a first IP address of the client; the partition server presets own partition IP address; the management server and the authorization server share a second IP address; the management server and the authorization server preset own second IP addresses, and the management server and the authorization server can be directly communicated with each other; the client can determine to communicate with the management server according to the second IP address and the management port identification.
The embodiment provides a method for automatically registering a management server, which comprises the following steps:
step 401: starting a client; when receiving a partition IP address input manually, the client sends a first IP address stored by the client to a partition server according to the partition IP address;
step 402: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing a step 403, otherwise, executing a step D41;
the business service partition table at least comprises a first IP address of a client, a second IP address of a management server of an area where the client is located and a management port identifier; and the first IP address of the client is correspondingly stored with the second IP address and the management port identification of the management server corresponding to the area where the client is located.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client, a second IP address of a management server of an area where the client is located and a management port identifier; the first IP address of the client is correspondingly stored with the second IP address and the management port identification of the management server corresponding to the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D41: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D41 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D41 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D41 includes the steps of:
step D41-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D41-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D41-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D41-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D41-13: the method comprises the steps that a partition server obtains a management port identifier of a management server; correspondingly storing the current first IP address, the current second IP address and the management port identification to the business service partition table, and executing the step D41-14;
step D41-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D41-12 is returned; if the next first IP address is not acquired, step 401 is executed.
Further, step D41 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D41 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D41 includes the steps of:
step D41-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D41-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D41-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D41-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D41-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D41-24;
step D41-23: a partition server acquires a management port identifier; correspondingly storing the current first IP address, the current second IP address and the management port identification to the business service partition table, and executing the step D41-24;
step D41-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D41-22 is returned; if the next first IP address is not acquired, step 401 is executed.
Step 403: the partition server determines a second IP address of a management server corresponding to the client according to the received first IP address and the business service partition table, and acquires a management port identifier corresponding to the second IP address; sending a second IP address and a management port identifier to the client;
optionally, the partition server determines a second IP address of the management server corresponding to the client according to the received first IP address and the service partition table, and specifically includes: and the partition server acquires the management server of which the IP address corresponding to the first IP address is the second IP address from the business service partition table.
Step 404: the client receives a second IP address and a management port identifier; sending the first IP address to a management server according to the second IP address and the management port identifier;
step 405: the management server receives a first IP address; sending the first IP address to an authorization server;
step 406: the authorization server receives a first IP address; obtaining an access token; correspondingly storing the first IP address and the access token; sending an access token and a first IP address to a management server;
optionally, the obtaining the access token specifically includes: the authorization server randomly generates an access token;
optionally, the obtaining the access token specifically includes: the authorization server randomly selects an access token from a preset access token list;
optionally, the obtaining the access token specifically includes: the authorization server obtains access tokens in sequence from a preset access token list according to a preset sequence; for example, the preset order may be an order from the first to the last of the preset access token list; or may be in order from the last to the first of the preset access token list; it may also be that the retrieval starts from an access token in the middle of the preset access token list, and then starts from the middle of the preset access token list.
Step 407: the management server receives the access token and the first IP address; sending the first IP address and the access token to an authorization server;
optionally, after the management server receives the access token and the first IP address, the method further includes the following steps:
step E31: the authorization server sends an access token to the client according to the first IP address;
step E32: the client receives the access token;
step E33: and the client sends the access token and the first IP address to the management server according to the second IP address and the management port identifier.
Optionally, after the management server receives the access token and the first IP address, the method further includes: the management server checks the IP address of the client according to the first IP address and the trusted list, and if the IP address of the client is successfully checked, the management server sends the first IP address and the access token to the authorization server; if the client IP address check fails, sending error information to the client, and executing the step C41;
further, the management server checks the client IP address according to the first IP address and the trusted list, specifically: the management server judges whether the trusted list comprises a first IP address, if so, the client IP address is successfully verified; otherwise, the client IP address check fails.
Further, if the client IP address is successfully verified, the management server judges whether a preset authentication agent list comprises a first IP address, and if so, the management server sends the first IP address and the access token to the authorization server; otherwise, sending error information to the client, and executing the step C41;
at this time, in this embodiment, the management server stores the authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client and a second IP address of the management server.
Optionally, the step specifically includes: and the client receives the error report information, displays the IP address verification failure information of the client and finishes the operation.
Step 408: the authorization server receives the first IP address and the access token; acquiring an access token according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing the step 409; if the client fails to verify, sending an error message to the management server, and executing step F41;
optionally, the client authentication is performed according to the received access token and the obtained access token, specifically: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client-side verification is successful, otherwise, the client-side verification fails.
Step F41: the management server receives the error information, sends the error information to the client, and executes step F42;
step F42: and the client receives the error reporting information and finishes error reporting.
Step 409: the management server receives verification success information;
step 410: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step 411: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
step 412: the client receives and stores the authentication agent file;
optionally, this step is replaced by: the client updates the original proxy file by using the authentication proxy file, and the process is finished;
further, the client updates the original proxy file by using the authentication proxy file, specifically: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Further, the original proxy file is updated by using the authentication proxy file under the preset proxy path, specifically: the client deletes the original proxy file under the preset proxy path; and storing the authentication agent file to a preset agent path, and ending.
Optionally, the method in this embodiment further includes the following steps 413 to 414:
step 414: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
in this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
Step 414: and the authentication server executes the client verification operation according to the user account and the dynamic token, and the operation is finished.
In this embodiment, another method for automatically registering a management server is provided, in which steps 411 to 412 are replaced with steps M41 to M42:
step M41: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M42: and the client receives the authentication agent ciphertext data, generates an authentication agent file according to the authentication agent ciphertext data and stores the authentication agent file.
In this embodiment, another method for automatically registering a management server is provided, in which steps 411 to 412 are replaced with steps N41 to N42:
step N41: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
accordingly, step N42 further includes: the client receives the first IP address.
Step N42: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file and storing the authentication agent file;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
Example 5
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services.
In the embodiment, the client presets a first IP address of the client; the partition server presets own partition IP address; the management server presets a second IP address of the management server; the authentication server presets a third IP address of the authentication server; the authorization server presets a fourth IP address of the authorization server; the second IP address of the management server authorizes the fourth IP address of the server to be different;
the embodiment provides a method for automatically registering a management server, which comprises the following steps:
step 501: starting a client; when receiving a partition IP address input manually, the client sends a first IP address stored by the client to a partition server according to the partition IP address;
step 502: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing a step 503, otherwise, executing a step C51;
the business service partition table at least comprises a first IP address of the client, a second IP address of a management server of an area where the client is located and a fourth IP address of an authorization server, and the first IP address of the client is stored corresponding to the second IP address of the management server corresponding to the area where the client is located.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client, a second IP address of a management server of an area where the client is located and a fourth IP address of an authorization server, and the first IP address of the client is correspondingly stored with the second IP address of the management server and the fourth IP address of the authorization server corresponding to the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D51: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D51 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D51 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D51 includes the steps of:
step D51-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D51-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D51-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D51-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D51-13: the partition server acquires a fourth IP address corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address and the current fourth IP address to the business service partition table, and executing the step D51-4;
step D51-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D51-12 is returned; if the next first IP address is not acquired, step 501 is executed.
Further, step D51 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D51 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D51 includes the steps of:
step D51-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D51-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and if the area identifier is acquired, executing the step D51-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D51-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D51-23: the partition server acquires a fourth IP address corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address and the current fourth IP address into the business service partition table, and executing the step D51-24;
step D51-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D51-22 is returned; if the next first IP address is not acquired, step 501 is executed.
Step 503: the partition server determines a second IP address of a management server corresponding to the client and a fourth IP address of an authorization server corresponding to the management server according to the received first IP address and the business service partition table; sending the second IP address and the fourth IP address to the client;
optionally, the partition server determines, according to the received first IP address and the service partition table, a second IP address of the management server corresponding to the client and a fourth IP address of the authorization server corresponding to the management server, which specifically includes: and the partition server acquires a second IP address and a fourth IP address which are stored corresponding to the first IP address from the business service partition table.
Step 504: the client receives the second IP address and the fourth IP address; sending the first IP address to the authorization server according to the fourth IP address;
step 505: the authorization server receives a first IP address; obtaining an access token; correspondingly storing the first IP address and the access token; sending an access token to the client;
optionally, the obtaining the access token specifically includes: the authorization server randomly generates an access token;
optionally, the obtaining the access token specifically includes: the authorization server randomly selects an access token from a preset access token list;
optionally, the obtaining the access token specifically includes: the authorization server obtains access tokens in sequence from a preset access token list according to a preset sequence; for example, the preset order may be an order from the first to the last of the preset access token list; or may be in order from the last to the first of the preset access token list; it may also be that the retrieval starts from an access token in the middle of the preset access token list, and then starts from the middle of the preset access token list.
Step 506: the client receives and stores the access token; sending an access token and the first IP address to the management server according to the second IP address;
step 507: the management server receives the access token and the first IP address; sending the first IP address and the access token to an authorization server;
optionally, after the management server receives the access token and the first IP address, the method further includes: the management server checks the IP address of the client according to the first IP address and the trusted list, and if the IP address of the client is successfully checked, the management server sends the first IP address and the access token to the authorization server; if the client IP address check fails, sending error information to the client, and executing the step C51;
further, the management server checks the client IP address according to the first IP address and the trusted list, specifically: the management server judges whether the trusted list comprises a first IP address, if so, the client IP address is successfully verified; otherwise, the client IP address check fails.
Further, if the client IP address is successfully verified, the management server judges whether a preset authentication agent list comprises a first IP address, and if so, the management server sends the first IP address and the access token to the authorization server; otherwise, sending error information to the client, and executing the step C51;
at this time, in this embodiment, the management server stores the authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client and a second IP address of the management server.
Step C51: and the client receives the error reporting information and finishes error reporting.
Optionally, the step specifically includes: and the client receives the error report information, displays the IP address verification failure information of the client and finishes the operation.
Step 508: the authorization server receives the first IP address and the access token; acquiring an access token according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing step 511; if the client fails to verify, sending error information to the management server, and executing step D51;
optionally, the client authentication is performed according to the received access token and the obtained access token, specifically: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client-side verification is successful, otherwise, the client-side verification fails.
Step D51: the management server receives the error information, sends the error information to the client, and executes the step D52;
step D52: and the client receives the error reporting information and finishes error reporting.
Step 509: the management server receives verification success information;
step 510: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step 511: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
step 512: the client receives and stores the authentication agent file;
optionally, this step is replaced by: the client updates the original proxy file by using the authentication proxy file, and the process is finished;
further, the client updates the original proxy file by using the authentication proxy file, specifically: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Further, the original proxy file is updated by using the authentication proxy file under the preset proxy path, specifically: the client deletes the original proxy file under the preset proxy path; and storing the authentication agent file to a preset agent path, and ending.
Optionally, the method in this embodiment further includes the following steps 513 to 514:
step 513: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
in this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
Step 514: and the authentication server executes the client verification operation according to the user account and the dynamic token, and the operation is finished.
In this embodiment, another method for automatically registering a management server is provided, in which step 511 to step 512 are replaced with step M51 to step M51:
step M51: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M52: and the client receives the authentication agent ciphertext data, generates an authentication agent file according to the authentication agent ciphertext data and stores the authentication agent file.
In this embodiment, another method for automatically registering a management server is provided, in which step 511 to step 512 are replaced with step N51 to step N51:
step N51: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
correspondingly, step M52 further includes: the client receives the first IP address.
Step N52: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file and storing the authentication agent file;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
Example 6
The embodiment provides a method for automatically registering a management server, a client side presets a novel system, and the system presets an original proxy file and a two-factor function module comprising OTP authentication; the system also modifies and presets a first configuration file and a second configuration file of the login authentication module in advance, wherein the first configuration file is a configuration file (for example, sshd file) of remote login under the login authentication module and is used for accessing a two-factor authentication function of the remote login; a second configuration file (for example, sshd _ config file), which is a configuration file of an ssh (secure shell) server, and is used for opening a login authentication module; ssh (securehell) is a security protocol established on an application layer basis, and is a protocol dedicated to providing security for telnet sessions and other network services.
In the embodiment, the client presets a first IP address of the client; the partition server presets own partition IP address; the management server and the authorization server share a second IP address in deployment, the management server and the authorization server preset own second IP addresses, and the management server and the authorization server can be directly communicated with each other; the client can determine to communicate with the management server according to the second IP address and the management port identifier;
the embodiment provides a method for automatically registering a management server, which comprises the following steps:
step 601: starting a client; when receiving a partition IP address input manually, the client sends a first IP address stored by the client to a partition server according to the partition IP address;
step 602: the partition server receives a first IP address; judging whether a first IP address exists in the stored business service partition table, if so, executing the step 603, otherwise, executing the step C61;
the business service partition table at least comprises a first IP address of a client, a second IP address of a management server and an authorization server of an area where the client is located, a management port identifier of the management server and an authorization port identifier of the authorization server; and the first IP address of the client is correspondingly stored with the second IP addresses of the management server and the authorization server in the area where the client is positioned, the management port identification of the management server and the authorization port identification of the authorization server.
Optionally, this step is preceded by: when the partition server receives the business service partition table, the partition server stores the business service partition table;
the business service partition table at least comprises a first IP address of a client, a second IP address of a management server and an authorization server of an area where the client is located, a management port identifier of the management server and an authorization port identifier of the authorization server; and the first IP address of the client is correspondingly stored with the second IP addresses of the management server and the authorization server in the area where the client is positioned, the management port identification of the management server and the authorization port identification of the authorization server.
Wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.).
Optionally, this step is preceded by step D61: if the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least comprises a first IP address of the client and an area identifier of an area where the client is located, and the first IP address of the client is correspondingly stored with the area identifier of the area where the client is located;
wherein, the partition server can receive the business service partition table by communication software (including but not limited to WeChat, Payment treasures, mailbox, Facebook and the like); alternatively, the partition server may receive the service partition table by a mobile carrier (including but not limited to a usb disk, a mobile phone storage, a network disk tool, etc.);
further, step D61 is specifically: if the partition server receives the client data table, the partition server acquires a preset business service partition table and updates the business service partition table according to the client data table;
further, step D61 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D61 includes the steps of:
step D61-11: if the partition server receives the client data table, the partition server acquires a preset business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D61-12: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step D61-13 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D61-14;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D61-13: the partition server acquires a management port identifier and an authorized port identifier corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address, the current management port identification and the current authorization port identification to the business service partition table, and executing the step D61-4;
step D61-14: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D61-12 is returned; if the next first IP address is not acquired, step 601 is executed.
Further, step D61 is specifically: if the partition server receives the client data table, the partition server creates a business service partition table and updates the business service partition table according to the client data table;
further, step D61 specifically includes: if the partition server receives the client data table, the partition server respectively determines a management server of an area where the client corresponding to the first IP address is located according to the first IP address and the corresponding area identification in the client data table, and correspondingly stores the first IP address of the client and the second IP address of the area where the client is located to the business service partition table;
still further, step D61 includes the steps of:
step D61-21: if the partition server receives the client data table, the partition server creates a business service partition table; acquiring a first IP address from a client data table as a current first IP address;
step D61-22: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and if the area identifier is acquired, executing the step D61-23 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step D61-24;
optionally, the step specifically includes: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address corresponding to the area identifier from a preset area service corresponding table, and executing the step D31-13 if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, executing step D31-14.
Step D61-23: the partition server acquires a management port identifier and an authorized port identifier corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address, the current management port identification and the current authorization port identification in the service partition table, and executing the step D61-24;
step D61-24: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step D61-22 is returned; if the next first IP address is not acquired, step 601 is executed.
Step 603: the partition server determines a second IP address, a management port identifier and an authorized port identifier corresponding to the client according to the received first IP address and the business service partition table; sending the second IP address, the management port identification and the authorized port identification to the client;
optionally, the partition server determines, according to the received first IP address and the service partition table, a second IP address of the management server corresponding to the client and a fourth IP address of the authorization server corresponding to the management server, which specifically includes: and the partition server acquires a second IP address, a management port identifier and an authorized port identifier which are stored corresponding to the first IP address from the business service partition table.
Step 604: the client receives a second IP address, a management port identifier and an authorized port identifier; sending the first IP address to an authorization server according to the second IP address and the authorization port identifier;
step 605: the authorization server receives a first IP address; obtaining an access token; correspondingly storing the first IP address and the access token; sending an access token to the client;
optionally, the obtaining the access token specifically includes: the authorization server randomly generates an access token;
optionally, the obtaining the access token specifically includes: the authorization server randomly selects an access token from a preset access token list;
optionally, the obtaining the access token specifically includes: the authorization server obtains access tokens in sequence from a preset access token list according to a preset sequence; for example, the preset order may be an order from the first to the last of the preset access token list; or may be in order from the last to the first of the preset access token list; it may also be that the retrieval starts from an access token in the middle of the preset access token list, and then starts from the middle of the preset access token list.
Step 606: the client receives and stores the access token; sending an access token and the first IP address to a management server according to the second IP address and the management port identifier;
step 607: the management server receives the access token and the first IP address; sending the first IP address and the access token to an authorization server;
optionally, after the management server receives the access token and the first IP address, the method further includes: the management server checks the IP address of the client according to the first IP address and the trusted list, and if the IP address of the client is successfully checked, the management server sends the first IP address and the access token to the authorization server; if the client IP address check fails, sending error information to the client, and executing the step C61;
further, the management server checks the client IP address according to the first IP address and the trusted list, specifically: the management server judges whether the trusted list comprises a first IP address, if so, the client IP address is successfully verified; otherwise, the client IP address check fails.
Further, if the client IP address is successfully verified, the management server judges whether a preset authentication agent list comprises a first IP address, and if so, the management server sends the first IP address and the access token to the authorization server; otherwise, sending error information to the client, and executing the step C61;
at this time, in this embodiment, the management server stores the authentication agent list; the authentication agent list at least correspondingly stores a first IP address of the client and a second IP address of the management server.
Step C61: and the client receives the error reporting information and finishes error reporting.
Optionally, the step specifically includes: and the client receives the error report information, displays the IP address verification failure information of the client and finishes the operation.
Step 608: the authorization server receives the first IP address and the access token; acquiring an access token according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing step 611; if the client fails to verify, sending error information to the management server, and executing step D61;
optionally, the client authentication is performed according to the received access token and the obtained access token, specifically: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client-side verification is successful, otherwise, the client-side verification fails.
Step D61: the management server receives the error information, sends the error information to the client, and executes the step D62;
step D62: and the client receives the error reporting information and finishes error reporting.
Step 609: the management server receives verification success information;
step 610: the management server acquires a shared secret key;
optionally, the step specifically includes: the management server randomly generates a shared secret key;
optionally, the step specifically includes: the management server randomly selects a shared key from a preset key list;
optionally, the step specifically includes: the management server acquires the shared keys from the preset key list in sequence according to the preset sequence; for example, the preset order may be an order from the first to the last of the preset key list; or may be in order from the last to the first of the preset key list; it may also be that the key is retrieved sequentially backwards or forwards, starting with a shared key in the middle of the list of preset keys.
Step 611: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file; sending an authentication agent file to the client according to the first IP address;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encrypting in the field of electronic information, and is used for a wireless communication network;
step 612: the client receives and stores the authentication agent file;
optionally, this step is replaced by: the client updates the original proxy file by using the authentication proxy file, and the process is finished;
further, the client updates the original proxy file by using the authentication proxy file, specifically: the client receives an authentication agent file; and updating the original proxy file by using the authentication proxy file under the preset proxy path, and ending.
Further, the original proxy file is updated by using the authentication proxy file under the preset proxy path, specifically: the client deletes the original proxy file under the preset proxy path; and storing the authentication agent file to a preset agent path, and ending.
Optionally, the method in this embodiment further includes the following steps 613 to 614:
step 613: restarting the client; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
in this embodiment, the user account is an account registered by the user on the client; the dynamic token is dynamic password data displayed by the OTP dynamic token;
further, when the input user account and dynamic token are received, the method further comprises the following steps: the client acquires a first IP address of the client, judges whether the authentication proxy file has the first IP address, and determines an available authentication server according to the authentication proxy file if the authentication proxy file has the first IP address; otherwise, error reporting is finished.
Further, determining an available authentication server according to the authentication agent file specifically includes: the client acquires a third IP address from the authentication agent file, and takes the authentication server with the IP address as the third IP address as an available authentication server.
Step 614: and the authentication server executes the client verification operation according to the user account and the dynamic token, and the operation is finished.
In this embodiment, another method for automatically registering a management server is provided, in which steps 611 to 612 are replaced with steps M61 to M61:
step M61: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
step M62: and the client receives the authentication agent ciphertext data, generates an authentication agent file according to the authentication agent ciphertext data and stores the authentication agent file.
In this embodiment, another method for automatically registering a management server is provided, in which steps 611 to 612 are replaced with steps N61 to N61:
step N61: the management server sends the shared key and the second IP address to the client according to the first IP address;
optionally, this step further includes: the management server sends a first IP address to the client;
correspondingly, step M62 further includes: the client receives the first IP address.
Step N62: the client receives the shared key and the second IP address; organizing data to be encrypted according to the shared secret key, the first IP address and the second IP address; encrypting data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain an authentication agent file and storing the authentication agent file;
for example, the first preset algorithm may be an RC4 encryption algorithm; the RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length; the method is an electronic password, a technical means for encryption in the field of electronic information, and is used for a wireless communication network.
Example 7
The embodiment provides a system for automatically registering a management server, which comprises a client, a partition server and a management server:
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of the management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for judging whether the stored authentication agent list comprises a first IP address or not, and if so, acquiring a shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; otherwise, sending error information to the client;
and the client is also used for storing the authentication agent file.
Optionally, the partition server is further configured to, when receiving the client data table, respectively determine, according to the first IP address and the corresponding area identifier in the client data table, a management server of an area where the client corresponding to the first IP address is located, and correspondingly store the first IP address of the client and the second IP address of the area where the client is located in the service partition table;
correspondingly, the client data sheet at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
further, the partition server is further configured to, when receiving the client data table, obtain a first IP address from the client data table as a current first IP address by the partition server;
correspondingly, the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and correspondingly storing the current first IP address and the current second IP address to the service partition table if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, obtaining the next first IP address from the client data table, and if the next first IP address is obtained, taking the obtained first IP address as the current first IP address.
Optionally, the partition server is further configured to determine whether a first IP address exists in the stored service partition table, and if so, determine a second IP address of the management server corresponding to the client according to the first IP address and the service partition table; otherwise, sending error information to the client.
Optionally, the partition server is configured to determine, according to the first IP address and the service partition table, that the second IP address of the management server corresponding to the client is specifically: and the partition server is used for acquiring a second IP address which is stored corresponding to the first IP address from the stored business service partition table.
Optionally, the management server is configured to obtain the shared key, specifically: the management server is used for randomly generating a shared key;
accordingly, or specifically: the management server is used for randomly selecting a shared key from the preset key list;
accordingly, or specifically: the management server is used for acquiring the shared keys from the preset key list according to the preset sequence.
Optionally, the management server is configured to determine a third IP address of the authentication server according to the first IP address and the authentication proxy list, and specifically, the third IP address is: the management server is used for acquiring a third IP address of the authentication server which is stored in the authentication agent list and corresponds to the first IP address;
accordingly, the first IP address is stored in the authentication agent list in correspondence with the at least one third IP address.
Optionally, the management server is further configured to send authentication agent ciphertext data to the client according to the first IP address;
correspondingly, the client is also used for receiving the authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
Optionally, the management server is configured to encrypt the shared key, the first IP address, and a third IP address corresponding to the first IP address using a preset encryption key to obtain the authentication proxy ciphertext data, and specifically: the management server is used for organizing the data to be encrypted according to the shared key, the first IP address and a third IP address corresponding to the first IP address; and encrypting the data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data.
Optionally, the client is further configured to update the original proxy file with the authentication proxy file.
Optionally, the client is also used for restarting; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
correspondingly, the authentication server is also used for executing the client verification operation according to the user account and the dynamic token, and ending.
Optionally, the client is further configured to, when receiving the input partition IP address, send the MAC address of the client to the partition server according to the partition IP address.
Optionally, the client is further configured to terminate the error report if the error report information is received.
Optionally, the management server and the authentication server share one IP address, and the second IP address is equal to the third IP address;
correspondingly, the partition server is also used for determining a second IP address and a management port identifier of a management server of the area where the client is located according to the first IP address and the business service partition table; sending a second IP address and a management port identifier to the client;
correspondingly, the client is also used for sending the first IP address to the management server according to the second IP address and the management port identifier;
correspondingly, the management server is also used for acquiring the shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address, a third IP address corresponding to the first IP address and the authentication port identification by using a preset encryption key to obtain authentication proxy ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; and sending the authentication agent file to the client according to the first IP address.
The embodiment also provides a system for automatically registering a management server, which comprises a client, a partition server, a management server and an authorization server;
optionally, the system comprises a client, a partition server, a management server and an authorization server;
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of the management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for sending the first IP address to the authorization server;
the authorization server is used for acquiring the access token and correspondingly storing the first IP address and the access token; sending the first IP address and the access token to a management server;
the management server is also used for sending the first IP address and the access token to the authorization server;
the authorization server is also used for acquiring an access token which is stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and receiving the authentication success information; acquiring a shared secret key; encrypting the shared key, the first IP address and the second IP address of the user by using a preset encryption key to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; if the client side fails to verify, error reporting information is sent to the client side through the management server;
and the client is also used for receiving and storing the authentication agent file.
Optionally, the partition server is further configured to store the service partition table when receiving the service partition table;
further, the partition server is also used for determining a business service partition table according to the client data table when the client data table is received;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
further correspondingly, the management server is configured to send the first IP address to the authorization server, specifically: the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address;
furthermore, the partition server is further configured to obtain a first IP address from the client data table as a current first IP address when receiving the client data table; acquiring a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
correspondingly, the partition server is further used for correspondingly storing the current first IP address and the current second IP address to the business service partition table if the second IP address of the management server of the area where the client is located is obtained;
correspondingly, the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and to use the obtained first IP address as the current first IP address if the next first IP address is obtained;
and correspondingly, the partition server is further configured to, when the acquired first IP address is used as the current first IP address, acquire the area identifier corresponding to the current first IP address from the client data table.
Optionally, the partition server is configured to determine a service partition table according to the client data table when receiving the client data table;
correspondingly, the client data sheet at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server of the area where the client is located and the port type of the management server;
correspondingly, the management server and the authorization server share one second IP address;
further, step R0 includes the steps of:
correspondingly, the partition server is used for acquiring a first IP address from the client data table as a current first IP address when receiving the client data table;
correspondingly, the partition server is also used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
correspondingly, the partition server is further used for acquiring a management port identifier of the management server if the second IP address of the management server of the area where the client is located is acquired; correspondingly storing the current first IP address, the current second IP address and the management port identification to a business service partition table;
correspondingly, the partition server is further used for acquiring a next first IP address from the client data table if the second IP address of the management server of the area where the client is located is not acquired, and taking the acquired first IP address as the current first IP address if the next first IP address is acquired;
correspondingly, the partition server is further configured to obtain, when the obtained first IP address is used as the current first IP address, an area identifier corresponding to the current first IP address from the client data table;
further correspondingly, the management server is configured to send the first IP address to the authorization server, specifically: the management server is used for sending the first IP address to the authorization server.
Optionally, the partition server is further configured to determine, according to the first IP address and the service partition table, a second IP address of the management server in the area where the client is located and a fourth IP address of the authorization server; sending the second IP address and the fourth IP address to the client;
correspondingly, the client is also used for sending the first IP address to the authorization server according to the fourth IP address;
correspondingly, the authorization server is also used for acquiring the access token and correspondingly storing the first IP address and the access token; sending an access token to the client;
correspondingly, the client is also used for sending the first IP address and the access token to the management server by the second IP address;
further, the partition server is also used for determining a business service partition table according to the client data table when the client data table is received;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and a fourth IP address of the authorization server;
further correspondingly, the management server is configured to send the first IP address to the authorization server specifically as: the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address;
furthermore, the partition server acquires a first IP address from the client data table as a current first IP address when receiving the client data table;
correspondingly, the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
correspondingly, the partition server is further configured to, if the second IP address of the management server in the area where the client is located is obtained, obtain a fourth IP address of the authorization server corresponding to the management server in the area where the client is located corresponding to the current first IP address, and correspondingly store the current first IP address, the current second IP address, and the current fourth IP address in the service partition table;
correspondingly, the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and to use the obtained first IP address as the current first IP address if the next first IP address is obtained;
and correspondingly, the partition server is further configured to, when the acquired first IP address is used as the current first IP address, acquire the area identifier corresponding to the current first IP address from the client data table.
Optionally, the partition server is further configured to determine, according to the first IP address and the service partition table, a second IP address of a management server and an authorization server in an area where the client is located; acquiring a management port identifier and an authorized port identifier corresponding to the first IP address; sending the second IP address, the management port identification and the authorized port identification to the client;
correspondingly, the client is also used for sending the first IP address to the authorization server according to the second IP address and the authorization port identifier;
correspondingly, the authorization server is also used for acquiring the access token and correspondingly storing the first IP address and the access token; sending an access token to the client;
correspondingly, the client is also used for sending the first IP address and the access token to the management server by the second IP address and the management port identifier;
further, the partition server is also used for determining a business service partition table according to the client data table when the client data table is received;
correspondingly, the client data table at least correspondingly stores the first IP address of the client and the area identification of the area where the client is located;
correspondingly, the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and the authorization server, a management port identifier of the management server and an authorization port identifier of the authorization server;
further correspondingly, the management server is configured to send the first IP address to the authorization server, specifically: the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address;
furthermore, the partition server is further configured to, when receiving the client data table, obtain a first IP address from the client data table as a current first IP address by the partition server;
correspondingly, the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
correspondingly, the partition server is further used for acquiring a management port identifier and an authorized port identifier corresponding to the current first IP address if acquiring the second IP address of the management server of the area where the client is located; correspondingly storing the current first IP address, the current second IP address, the current management port identification and the current authorized port identification to a business service partition table;
correspondingly, the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and to use the obtained first IP address as the current first IP address if the next first IP address is obtained;
correspondingly, the partition server is further configured to, if the next first IP address is not obtained, obtain the area identifier corresponding to the current first IP address from the client data table.
Optionally, the authorization server is configured to perform client authentication according to the received access token and the obtained access token, specifically: the authorization server is used for judging whether the received access token is the same as the obtained access token or not, if so, the client side is successfully verified, otherwise, the client side is failed to be verified.
Optionally, the management server is further configured to encrypt the shared key, the first IP address, and the stored second IP address using a preset encryption key to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
correspondingly, the client is also used for receiving the authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
Optionally, the client is also used for restarting; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
correspondingly, the authentication server is also used for executing the client verification operation according to the user account and the dynamic token, and ending.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (60)
1. A method for automatically registering a management server, the method comprising the steps of:
step S01: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step S02: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table, and sends the second IP address to the client;
step S03: the client sends a first IP address to the management server according to the second IP address;
step S04: the management server determines whether the stored authentication agent list includes the first IP address, if so, step S05 is executed; otherwise, sending error information to the client;
step S05: the management server acquires a shared secret key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
step S06: and the client saves the authentication agent file.
2. The method of claim 1, further comprising step S00;
step S00: when a partition server receives a client data table, the partition server respectively determines a management server of an area where a client corresponding to a first IP address is located according to the first IP address and a corresponding area identifier in the client data table, and correspondingly stores the first IP address of the client and a second IP address of the area where the client is located to a business service partition table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
and the business service partition table at least correspondingly stores a first IP address of a client and a second IP address of the management server.
3. The method of claim 2, wherein the step S00 includes the steps of:
step S00-01: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
step S00-02: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and executing the step S00-03 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing step S00-04;
step S00-03: the partition server correspondingly stores the current first IP address and the current second IP address to a business service partition table, and executes the step S00-04;
step S00-04: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step S00-02 is returned; if the next first IP address is not acquired, step S01 is executed.
4. The method according to claim 1, wherein in step S02, the method further comprises: the partition server judges whether a first IP address exists in a stored business service partition table, and if so, determines a second IP address of a management server corresponding to the client according to the first IP address and the business service partition table; otherwise, sending error information to the client.
5. The method according to claim 1, wherein in step S02, the partition server determines a second IP address of the management server corresponding to the client according to the first IP address and the service partition table, specifically: and the partition server acquires a second IP address which is stored corresponding to the first IP address from the stored business service partition table.
6. The method according to claim 1, wherein in step S05, the obtaining the shared key specifically includes: the management server randomly generates a shared key;
or specifically, the management server randomly selects a shared key from a preset key list;
or specifically, the management server obtains the shared keys from the preset key list in sequence according to a preset sequence.
7. The method according to claim 1, wherein in step S05, the management server determines a third IP address of the authentication server according to the first IP address and the authentication proxy list, specifically: the management server acquires a third IP address of the authentication server which is stored in the authentication agent list and corresponds to the first IP address;
and the first IP address is correspondingly stored with at least one third IP address in the authentication agent list.
8. The method according to claim 1, wherein in step S05, the step of generating an authentication agent file based on the authentication agent ciphertext data; sending an authentication agent file to the client according to the first IP address, and replacing the authentication agent file with: the management server sends authentication agent ciphertext data to the client according to the first IP address;
before the step S06, the method further includes: the client receives authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
9. The method according to claim 1, wherein in step S05, the encrypting the shared key, the first IP address, and the third IP address corresponding to the first IP address by using the preset encryption key to obtain the authentication agent ciphertext data specifically includes: the management server organizes the data to be encrypted according to the shared secret key, the first IP address and a third IP address corresponding to the first IP address; and encrypting the data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data.
10. The method of claim 1, wherein said step S06 is replaced with: the client updates the original proxy file with the authentication proxy file.
11. The method of claim 1, further comprising the steps of:
step S07: the client is restarted; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
step S08: and the authentication server executes client verification operation according to the user account and the dynamic token, and the operation is finished.
12. The method of claim 1, wherein in the steps S01 and S02, the first IP address is replaced with a MAC address of the client.
13. The method of claim 1, wherein the method further comprises: and if the client receives the error reporting information, the client finishes the error reporting.
14. The method according to claim 1, wherein the step S06 is specifically: and the client updates the original proxy file by using the authentication proxy file under a preset proxy path.
15. The method of claim 1, wherein the management server and the authentication server share one IP address, the second IP address being equal to the third IP address;
the step S02 is replaced by: the partition server determines a second IP address and a management port identifier of a management server of an area where the client is located according to the first IP address and the business service partition table; sending a second IP address and a management port identifier to the client;
the step S03 is replaced by: the client sends the first IP address to the management server according to the second IP address and the management port identifier;
the step S05 is replaced by: the management server acquires a shared secret key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address, a third IP address corresponding to the first IP address and the authentication port identification by using a preset encryption key to obtain authentication proxy ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; and sending the authentication agent file to the client according to the first IP address.
16. A method for automatically registering a management server, the method comprising the steps of:
step R01: starting a client; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
step R02: the partition server determines a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table, and sends the second IP address to the client;
step R03: the client sends a first IP address to the management server according to the second IP address;
step R04: the management server sends a first IP address to an authorization server;
step R05: the authorization server acquires an access token and correspondingly stores a first IP address and the access token; sending a first IP address and an access token to the management server;
step R06: the management server sends a first IP address and an access token to the authorization server;
step R07: the authorization server acquires an access token stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and executing the step R08; if the client side fails to verify, error reporting information is sent to the client side through the management server;
step R08: the management server receives verification success information; acquiring a shared secret key;
step R09: the management server encrypts the shared key, the first IP address and the second IP address of the management server by using a preset encryption key to obtain authentication proxy ciphertext data, and generates an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address;
step R10: and the client receives and stores the authentication agent file.
17. The method of claim 16, wherein the method further comprises: and when the partition server receives the business service partition table, the partition server stores the business service partition table.
18. The method of claim 17, further comprising steps R0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
the step R04 specifically includes: and the management server sends the first IP address to the authorization server according to the stored fourth IP address.
19. The method of claim 18, wherein said step R0 includes the steps of:
step R0-31: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
step R0-32: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step R0-33 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step R0-34;
step R0-33: the partition server correspondingly stores the current first IP address and the current second IP address to a business service partition table, and executes the step R0-34;
step R0-34: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step R0-32 is returned; if the next first IP address is not acquired, step R01 is executed.
20. The method of claim 16, further comprising steps R0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of a client, a second IP address of a management server of an area where the client is located and a port type of the management server;
the management server and the authorization server share a second IP address.
21. The method of claim 20, wherein said step R0 includes the steps of:
step R0-41: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
step R0-42: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step R0-43 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step R0-44;
step R0-43: the partition server acquires a management port identifier of a management server; correspondingly storing the current first IP address, the current second IP address and the management port identification to a business service partition table, and executing a step R0-44;
step R0-44: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step R0-42 is returned; if the next first IP address is not obtained, executing step R01;
the step R04 specifically includes: the management server sends the first IP address to the authorization server.
22. The method of claim 16, wherein the steps R02-step R05 are replaced with steps R14-R16:
step R14: the partition server determines a second IP address of a management server of an area where the client is located and a fourth IP address of the authorization server according to the first IP address and the business service partition table; sending the second IP address and the fourth IP address to the client;
step R14: the client sends the first IP address to the authorization server according to the fourth IP address;
step R15: the authorization server acquires an access token and correspondingly stores a first IP address and the access token; sending an access token to the client;
step R16: and the second IP address of the client sends the first IP address and the access token to the management server.
23. The method of claim 22, further comprising steps R0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and a fourth IP address of the authorization server;
the step R04 specifically includes: and the management server sends the first IP address to the authorization server according to the stored fourth IP address.
24. The method of claim 23, wherein said step R0 includes the steps of:
step R0-51: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
step R0-52: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step R0-53 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step R0-54;
step R0-53: the partition server acquires a fourth IP address of an authorization server corresponding to a management server of an area where the client corresponding to the current first IP address is located, correspondingly stores the current first IP address, the current second IP address and the current fourth IP address to a business service partition table, and executes the step R0-54;
step R0-54: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step R0-52 is returned; if the next first IP address is not acquired, step R01 is executed.
25. The method of claim 16, wherein the steps R02-step R05 are replaced with steps R22-R26;
step R22: the partition server determines a second IP address of a management server and an authorization server of the area where the client is located according to the first IP address and the business service partition table; acquiring a management port identifier and an authorized port identifier corresponding to the first IP address; sending the second IP address, the management port identification and the authorized port identification to the client;
step R23: the client sends the first IP address to the authorization server according to the second IP address and the authorization port identifier;
step R25: the authorization server acquires an access token and correspondingly stores a first IP address and the access token; sending an access token to the client;
step R26: and the second IP address of the client and the management port identification send the first IP address and the access token to the management server.
26. The method of claim 25, further comprising steps R0; when the partition server receives the client data table, the partition server determines a business service partition table according to the client data table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and the authorization server, a management port identifier of the management server and an authorization port identifier of the authorization server;
the step R04 specifically includes: and the management server sends the first IP address to the authorization server according to the stored fourth IP address.
27. The method of claim 26, wherein said step R0 includes the steps of:
step R0-41: when the partition server receives the client data table, the partition server acquires a first IP address from the client data table as a current first IP address;
step R0-42: the partition server acquires a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of the management server of the area where the client is located according to the area identifier, and executing the step R0-43 if the second IP address of the management server of the area where the client is located is acquired; if the second IP address of the management server of the area where the client is located is not obtained, executing the step R0-44;
step R0-43: the partition server acquires a management port identifier and an authorized port identifier corresponding to the current first IP address; correspondingly storing the current first IP address, the current second IP address, the current management port identifier and the current authorization port identifier to the business service partition table, and executing the step R0-44;
step R0-44: the partition server acquires the next first IP address from the client data table, and if the next first IP address is acquired, the acquired first IP address is used as the current first IP address, and the step R0-42 is returned; if the next first IP address is not acquired, step R01 is executed.
28. The method according to claim 16, wherein in step R07, the performing client authentication according to the received access token and the obtained access token specifically comprises: and the authorization server judges whether the received access token is the same as the obtained access token, if so, the client side is successfully verified, otherwise, the client side is failed to verify.
29. The method of claim 16, wherein said step R09 is replaced with: the management server encrypts the shared key, the first IP address and the stored second IP address by using a preset encryption key to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
before the step R10, the method further includes: the client receives authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
30. The method of claim 16, further comprising the steps of:
step R11: the client is restarted; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
step R12: and the authentication server executes client verification operation according to the user account and the dynamic token, and the operation is finished.
31. A system for automatically registering a management server is characterized by comprising a client, a partition server and a management server;
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for judging whether the stored authentication agent list comprises a first IP address or not, and if so, acquiring a shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address and a third IP address corresponding to the first IP address by using a preset encryption key to obtain authentication agent ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; otherwise, sending error information to the client;
the client is also used for storing the authentication agent file.
32. The system according to claim 31, wherein the partition server is further configured to, when receiving the client data table, determine, according to the first IP address and the corresponding area identifier in the client data table, the management server in the area where the client corresponding to the first IP address is located, and correspondingly store the first IP address of the client and the second IP address of the area where the client is located in the service partition table;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
and the business service partition table at least correspondingly stores a first IP address of a client and a second IP address of the management server.
33. The system of claim 32, wherein the partitioned server is further configured to, upon receiving the client data table, obtain a first IP address from the client data table as the current first IP address;
the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of the management server corresponding to the area identifier of the area where the client is located, and correspondingly storing the current first IP address and the current second IP address to a service partition table if the second IP address of the management server of the area where the client is located is acquired; and if the second IP address of the management server of the area where the client is located is not obtained, obtaining the next first IP address from the client data table, and if the next first IP address is obtained, taking the obtained first IP address as the current first IP address.
34. The system of claim 31, wherein the partition server is further configured to determine whether a first IP address exists in the stored service partition table, and if so, determine a second IP address of the management server corresponding to the client according to the first IP address and the service partition table; otherwise, sending error information to the client.
35. The system of claim 31, wherein the partition server is configured to determine, according to the first IP address and the service partition table, that the second IP address of the management server corresponding to the client is specifically: and the partition server is used for acquiring a second IP address which is stored corresponding to the first IP address from the stored business service partition table.
36. The system according to claim 31, wherein the management server is configured to obtain the shared secret key, specifically: the management server is used for randomly generating a shared key;
or specifically: the management server is used for randomly selecting a shared key from a preset key list;
or specifically: and the management server is used for acquiring the shared keys from the preset key list according to the preset sequence.
37. The system of claim 31, wherein the management server is configured to determine a third IP address of the authentication server according to the first IP address and the authentication proxy list, and specifically: the management server is used for acquiring a third IP address of the authentication server which is stored in the authentication agent list and corresponds to the first IP address;
and the first IP address is correspondingly stored with at least one third IP address in the authentication agent list.
38. The system of claim 31, wherein the management server is further configured to send authentication agent ciphertext data to the client based on the first IP address;
the client is also used for receiving authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
39. The system according to claim 31, wherein the management server is configured to encrypt the shared key, the first IP address, and a third IP address corresponding to the first IP address using a preset encryption key to obtain the authentication proxy ciphertext data, and specifically: the management server is used for organizing data to be encrypted according to the shared key, the first IP address and a third IP address corresponding to the first IP address; and encrypting the data to be encrypted by using a preset encryption key according to a first preset algorithm to obtain authentication proxy ciphertext data.
40. The system of claim 31, wherein the client is further configured to update the original proxy file with the authentication proxy file.
41. The system of claim 31, wherein the client is further configured to reboot; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
and the authentication server is also used for executing the client verification operation according to the user account and the dynamic token and ending.
42. The system of claim 31, wherein the client is further configured to send the MAC address of the client to the partitioned server based on the partitioned IP address when receiving the input partitioned IP address.
43. The system of claim 31, wherein the client is further configured to terminate the error report if an error report is received.
44. The system of claim 31, wherein the client is configured to store the authentication agent file specifically as: the client is used for updating the original proxy file by using the authentication proxy file under the preset proxy path.
45. The system of claim 31, wherein said management server and said authentication server share an IP address, said second IP address being equal to said third IP address;
the partition server is also used for determining a second IP address and a management port identifier of a management server of the area where the client is located according to the first IP address and the business service partition table; sending a second IP address and a management port identifier to the client;
the client is also used for sending the first IP address to the management server according to the second IP address and the management port identifier;
the management server is also used for acquiring a shared key; determining a third IP address of the authentication server according to the first IP address and the authentication agent list; encrypting the shared key, the first IP address, a third IP address corresponding to the first IP address and the authentication port identification by using a preset encryption key to obtain authentication proxy ciphertext data; generating an authentication proxy file according to the authentication proxy ciphertext data; and sending the authentication agent file to the client according to the first IP address.
46. A system for automatically registering a management server is characterized by comprising a client, a partition server, a management server and an authorization server;
the client is used for starting; when receiving an input partition IP address, the client sends a first IP address to the partition server according to the partition IP address;
the partition server is used for determining a second IP address of a management server of the area where the client is located according to the first IP address and the business service partition table; sending the second IP address to the client;
the client is also used for sending the first IP address to the management server according to the second IP address;
the management server is used for sending a first IP address to the authorization server;
the authorization server is used for acquiring the access token and correspondingly storing the first IP address and the access token; sending a first IP address and an access token to the management server;
the management server is further used for sending a first IP address and an access token to the authorization server;
the authorization server is further used for acquiring an access token stored corresponding to the first IP address according to the first IP address; performing client authentication according to the received access token and the obtained access token, if the client authentication is successful, sending authentication success information to the management server, and receiving the authentication success information; acquiring a shared secret key; encrypting the shared key, the first IP address and the second IP address of the user by using a preset encryption key to obtain authentication proxy ciphertext data, and generating an authentication proxy file according to the authentication proxy ciphertext data; sending an authentication agent file to the client according to the first IP address; if the client side fails to verify, error reporting information is sent to the client side through the management server;
and the client is also used for receiving and storing the authentication agent file.
47. The system of claim 46, wherein the partition server is further configured to save the business service partition table when the business service partition table is received.
48. The system of claim 47, wherein the partition server is further configured to determine a business service partition table from a client data table when the client data table is received;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client and a second IP address of the management server;
the management server is configured to send a first IP address to the authorization server, and specifically: and the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address.
49. The system of claim 48, wherein the partition server is further configured to obtain a first IP address from the client data table as the current first IP address when the client data table is received; acquiring a region identifier corresponding to a current first IP address from a client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
the partition server is also used for correspondingly storing the current first IP address and the second IP address to the business service partition table if the second IP address of the management server of the area where the client is located is obtained;
the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and use the obtained first IP address as the current first IP address if the next first IP address is obtained;
the partition server is further configured to, when the acquired first IP address is used as the current first IP address, acquire an area identifier corresponding to the current first IP address from the client data table.
50. The system of claim 46, wherein the partition server is configured to determine a business service partition table from a client data table when the client data table is received;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of a client, a second IP address of a management server of an area where the client is located and a port type of the management server;
the management server and the authorization server share a second IP address.
51. The system according to claim 50, wherein said step R0 includes the steps of:
the partition server is used for acquiring a first IP address from the client data table as a current first IP address when receiving the client data table;
the partition server is also used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
the partition server is further used for acquiring a management port identifier of the management server if the second IP address of the management server of the area where the client is located is acquired; correspondingly storing the current first IP address, the current second IP address and the management port identification to a business service partition table;
the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and use the obtained first IP address as the current first IP address if the next first IP address is obtained;
the partition server is further configured to, when the acquired first IP address is used as the current first IP address, acquire an area identifier corresponding to the current first IP address from a client data table;
the management server is configured to send a first IP address to the authorization server, and specifically: the management server is used for sending the first IP address to the authorization server.
52. The system of claim 46, wherein the partition server is further configured to determine a second IP address of a management server and a fourth IP address of an authorization server of an area where the client is located according to the first IP address and the business service partition table; sending the second IP address and the fourth IP address to the client;
the client is also used for sending the first IP address to the authorization server according to the fourth IP address;
the authorization server is further used for acquiring an access token and correspondingly storing the first IP address and the access token; sending an access token to the client;
and the client is also used for sending the first IP address and the access token to the management server by the second IP address.
53. The system of claim 52, wherein the partition server is further configured to determine a business service partition table from a client data table when the client data table is received;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and a fourth IP address of the authorization server;
the management server is configured to send the first IP address to the authorization server specifically as follows: and the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address.
54. The system of claim 53,
the partition server acquires a first IP address from the client data table as a current first IP address when receiving the client data table;
the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
the partition server is further configured to, if the second IP address of the management server in the area where the client is located is obtained, obtain a fourth IP address of the authorization server corresponding to the management server in the area where the client is located corresponding to the current first IP address, and correspondingly store the current first IP address, the current second IP address, and the fourth IP address into the service partition table;
the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and use the obtained first IP address as the current first IP address if the next first IP address is obtained;
the partition server is further configured to, when the acquired first IP address is used as the current first IP address, acquire an area identifier corresponding to the current first IP address from the client data table.
55. The system of claim 46, wherein the partition server is further configured to determine a second IP address of the management server and the authorization server of the area where the client is located according to the first IP address and the service partition table; acquiring a management port identifier and an authorized port identifier corresponding to the first IP address; sending the second IP address, the management port identification and the authorized port identification to the client;
the client is also used for sending the first IP address to the authorization server according to the second IP address and the authorization port identifier;
the authorization server is further used for acquiring an access token and correspondingly storing the first IP address and the access token; sending an access token to the client;
and the client is also used for sending the first IP address and the access token to the management server by the second IP address and the management port identifier.
56. The system of claim 55, wherein the partition server is further configured to determine a business service partition table from a client data table when the client data table is received;
the client data table at least correspondingly stores a first IP address of a client and an area identifier of an area where the client is located;
the business service partition table at least correspondingly stores a first IP address of the client, a second IP address of the management server and the authorization server, a management port identifier of the management server and an authorization port identifier of the authorization server;
the management server is configured to send a first IP address to the authorization server, and specifically: and the management server is used for sending the first IP address to the authorization server according to the stored fourth IP address.
57. The system of claim 56, wherein the partitioned server is further configured to, upon receiving the client data table, the partitioned server obtaining a first IP address from the client data table as the current first IP address;
the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table; acquiring a second IP address of a management server of an area where the client is located according to the area identifier;
the partition server is further used for acquiring a management port identifier and an authorized port identifier corresponding to the current first IP address if the second IP address of the management server of the area where the client is located is acquired; correspondingly storing the current first IP address, the current second IP address, the current management port identification and the current authorized port identification to a business service partition table;
the partition server is further configured to obtain a next first IP address from the client data table if the second IP address of the management server in the area where the client is located is not obtained, and use the obtained first IP address as the current first IP address if the next first IP address is obtained;
and the partition server is further used for acquiring the area identifier corresponding to the current first IP address from the client data table if the next first IP address is not acquired.
58. The system according to claim 46, wherein the authorization server is configured to perform client authentication based on the received access token and the obtained access token, and specifically: and the authorization server is used for judging whether the received access token is the same as the obtained access token, if so, the client side is successfully verified, otherwise, the client side is failed to verify.
59. The system of claim 46, wherein the management server is further configured to encrypt the shared key, the first IP address, and the stored second IP address using a preset encryption key to obtain authentication proxy ciphertext data; sending authentication agent ciphertext data to the client according to the first IP address;
the client is also used for receiving authentication agent ciphertext data; and generating an authentication proxy file according to the authentication proxy ciphertext data.
60. The system of claim 46, wherein the client is further configured to reboot; when receiving an input user account and a dynamic token, determining an available authentication server according to an authentication proxy file; sending the user account and the dynamic token to the authentication server according to the third IP address of the authentication server;
and the authentication server is also used for executing the client verification operation according to the user account and the dynamic token and ending.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011431768.6A CN112202559B (en) | 2020-12-10 | 2020-12-10 | Method and system for automatically registering management server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011431768.6A CN112202559B (en) | 2020-12-10 | 2020-12-10 | Method and system for automatically registering management server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112202559A true CN112202559A (en) | 2021-01-08 |
| CN112202559B CN112202559B (en) | 2021-03-16 |
Family
ID=74033179
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011431768.6A Active CN112202559B (en) | 2020-12-10 | 2020-12-10 | Method and system for automatically registering management server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112202559B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662458A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Authentication method |
| CN105306211A (en) * | 2014-08-01 | 2016-02-03 | 成都天钥科技有限公司 | Identity authentication method for client software |
| CN107888381A (en) * | 2017-11-09 | 2018-04-06 | 飞天诚信科技股份有限公司 | A kind of implementation method of key importing, apparatus and system |
| CN108521333A (en) * | 2018-04-27 | 2018-09-11 | 飞天诚信科技股份有限公司 | A kind of login method and system carrying out offline authentication based on dynamic password |
| US20190349741A1 (en) * | 2018-04-05 | 2019-11-14 | T-Mobile Usa, Inc. | Systems and methods for web-based communications consolidation |
| CN111586023A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
-
2020
- 2020-12-10 CN CN202011431768.6A patent/CN112202559B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662458A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Authentication method |
| CN105306211A (en) * | 2014-08-01 | 2016-02-03 | 成都天钥科技有限公司 | Identity authentication method for client software |
| CN107888381A (en) * | 2017-11-09 | 2018-04-06 | 飞天诚信科技股份有限公司 | A kind of implementation method of key importing, apparatus and system |
| US20190349741A1 (en) * | 2018-04-05 | 2019-11-14 | T-Mobile Usa, Inc. | Systems and methods for web-based communications consolidation |
| CN108521333A (en) * | 2018-04-27 | 2018-09-11 | 飞天诚信科技股份有限公司 | A kind of login method and system carrying out offline authentication based on dynamic password |
| CN111586023A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112202559B (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1994715B1 (en) | Sim based authentication | |
| CA2578186C (en) | System and method for access control | |
| EP1585285B1 (en) | Multiple Authentication Channels, Each Using Multiple Authentication Modes | |
| US10735405B2 (en) | Private simultaneous authentication of equals | |
| CN107040922A (en) | Wireless network connecting method, apparatus and system | |
| US20070269041A1 (en) | Method and apparatus for secure messaging | |
| EP3748928A1 (en) | Method and system for apparatus awaiting network configuration to access hot spot network apparatus | |
| CN101123811A (en) | Apparatus and method for managing stations associated with WPA-PSK wireless network | |
| CN111447220B (en) | Authentication information management method, server of application system and computer storage medium | |
| CN110417929A (en) | The high availability DHCP service provided by running Dynamic Host Configuration Protocol server in block chain network | |
| CN107222460A (en) | A kind of shared method and device of server data memory space | |
| CN112600820B (en) | Network connection method, device, computer equipment and storage medium | |
| CN105898733A (en) | Machine changing method and device based on eSIM card, mobile terminal and server | |
| WO2013159818A1 (en) | Network application function authorisation in a generic bootstrapping architecture | |
| CN105933322A (en) | Plug-in service obtaining method, and plug-in service providing method and device | |
| CN101616414A (en) | Method, system and server that terminal is authenticated | |
| CN110519259B (en) | Method and device for configuring communication encryption between cloud platform objects and readable storage medium | |
| CN112202559B (en) | Method and system for automatically registering management server | |
| WO2020147854A1 (en) | Authentication method, apparatus and system, and storage medium | |
| CN107947980B (en) | Distributed system operation method and system | |
| CN116388998A (en) | Audit processing method and device based on white list | |
| CN107888383B (en) | Login authentication method and device | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| CN108833396A (en) | A kind of method, apparatus really weighed, system and terminal | |
| CN106921623B (en) | Identification key updating method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |