CN113422750A - Non-signed user control method, device, equipment and storage medium - Google Patents
Non-signed user control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113422750A CN113422750A CN202010123443.5A CN202010123443A CN113422750A CN 113422750 A CN113422750 A CN 113422750A CN 202010123443 A CN202010123443 A CN 202010123443A CN 113422750 A CN113422750 A CN 113422750A
- Authority
- CN
- China
- Prior art keywords
- user
- internet
- fault
- radius
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000000605 extraction Methods 0.000 claims description 5
- 239000002699 waste material Substances 0.000 abstract description 12
- 230000008569 process Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 14
- 230000004044 response Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 230000000694 effects Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/18—Management of setup rejection or failure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/30—Connection release
- H04W76/34—Selective release of ongoing connections
- H04W76/36—Selective release of ongoing connections for reassigning the resources associated with the released connections
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the specification provides a method, a device, equipment and a storage medium for controlling a non-signed user, wherein the method is applied to a remote user dial-up authentication server RADIUS, and when the RADIUS is in a normal working state, a network connection request of the non-signed user is rejected; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; the method comprises the following steps: after the fault state is recovered to a normal working state, user internet record during the fault period is obtained from a backup server, and the user internet record during the fault period is sent to the backup server by a Broadband Remote Access Server (BRAS) in real time; and determining a non-signed user surfing the Internet during the fault period according to the user surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in a surfing state. By the embodiment, after the RADIUS recovers normal work, the off-line of the non-signed user can be controlled, and the waste of network resources and the flow loss of an operator are reduced.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for controlling a non-subscriber.
Background
In the home Broadband Service, Authentication is performed on a User Access process mainly through a BRAS (Broadband Remote Access Server) and a RADIUS (Remote Authentication Dial In User Service). The user internet authentication process comprises the following steps: the user sends a network connection request to the BRAS, the BRAS sends a user authentication request to the RADIUS after receiving the request, the RADIUS returns an authentication result to the BRAS according to the user authentication request, the authentication result comprises authentication success or authentication failure, and the BRAS allows or disallows the user to carry out network operation based on the authentication result.
In the above flow, if the RADIUS fails and the BRAS does not receive the authentication result sent by the RADIUS, the BRAS directly releases the user, and after the RADIUS recovers to work normally, the released non-subscriber user can still go on the internet, which causes waste of network resources and traffic loss of operators.
Disclosure of Invention
An embodiment of the present specification aims to provide a method, an apparatus, a device, and a storage medium for controlling a non-subscriber, which can control the non-subscriber to be offline after RADIUS resumes normal operation, and reduce waste of network resources and traffic loss of an operator.
In order to achieve the above technical effects, one embodiment of the present specification is implemented as follows:
in a first aspect, an embodiment of the present specification provides a non-subscriber control method, which is applied to a remote user dial-up authentication server RADIUS, where when the RADIUS is in a normal working state, a network connection request of a non-subscriber is rejected; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; the method comprises the following steps:
after the fault state is recovered to a normal working state, user internet record during the fault period is obtained from a preset backup server, and the user internet record during the fault period is sent to the backup server by a Broadband Remote Access Server (BRAS) in real time;
and determining a non-signed user surfing the Internet during the fault period according to the user surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in a surfing state.
In a second aspect, another embodiment of the present specification provides a non-subscriber control system, including a remote subscriber dial-up authentication server RADIUS, a broadband remote access server BRAS, and a backup server; when the RADIUS is in a normal working state, rejecting a network connection request of a non-signed user; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; in the system:
the BRAS is used for sending the user internet record during the RADIUS fault period to the backup server in real time;
the backup server is used for receiving and storing the user internet record during the fault period;
and the RADIUS is used for acquiring the user Internet surfing record in the fault period from the backup server after the fault state is recovered to the normal working state, determining a non-subscriber on line in the fault period according to the user Internet surfing record in the fault period, and controlling the non-subscriber to be off line if the non-subscriber is in the Internet surfing state currently.
In a third aspect, another embodiment of the present disclosure provides a non-subscriber control device, which is applied to a remote user dial-up authentication server RADIUS, where when the RADIUS is in a normal working state, a network connection request of a non-subscriber is rejected; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; the device comprises:
the system comprises a user record extraction module, a broadband remote access server BRAS and a backup server, wherein the user record extraction module is used for acquiring a user internet record during a fault from a preset backup server after the fault state is recovered to a normal working state, and the user internet record during the fault is sent to the backup server by the broadband remote access server BRAS in real time;
and the non-signed user offline module is used for determining a non-signed user surfing the Internet during the fault period according to the user Internet surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in an Internet surfing state.
In a fourth aspect, another embodiment of the present specification provides a non-subscriber control device, including: a memory, a processor and computer executable instructions stored on the memory and executable on the processor, which when executed by the processor implement the steps of the non-subscriber control method as described in the first aspect above.
In a fifth aspect, a further embodiment of the present specification provides a storage medium having stored therein computer-executable instructions that, when executed by a processor, are capable of implementing the steps of the non-subscriber control method as described in the first aspect above.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
Drawings
In order to more clearly illustrate the technical solutions in one or more embodiments of the present disclosure, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without any creative effort.
Fig. 1 is a schematic diagram of a non-subscriber control system provided in one embodiment of the present description;
fig. 2 is a first flowchart of a non-subscriber control method according to an embodiment of the present disclosure;
fig. 3 is a second flowchart of a non-subscriber control method according to an embodiment of the present disclosure;
fig. 4 is a third flowchart illustrating a non-subscriber control method according to an embodiment of the present disclosure;
fig. 5 is a block diagram of a non-subscriber control device according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a non-subscriber control device according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.
Fig. 1 is a schematic diagram of a non-subscriber control system according to an embodiment of the present disclosure. As shown in fig. 1, the system includes: BRAS110, backup server 120, RADIUS 130. When the RADIUS is in a normal working state, the network connection request of the non-subscriber is rejected, and