CN112667930A - Prefix convergence method and system based on Handle system - Google Patents
Prefix convergence method and system based on Handle system Download PDFInfo
- Publication number
- CN112667930A CN112667930A CN202011510838.7A CN202011510838A CN112667930A CN 112667930 A CN112667930 A CN 112667930A CN 202011510838 A CN202011510838 A CN 202011510838A CN 112667930 A CN112667930 A CN 112667930A
- Authority
- CN
- China
- Prior art keywords
- prefix
- request
- convergence
- ghr
- lhs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000002776 aggregation Effects 0.000 claims abstract description 102
- 238000004220 aggregation Methods 0.000 claims abstract description 102
- 238000012545 processing Methods 0.000 claims abstract description 81
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000007726 management method Methods 0.000 claims description 36
- 230000005540 biological transmission Effects 0.000 claims description 17
- 238000001514 detection method Methods 0.000 claims description 17
- 238000012544 monitoring process Methods 0.000 claims description 10
- 238000013500 data storage Methods 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 claims description 6
- 230000002688 persistence Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 abstract description 4
- 230000004048 modification Effects 0.000 abstract description 4
- 238000012217 deletion Methods 0.000 abstract 1
- 230000037430 deletion Effects 0.000 abstract 1
- 230000009286 beneficial effect Effects 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000013524 data verification Methods 0.000 description 6
- 230000002457 bidirectional effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a prefix convergence method and system based on a Handle system. The method comprises the steps that when a LHS system receives new creation, deletion and modification operations of any identification, the LHS system judges whether the current operation is prefix operation in a prefix range managed by the LHS, the operation which does not meet conditions is carried out according to original processing logic, for the operation which meets the conditions, the LHS system calls a prefix aggregation client side, prefix data of the current operation are transmitted to a prefix aggregation server side of the GHR, the prefix aggregation server side verifies the LHS which sends a request and the prefix data which are sent by the LHS after receiving a prefix aggregation request, the error information is returned for the request which does not pass the verification, the corresponding prefix data are stored in the prefix aggregation of the GHR and the correct information is returned for the request which passes the verification, and the aggregation client side of the LHS system carries out corresponding processing according to the response type of the returned information after receiving the returned information.
Description
Technical Field
The invention relates to the field of Internet infrastructure identification analysis systems, in particular to a prefix method and a prefix system based on a Handle system.
Background
Currently, under the existing Handle prefix management mechanism, each level of Handle service is responsible for managing the next level of prefixes, the final information of each prefix is only stored in the upper level Handle service, and the final information such as "0. NA/86.1000.11" is only stored in the LHS responsible for managing all prefixes under "0. NA/86.1000". The handling service at each level can not timely control prefix registration conditions of all levels under the handling service, for example, GHR can not effectively know prefix registration conditions of LHS responsible for managing all prefixes under '0. NA/86.1000'; therefore, it is necessary to provide a prefix aggregation method and system based on the Handle system.
Disclosure of Invention
The invention provides a prefix convergence method and a prefix convergence system based on a Handle system, which are used for solving the problem that GHR cannot comprehensively know the global condition of each level of Handle service.
The invention provides a prefix convergence method based on a Handle system, which is characterized by comprising the following steps:
adding a prefix convergence client of the LHS system in the LHS system;
and adding a prefix convergence service end of the GHR in the GHR system.
As an embodiment of the present invention, the prefix aggregation client performs the following operations:
after receiving a request meeting a prefix convergence condition, judging whether prefix data and an operation type of the request meet a Handle protocol, rejecting the next operation of the request not meeting the Handle protocol, sending warning information to an administrator, and simultaneously performing corresponding log operation;
acquiring a public key of the server and a prefix private key of the current LHS service by using a GHR prefix, and encrypting and signing the prefix data conforming to the Handle protocol to obtain a prefix convergence request;
and writing the prefix convergence request into a queue, transmitting the prefix convergence request to a prefix convergence server of the GHR, and performing corresponding log operation.
As an embodiment of the present invention, the prefix convergence server of the GHR performs the following operations:
after the prefix aggregation server of the GHR receives the prefix aggregation request, LHS authentication is carried out on the authenticity of the prefix aggregation request based on the IP, the port and the LHS prefix public key of the prefix aggregation request LHS;
refusing the next operation of the prefix aggregation request with the failure of the LHS authentication, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and verifying the signature on the prefix aggregation request which passes the LHS authentication by utilizing the LHS prefix public key and the GHR prefix acquisition private key to obtain first decrypted data;
refusing the next operation of the prefix aggregation request with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging whether the first decrypted data which is decrypted successfully conforms to a Handle protocol or not;
rejecting the next operation of the first decrypted data which does not conform to the Handle protocol, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
storing the first decryption data which accords with the Handle protocol into a prefix storage area and writing the first decryption data into an operation log;
generating a processing result corresponding to the prefix convergence request according to the operation log of the GHR prefix convergence server, and encrypting and signing the processing result by using a public key of the LHS prefix acquisition server and a prefix private key of the current GHR service to obtain processing result information;
and returning the processing result information to the prefix convergence client.
As an embodiment of the present invention, the prefix aggregation client performs the following operations:
receiving processing result information returned by the prefix server of the GHR, and performing GHR authentication on the authenticity of the processing result information based on the IP, the port and the GRP prefix public key of the processing result information GHR;
refusing the next operation of the processing result information of the GHR authentication failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and signature verifying the processing result information of the GHR successfully authenticated by using the prefix aggregation public key of the GHR and the prefix private key of the current LHS to obtain second decrypted data;
rejecting the next operation of the processing result information with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging the information type of the second decrypted data which is decrypted successfully, and if the information type of the second decrypted data is normal processing information, directly performing normal log operation;
if the second decrypted data is processing error information, sending a processing error prompt to an administrator, and performing corresponding log operation;
and if the second decrypted data is processing overtime information, rewriting the prefix convergence request into a queue and carrying out corresponding log operation.
As an embodiment of the present invention, the method further includes:
monitoring the queue and determining whether the prefix convergence request is written in;
when determining that the queue list is written into the prefix aggregation request, detecting whether a unique identifier exists in the prefix aggregation request;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
when the queue is written into a prefix convergence request, acquiring the same unique identification number of the prefix convergence request;
and if the number of the unique identifications is larger than the threshold value of the number of the unique identifications, sending a cycle request error prompt to an administrator, and carrying out corresponding log operation.
As an embodiment of the present invention, the method further includes:
grouping all data without identification into a 1 st group, grouping all data with 1 identification into a 2 nd group, grouping all data with 2 identifications into a 3 rd group, and so on, wherein alpha groups exist in total;
calculating the following formula to obtain the threshold value of the number of the unique identifiers:
wherein, N is the total number of the written prefix convergence requests, alpha is the number of groups containing the unique identification number, NdNumber of prefix aggregation requests, beta, for the d-th groupbdIs the product of the number of the aggregation requests of the group d prefix and the number of the unique identifiers of the group d, betadThe unique identification number of the d-th group, and beta is the average value of the unique identification numbers of all prefix aggregation requests.
The invention provides a prefix convergence system based on a Handle system, which comprises:
a prefix convergence client subsystem is added in the LHS system;
and a prefix convergence service terminal system is added in the GHR system.
As an embodiment of the present invention, the prefix aggregation client subsystem of the LHS system includes:
the operation scheduling module is used for receiving a prefix convergence request of a prefix convergence client subsystem in the LHS system, verifying the request content, and organizing and scheduling each module to effectively run;
the data encryption and decryption module is used for encrypting and signing the prefix convergence request by adopting an asymmetric encryption technology, and decrypting and verifying the signature of the received result returned by the GHR system prefix convergence service terminal system;
the GHR authentication module is used for authenticating the received GHR service authenticity of the result returned by the GHR system prefix convergence service end;
the log management module is used for carrying out corresponding operation on each type of log;
the queue management module is used for managing operations such as message queues, queue persistence and the like of the prefix convergence request;
the data transmission module is used for transmitting data with a prefix convergence operation server of the GHR system;
and the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes.
As an embodiment of the present invention, the method further includes:
a detection module, the detection module comprising:
the marking unit is used for monitoring the queue and starting the detection unit when the prefix convergence request is written into the queue module;
the detection unit is used for detecting whether the prefix convergence request has a unique identifier or not when the queue list sent by the marking unit is received and written into the prefix convergence request;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
the judging unit is used for judging the number of the same unique identifiers of the prefix convergence request when the queue is written into the prefix convergence request;
and the warning unit is used for sending a cycle request error prompt to an administrator and carrying out corresponding log operation when the number is greater than the preset number.
As an embodiment of the present invention, the prefix convergence service terminal system of the GHR includes:
the data transmission module is used for receiving a prefix aggregation request of the LHS system prefix aggregation client and maintaining data transmission with the prefix aggregation client;
the operation scheduling module is used for checking the request content and organizing and scheduling the modules to effectively run;
the data encryption and decryption module is used for carrying out encryption and decryption, signature verification and other processing on the received prefix convergence request by adopting an asymmetric encryption technology, and carrying out encryption and signature operation on returned information;
the LHS authentication module is used for authenticating the LHS service authenticity of the LHS system prefix convergence client side which receives the request;
the log management module is used for carrying out corresponding operation on each type of log;
the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes;
and the data storage module is used for local storage management of the prefix data.
The invention has the beneficial effects that: the method improves the existing Handle prefix management mechanism, enhances the functions of LHS and GHR, ensures that prefix data can be automatically converged to GHR when each level of Handle service operates the Handle prefix in charge of each level of Handle service, is convenient for the GHR to know the global condition of each level of Handle service, and provides effective support for further Handle service application; the GHR system can obtain the latest data of all prefixes in each stage of LHS system in real time, each stage of LHS system transmits the latest prefix data for managing the prefixes to the GHR system in an active push mode, a bidirectional authentication mechanism between services is added, the authenticity of the services is ensured, an encryption and signature mechanism of data exchange is added, the data can only be obtained by authorized users, and the safety of the data exchange is ensured.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
In the drawings:
fig. 1 is a flowchart of a prefix aggregation method based on a Handle system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a prefix aggregation method based on a Handle system in an embodiment of the present invention;
fig. 3 is a flowchart 1 of an operation of a prefix convergence client subsystem of an LHS in a prefix convergence system based on a Handle system according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating an operation of a prefix convergence service terminal system of a GHR in a prefix convergence system based on a Handle system according to an embodiment of the present invention;
fig. 5 is a flowchart 2 illustrating an operation of a prefix convergence client subsystem of the LHS in the prefix convergence system based on the Handle system according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
The embodiment of the invention provides a prefix convergence method based on a Handle system, which comprises the following steps:
adding a prefix convergence client of the LHS system in the LHS system;
adding a prefix convergence server of the GHR in the GHR system;
the working principle of the technical scheme is as follows: after receiving the request meeting the prefix convergence condition, the LHS system calls an operation scheduling module of the prefix convergence client in an asynchronous mode to transmit prefix data and operation types, and after receiving the request, the operation scheduling module performs data verification on the prefix data and the operation types to ensure that the content meets the requirement of a Handle protocol; for the request which does not conform to the Handle protocol, calling a log processing module to perform corresponding log operation; after the operation scheduling module finishes data verification, the data encryption module is called, and the information to be gathered is encrypted by using a public key of the GHR prefix acquisition server; signing the information to be gathered by using a prefix private key of the current LHS service; after the data encryption is finished, the operation scheduling module calls the queue management module to write the contents to be converged into the queue; the dispatching module calls a data transmission module, sends the content to be aggregated to a prefix aggregation server of the GHR, and calls a log processing module to perform corresponding log operation; after receiving the prefix aggregation request, an operation scheduling module of a prefix aggregation server of the GHR calls an LHS authentication module, authenticates the authenticity of the LHS according to information such as IP (Internet protocol), port and LHS prefix public key of the sent prefix aggregation request LHS, and ensures that the prefix aggregation request is from a correct LHS prefix aggregation client; if the authentication fails, the next operation is refused, a message pushing module is called, warning information is sent to an administrator, a log processing module is called, and corresponding log operation is carried out; the operation scheduling module transmits prefix request information passing LHS authentication to the data encryption and decryption module; the data encryption and decryption module decrypts and verifies the signature work on the prefix collection information by using the LHS prefix public key and the GHR prefix acquisition private key, and returns decrypted data after the decryption work is finished; after receiving the decrypted data, the operation scheduling module checks the data content to ensure that the data content conforms to a Handle protocol; the operation scheduling module transmits the data passing the verification to the data storage module, writes the data into the prefix storage area and writes the data into the operation log; the operation scheduling module returns the final processing result to the prefix acquisition client of the LHS; after receiving processing result information returned by the GHR prefix convergence server, an operation scheduling module of the LHS prefix convergence client calls a GHR authentication module to authenticate the GHR authenticity; when the authentication fails, the operation scheduling module calls the log management module to perform corresponding log operation; after the GHR authentication is passed, the operation scheduling module calls the data encryption and decryption module, and data decryption and signature verification are carried out by using the prefix aggregation public key of the GHR and the prefix private key of the current LHS; if the processing fails, the operation scheduling module calls the log management module to perform corresponding log operation; after the data decryption and the signature verification are finished, the operation scheduling module carries out corresponding processing according to the type of the returned information; if the received information is correct to process, calling a log management module to perform log operation; if the processing error information is received, calling a message pushing module, sending a processing error prompt to an administrator, and calling a log management module to perform log operation; if the processing overtime does not receive the processing information, calling a queue management module to rewrite the prefix data into the queue; calling a log management module to perform corresponding log operation;
the beneficial effects of the above technical scheme are: the method improves the existing Handle prefix management mechanism, enhances the functions of LHS and GHR, ensures that prefix data can be automatically converged to GHR when each level of Handle service operates the Handle prefix in charge of each level of Handle service, is convenient for the GHR to know the global condition of each level of Handle service, and provides effective support for further Handle service application; the GHR system can obtain the latest data of all prefixes in each stage of LHS system in real time, each stage of LHS system transmits the latest prefix data for managing the prefixes to the GHR system in an active push mode, a bidirectional authentication mechanism between services is added, the authenticity of the services is ensured, an encryption and signature mechanism of data exchange is added, the data can only be obtained by authorized users, and the safety of the data exchange is ensured.
In one embodiment, the prefix aggregation client performs the following operations:
after receiving a request meeting a prefix convergence condition, judging whether prefix data and an operation type of the request meet a Handle protocol, rejecting the next operation of the request not meeting the Handle protocol, sending warning information to an administrator, and simultaneously performing corresponding log operation;
acquiring a public key of the server and a prefix private key of the current LHS service by using a GHR prefix, and encrypting and signing the prefix data conforming to the Handle protocol to obtain a prefix convergence request;
writing the prefix convergence request into a queue, transmitting the prefix convergence request to a prefix convergence server of the GHR, and performing corresponding log operation;
the working principle of the technical scheme is as follows: after receiving the request, the operation scheduling module performs data verification on the prefix data and the operation type to ensure that the content meets the requirement of a Handle protocol; for the request which does not conform to the Handle protocol, calling a log processing module to perform corresponding log operation; after the operation scheduling module finishes data verification, the data encryption module is called, and the information to be gathered is encrypted by using a public key of the GHR prefix acquisition server; signing the information to be gathered by using a prefix private key of the current LHS service; after the data encryption is finished, the operation scheduling module calls the queue management module to write the contents to be converged into the queue; the dispatching module calls a data transmission module, sends the content to be aggregated to a prefix aggregation server of the GHR, and calls a log processing module to perform corresponding log operation;
the beneficial effects of the above technical scheme are: in the transmission process, the prefix request is verified, the prefix request is ensured to conform to a Handle protocol, and meanwhile, the encryption module is used for encrypting data, so that the safety in the data exchange process is ensured.
In one embodiment, the prefix aggregation server of the GHR performs the following operations:
after the prefix aggregation server of the GHR receives the prefix aggregation request, LHS authentication is carried out on the authenticity of the prefix aggregation request based on the IP, the port and the LHS prefix public key of the prefix aggregation request LHS;
refusing the next operation of the prefix aggregation request with the failure of the LHS authentication, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and verifying the signature on the prefix aggregation request which passes the LHS authentication by utilizing the LHS prefix public key and the GHR prefix acquisition private key to obtain first decrypted data;
refusing the next operation of the prefix aggregation request with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging whether the first decrypted data which is decrypted successfully conforms to a Handle protocol or not;
rejecting the next operation of the first decrypted data which does not conform to the Handle protocol, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
storing the first decryption data which accords with the Handle protocol into a prefix storage area and writing the first decryption data into an operation log;
generating a processing result corresponding to the prefix convergence request according to the operation log of the GHR prefix convergence server, and encrypting and signing the processing result by using a public key of the LHS prefix acquisition server and a prefix private key of the current GHR service to obtain processing result information;
returning the processing result information to the prefix convergence client;
the working principle of the technical scheme is as follows: after receiving the prefix aggregation request, an operation scheduling module of a prefix aggregation server of the GHR calls an LHS authentication module, authenticates the authenticity of the LHS according to information such as IP (Internet protocol), port and LHS prefix public key of the sent prefix aggregation request LHS, ensures that the prefix aggregation request comes from a correct LHS prefix aggregation client, and transmits prefix request information authenticated by the LHS to a data encryption and decryption module; the data encryption and decryption module decrypts prefix collection information and verifies a signature by using an LHS prefix public key and a GHR prefix acquisition private key, decrypted data is returned after the decryption is completed, an operation scheduling module verifies data contents after receiving the decrypted data to ensure that the data contents conform to a Handle protocol, the operation scheduling module transmits the data passing the verification to a data storage module, writes the data into a prefix storage area and writes an operation log, the next operation is refused for the data failing to be decrypted and the data failing to be verified, a message pushing module is called to send warning information to an administrator and call a log processing module to perform corresponding log operation, and the operation scheduling module returns a final processing result to a prefix acquisition client of the LHS;
the beneficial effects of the above technical scheme are: whether the current data are sent by the LHS prefix convergence client side is verified through decryption of the obtained data, LHS authentication is carried out on the current data after decryption is completed, safety in the data exchange process is guaranteed, the successfully verified prefix data are stored in a prefix storage area of a prefix convergence server side of the GHR, the GHR can conveniently know the global condition of each level of Handle service, unnecessary calculation is reduced by rejecting an operation request of verification failure in any link, and verification failure information is sent to an administrator to play a role in warning.
In one embodiment, the prefix aggregation client performs the following operations:
receiving processing result information returned by the prefix server of the GHR, and performing GHR authentication on the authenticity of the processing result information based on the IP, the port and the GRP prefix public key of the processing result information GHR;
refusing the next operation of the processing result information of the GHR authentication failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and signature verifying the processing result information of the GHR successfully authenticated by using the prefix aggregation public key of the GHR and the prefix private key of the current LHS to obtain second decrypted data;
rejecting the next operation of the processing result information with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging the information type of the second decrypted data which is decrypted successfully, and if the information type of the second decrypted data is normal processing information, directly performing normal log operation;
if the second decrypted data is processing error information, sending a processing error prompt to an administrator, and performing corresponding log operation;
if the second decrypted data is processing overtime information, rewriting the prefix convergence request into a queue and carrying out corresponding log operation;
the working principle of the technical scheme is as follows: after receiving the processing result information returned by the GHR prefix convergence server, an operation scheduling module of the LHS prefix convergence client calls a GHR authentication module to authenticate the authenticity of the GHR, when the authentication fails, the operation scheduling module calls a log management module to perform corresponding log operation, after the authentication of the GHR passes, the operation scheduling module calls a data encryption and decryption module to perform data decryption and signature verification by using a prefix convergence public key of the GHR and a prefix private key of the current LHS, if the processing fails, the operation scheduling module calls the log management module to perform corresponding log operation, after the data decryption and signature verification is completed, the operation scheduling module performs corresponding processing according to the type of the returned information, if the received information is first-type processing information, the log management module is called to perform log operation, and if the received information is second-type processing information, the message pushing module is called, sending a processing error prompt to an administrator, calling a log management module to perform log operation, and calling a queue management module to rewrite prefix data into a queue if processing overtime does not receive processing information; calling a log management module to perform corresponding log operation;
the beneficial effects of the above technical scheme are: by means of GHR authentication and decryption of returned information data, safety in the data exchange process is guaranteed, processed information is fed back in time, and timeliness of the data is improved.
In one embodiment, further comprising:
monitoring the queue and determining whether the prefix convergence request is written in;
when determining that the queue list is written into the prefix aggregation request, detecting whether a unique identifier exists in the prefix aggregation request;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
when the queue is written into a prefix convergence request, acquiring the same unique identification number of the prefix convergence request;
if the number of the unique identifications is larger than the threshold value of the number of the unique identifications, sending a cycle request error prompt to an administrator, and carrying out corresponding log operation;
grouping all data without identification into a 1 st group, grouping all data with 1 identification into a 2 nd group, grouping all data with 2 identifications into a 3 rd group, and so on, wherein alpha groups exist in total;
calculating the following formula to obtain the threshold value of the number of the unique identifiers:
wherein, N is the total number of the written prefix convergence requests, alpha is the number of groups containing the unique identification number, NdNumber of prefix aggregation requests, beta, for the d-th groupbdIs the product of the number of the aggregation requests of the group d prefix and the number of the unique identifiers of the group d, betadThe number of the unique identifiers of the group d is beta, and the beta is the average value of the number of the unique identifiers of all the prefix convergence requests;
the working principle of the technical scheme is as follows: monitoring a current queue, wherein when a prefix convergence request enters the queue, a monitoring unit starts a detection unit to detect, the detection unit detects the current prefix convergence request, detects whether the current prefix convergence request has a unique identifier, if the current prefix convergence request does not have the unique identifier, the current prefix convergence request is identified with the unique identifier, if the current prefix convergence request has the unique identifier, the number of the current unique identifiers is judged, whether the number of the current unique identifiers is greater than a threshold value of the number of the unique identifiers is judged, if the number of the current unique identifiers is greater than a preset number, a cycle request error prompt is sent to an administrator, corresponding log operation is carried out, and if the number of the current unique identifiers is not greater than the threshold value of the number of the unique identifiers, the unique identifier of the current prefix convergence request is copied, so that the number of the unique identifiers;
the beneficial effects of the above technical scheme are: the prefix convergence client subsystem in the LHS system is prevented from executing repeated transmission of the prefix convergence request all the time due to the fact that the prefix convergence request cannot be transmitted to the GHR system prefix convergence service terminal system all the time due to unknown reasons, and therefore waste of computing resources is avoided.
In one embodiment, the prefix aggregation client subsystem of the LHS system:
the operation scheduling module is used for receiving a prefix convergence request of a prefix convergence client subsystem in the LHS system, verifying the request content, and organizing and scheduling each module to effectively run;
the data encryption and decryption module is used for encrypting and signing the prefix convergence request by adopting an asymmetric encryption technology, and decrypting and verifying the signature of the received result returned by the GHR system prefix convergence service terminal system;
the GHR authentication module is used for authenticating the received GHR service authenticity of the result returned by the GHR system prefix convergence service end;
the log management module is used for carrying out corresponding operation on each type of log;
the queue management module is used for managing operations such as message queues, queue persistence and the like of the prefix convergence request;
the data transmission module is used for transmitting data with a prefix convergence operation server of the GHR system;
the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes;
the working principle of the technical scheme is as follows: after receiving the request meeting the prefix convergence condition, the LHS system calls an operation scheduling module of the prefix convergence client in an asynchronous mode, and transmits prefix data and operation types; after receiving the request, the operation scheduling module performs data verification on the prefix data and the operation type to ensure that the content meets the requirement of a Handle protocol, and calls a log processing module to perform corresponding log operation on the request which does not meet the Handle protocol; after the operation scheduling module finishes data verification, the data encryption module is called, and the information to be gathered is encrypted by using a public key of the GHR prefix acquisition server; signing the information to be gathered by using a prefix private key of the current LHS service; after the data encryption is finished, the operation scheduling module calls the queue management module to write the contents to be converged into the queue; the dispatching module calls a data transmission module, sends the content to be aggregated to a prefix aggregation server of the GHR, and calls a log processing module to perform corresponding log operation; after receiving processing result information returned by the GHR prefix convergence server, an operation scheduling module of the LHS prefix convergence client calls a GHR authentication module to authenticate the GHR authenticity; when the authentication fails, the operation scheduling module calls the log management module to perform corresponding log operation; after the GHR authentication is passed, the operation scheduling module calls the data encryption and decryption module, and data decryption and signature verification are carried out by using the prefix aggregation public key of the GHR and the prefix private key of the current LHS; if the processing fails, the operation scheduling module calls the log management module to perform corresponding log operation; after the data decryption and the signature verification are finished, the operation scheduling module carries out corresponding processing according to the type of the returned information; if the received information is correct to process, calling a log management module to perform log operation; if the processing error information is received, calling a message pushing module, sending a processing error prompt to an administrator, and calling a log management module to perform log operation; if the processing overtime does not receive the processing information, calling a queue management module to rewrite the prefix data into the queue; calling a log management module to perform corresponding log operation;
the beneficial effects of the above technical scheme are: in the transmission process, the prefix request is verified, the prefix request is ensured to conform to a Handle protocol, meanwhile, the encryption module is used for encrypting data and carrying out GHR authentication on the data, the safety and the authenticity in the data exchange process are guaranteed, and the prefix data are automatically acquired and actively transmitted, so that the prefix data have real-time property.
In one embodiment, further comprising:
a detection module, the detection module comprising:
the marking unit is used for monitoring the queue and starting the detection unit when the prefix convergence request is written into the queue module;
the detection unit is used for detecting whether the prefix convergence request has a unique identifier or not when the queue list sent by the marking unit is received and written into the prefix convergence request;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
the judging unit is used for judging the number of the same unique identifiers of the prefix convergence request when the queue is written into the prefix convergence request;
the warning unit is used for sending a cycle request error prompt to an administrator and carrying out corresponding log operation when the number is larger than the preset number;
the working principle of the technical scheme is as follows: monitoring a current queue, wherein when a prefix convergence request enters the queue, a monitoring unit starts a detection unit for detection, the detection unit detects the current prefix convergence request, detects whether the current prefix convergence request has a unique identifier, if the current prefix convergence request does not have the unique identifier, the current prefix convergence request is identified with the unique identifier, if the current prefix convergence request has the unique identifier, the number of the current unique identifiers is judged, whether the number of the current unique identifiers is greater than a threshold value of the number of the unique identifiers is judged, if the number of the current unique identifiers is greater than the threshold value of the number of the unique identifiers, a cycle request error prompt is sent to an administrator, corresponding log operation is carried out, and if the number of the current unique identifiers is not greater than the threshold value of the number of the unique identifiers, the unique identifier of the current prefix convergence request is copied, so that;
the beneficial effects of the above technical scheme are: the prefix convergence client subsystem in the LHS system is prevented from executing repeated transmission of the prefix convergence request all the time due to the fact that the prefix convergence request cannot be transmitted to the GHR system prefix convergence service terminal system all the time due to unknown reasons, and therefore waste of computing resources is avoided.
In one embodiment, the prefix convergence service terminal system of the GHR includes:
the data transmission module is used for receiving a prefix aggregation request of the LHS system prefix aggregation client and maintaining data transmission with the prefix aggregation client;
the operation scheduling module is used for checking the request content and organizing and scheduling the modules to effectively run;
the data encryption and decryption module is used for carrying out encryption and decryption, signature verification and other processing on the received prefix convergence request by adopting an asymmetric encryption technology, and carrying out encryption and signature operation on returned information;
the LHS authentication module is used for authenticating the LHS service authenticity of the LHS system prefix convergence client side which receives the request;
the log management module is used for carrying out corresponding operation on each type of log;
the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes;
the data storage module is used for local storage management of prefix data;
the working principle of the technical scheme is as follows: and after receiving the prefix aggregation request, an operation scheduling module of the prefix aggregation server of the GHR calls an LHS authentication module, authenticates the authenticity of the LHS according to information such as IP (Internet protocol), port and LHS prefix public key of the sending prefix aggregation request LHS, and ensures that the prefix aggregation request is from a correct LHS prefix aggregation client. If the authentication fails, the next operation is refused, a message pushing module is called, warning information is sent to an administrator, a log processing module is called, and corresponding log operation is carried out; the operation scheduling module transmits prefix request information passing LHS authentication to the data encryption and decryption module; the data encryption and decryption module decrypts and verifies the signature work on the prefix collection information by using the LHS prefix public key and the GHR prefix acquisition private key, and returns decrypted data after the decryption work is finished; after receiving the decrypted data, the operation scheduling module checks the data content to ensure that the data content conforms to a Handle protocol; the operation scheduling module transmits the data passing the verification to the data storage module, writes the data into the prefix storage area and writes the data into the operation log; the operation scheduling module returns the final processing result to the prefix acquisition client of the LHS;
the beneficial effects of the above technical scheme are: in the transmission process, the prefix request is verified, the prefix request is ensured to accord with a Handle protocol, meanwhile, the encryption module is used for encrypting data and carrying out LHS authentication on the data, the safety and the authenticity in the data exchange process are ensured, and the prefix data which are correctly operated each time are stored in the prefix storage area, so that the GHR can know the global condition of each level of Handle service conveniently.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A prefix convergence method based on a Handle system is characterized by comprising the following steps:
adding a prefix convergence client of the LHS system in the LHS system;
and adding a prefix convergence service end of the GHR in the GHR system.
2. The prefix aggregation method based on the Handle system as claimed in claim 1, wherein the prefix aggregation client performs the following operations:
after receiving a request meeting a prefix convergence condition, judging whether prefix data and an operation type of the request meet a Handle protocol, rejecting the next operation of the request not meeting the Handle protocol, sending warning information to an administrator, and simultaneously performing corresponding log operation;
acquiring a public key of the server and a prefix private key of the current LHS service by using a GHR prefix, and encrypting and signing the prefix data conforming to the Handle protocol to obtain a prefix convergence request;
and writing the prefix convergence request into a queue, transmitting the prefix convergence request to a prefix convergence server of the GHR, and performing corresponding log operation.
3. The prefix aggregation method based on the Handle system as claimed in claim 2, wherein the prefix aggregation server of the GHR performs the following operations:
after the prefix aggregation server of the GHR receives the prefix aggregation request, LHS authentication is carried out on the authenticity of the prefix aggregation request based on the IP, the port and the LHS prefix public key of the prefix aggregation request LHS;
refusing the next operation of the prefix aggregation request with the failure of the LHS authentication, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and verifying the signature on the prefix aggregation request which passes the LHS authentication by utilizing the LHS prefix public key and the GHR prefix acquisition private key to obtain first decrypted data;
refusing the next operation of the prefix aggregation request with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging whether the first decrypted data which is decrypted successfully conforms to a Handle protocol or not;
rejecting the next operation of the first decrypted data which does not conform to the Handle protocol, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
storing the first decryption data which accords with the Handle protocol into a prefix storage area and writing the first decryption data into an operation log;
generating a processing result corresponding to the prefix convergence request according to the operation log of the GHR prefix convergence server, and encrypting and signing the processing result by using a public key of the LHS prefix acquisition server and a prefix private key of the current GHR service to obtain processing result information;
and returning the processing result information to the prefix convergence client.
4. The prefix aggregation method based on the Handle system as claimed in claim 3, wherein the prefix aggregation client performs the following operations:
receiving processing result information returned by the prefix server of the GHR, and performing GHR authentication on the authenticity of the processing result information based on the IP, the port and the GRP prefix public key of the processing result information GHR;
refusing the next operation of the processing result information of the GHR authentication failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
decrypting and signature verifying the processing result information of the GHR successfully authenticated by using the prefix aggregation public key of the GHR and the prefix private key of the current LHS to obtain second decrypted data;
rejecting the next operation of the processing result information with the decryption failure, sending warning information to an administrator, and simultaneously carrying out corresponding log operation;
judging the information type of the second decrypted data which is decrypted successfully, and if the information type of the second decrypted data is normal processing information, directly performing normal log operation;
if the second decrypted data is processing error information, sending a processing error prompt to an administrator, and performing corresponding log operation;
and if the second decrypted data is processing overtime information, rewriting the prefix convergence request into a queue and carrying out corresponding log operation.
5. The prefix converging method based on the Handle system as claimed in claim 4, further comprising:
monitoring the queue and determining whether the prefix convergence request is written in;
when determining that the queue is written into a prefix aggregate request, detecting whether the prefix aggregate request has a unique identifier;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
when the queue is written into a prefix convergence request, acquiring the same unique identification number of the prefix convergence request;
and if the number of the unique identifications is larger than the threshold value of the number of the unique identifications, sending a cycle request error prompt to an administrator, and carrying out corresponding log operation.
6. The prefix converging method based on the Handle system of claim 5, wherein the prefix converging method is a prefix converging method based on a Handle system,
grouping all data without identification into a 1 st group, grouping all data with 1 identification into a 2 nd group, grouping all data with 2 identifications into a 3 rd group, and so on, wherein alpha groups exist in total;
calculating the following formula to obtain the threshold value of the number of the unique identifiers:
wherein, N is the total number of the written prefix convergence requests, alpha is the number of groups containing the unique identification number, NdNumber of prefix aggregation requests, beta, for the d-th groupbdIs the product of the number of the aggregation requests of the group d prefix and the number of the unique identifiers of the group d, betadThe unique identification number of the d-th group, and beta is the average value of the unique identification numbers of all prefix aggregation requests.
7. A prefix convergence system based on a Handle system comprises:
a prefix convergence client subsystem is added in the LHS system;
and a prefix convergence service terminal system is added in the GHR system.
8. The Handle system based prefix aggregation system of claim 7, wherein the prefix aggregation client subsystem of the LHS system comprises:
the operation scheduling module is used for receiving a prefix convergence request of a prefix convergence client subsystem in the LHS system, verifying the request content, and organizing and scheduling each module to effectively run;
the data encryption and decryption module is used for encrypting and signing the prefix convergence request by adopting an asymmetric encryption technology, and decrypting and verifying the signature of the received result returned by the GHR system prefix convergence service terminal system;
the GHR authentication module is used for authenticating the received GHR service authenticity of the result returned by the GHR system prefix convergence service end;
the log management module is used for carrying out corresponding operation on each type of log;
the queue management module is used for managing operations such as message queues, queue persistence and the like of the prefix convergence request;
the data transmission module is used for transmitting data with a prefix convergence operation server of the GHR system;
and the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes.
9. The prefix aggregation system based on a Handle system as recited in claim 8, further comprising:
a detection module, the detection module comprising:
the marking unit is used for monitoring the queue and starting the detection unit when the prefix convergence request is written into the queue module;
the detection unit is used for detecting whether the prefix convergence request has a unique identifier or not when the queue list sent by the marking unit is received and written into the prefix convergence request;
if the prefix aggregation request does not have a unique identifier, marking the unique identifier for the prefix aggregation request;
if the prefix convergence request has a unique identifier, overlapping the unique identifier, wherein the overlapping identifier is used for copying the unique identifier, so that the prefix convergence request has two identical unique identifiers;
the judging unit is used for judging the number of the same unique identifiers of the prefix convergence request when the queue is written into the prefix convergence request;
and the warning unit is used for sending a cycle request error prompt to an administrator and carrying out corresponding log operation when the number is greater than the preset number.
10. The Handle system based prefix convergence system of claim 9, wherein the prefix convergence service subsystem of the GHR comprises:
the data transmission module is used for receiving a prefix aggregation request of the LHS system prefix aggregation client and maintaining data transmission with the prefix aggregation client;
the operation scheduling module is used for checking the request content and organizing and scheduling the modules to effectively run;
the data encryption and decryption module is used for carrying out encryption and decryption, signature verification and other processing on the received prefix convergence request by adopting an asymmetric encryption technology, and carrying out encryption and signature operation on returned information;
the LHS authentication module is used for authenticating the LHS service authenticity of the LHS system prefix convergence client side which receives the request;
the log management module is used for carrying out corresponding operation on each type of log;
the message pushing module is used for pushing system prompt information to personnel such as a system administrator and the like in a mail, short message and other modes;
and the data storage module is used for local storage management of the prefix data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011510838.7A CN112667930B (en) | 2020-12-18 | 2020-12-18 | Prefix aggregation method and system based on Handle system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011510838.7A CN112667930B (en) | 2020-12-18 | 2020-12-18 | Prefix aggregation method and system based on Handle system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112667930A true CN112667930A (en) | 2021-04-16 |
| CN112667930B CN112667930B (en) | 2024-09-06 |
Family
ID=75406219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011510838.7A Active CN112667930B (en) | 2020-12-18 | 2020-12-18 | Prefix aggregation method and system based on Handle system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112667930B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257371A (en) * | 2017-06-14 | 2017-10-17 | 北京中数创新科技股份有限公司 | Analytic method and Handle systems based on Handle systems |
| CN110247894A (en) * | 2019-05-16 | 2019-09-17 | 中国联合网络通信集团有限公司 | The method and device of handle server is forged in a kind of identification |
| CN110708322A (en) * | 2019-10-12 | 2020-01-17 | 北京工业大学 | Method for realizing proxy service of industrial internet identification analysis system |
| CN111767484A (en) * | 2020-08-31 | 2020-10-13 | 中国信息通信研究院 | Industrial Internet identification analysis method and related device |
| CN112085417A (en) * | 2020-09-24 | 2020-12-15 | 北京工业大学 | Industrial Internet identification distribution and data management method based on block chain |
-
2020
- 2020-12-18 CN CN202011510838.7A patent/CN112667930B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257371A (en) * | 2017-06-14 | 2017-10-17 | 北京中数创新科技股份有限公司 | Analytic method and Handle systems based on Handle systems |
| CN110247894A (en) * | 2019-05-16 | 2019-09-17 | 中国联合网络通信集团有限公司 | The method and device of handle server is forged in a kind of identification |
| CN110708322A (en) * | 2019-10-12 | 2020-01-17 | 北京工业大学 | Method for realizing proxy service of industrial internet identification analysis system |
| CN111767484A (en) * | 2020-08-31 | 2020-10-13 | 中国信息通信研究院 | Industrial Internet identification analysis method and related device |
| CN112085417A (en) * | 2020-09-24 | 2020-12-15 | 北京工业大学 | Industrial Internet identification distribution and data management method based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| 倪金松, 镇锡惠: "数字资源唯一标识符解析系统研究", 现代图书情报技术, no. 02, 25 February 2005 (2005-02-25) * |
| 周志勇;张仲敏;任涛林;孙明;王勇;张定平;邓友良;: "家电行业工业互联网标识解析应用研究――标识解析二级节点的体系建设研究", 中国仪器仪表, no. 08, 25 August 2020 (2020-08-25) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112667930B (en) | 2024-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810006B (en) | Resource access method, device, equipment and storage medium | |
| US6446206B1 (en) | Method and system for access control of a message queue | |
| US6792474B1 (en) | Apparatus and methods for allocating addresses in a network | |
| Sollins | Cascaded authentication. | |
| CN104184713B (en) | Terminal identification method, machine identifier register method and corresponding system, equipment | |
| JP2018501567A (en) | Device verification method and equipment | |
| US8856525B2 (en) | Authentication of email servers and personal computers | |
| CN101540755A (en) | Method, system and device for recovering data | |
| CN108347428A (en) | Accreditation System, the method and apparatus of application program based on block chain | |
| CN108521424B (en) | Distributed data processing method for heterogeneous terminal equipment | |
| CN118174866B (en) | Resource certificate management system | |
| CN113225351A (en) | Request processing method and device, storage medium and electronic equipment | |
| CN106789963B (en) | Asymmetric white-box password encryption method, device and equipment | |
| CN112667928B (en) | Prefix and identification data secure subscription method and system based on Handle system | |
| CN113014592B (en) | Automatic registration system and method for Internet of things equipment | |
| CN105164969B (en) | The recognition methods of instant communication client and identifying system | |
| CN112667930B (en) | Prefix aggregation method and system based on Handle system | |
| CN108616517B (en) | High-reliability cloud platform service providing method | |
| CN112261055B (en) | Method, system and gateway equipment for directional pushing of real-time data | |
| CN116800457A (en) | Internet of things terminal security access authentication method based on T-NTRU public key cryptography | |
| CN112132588B (en) | Data processing method and device based on block chain, routing equipment and storage medium | |
| CN114844716A (en) | Digital signature message processing method, device, equipment and computer medium | |
| CN112667929B (en) | Prefix and identification data safe pushing method and system based on Handle system | |
| CN108449358B (en) | Cloud-based low-delay secure computing method | |
| CN114338788A (en) | Message pushing method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |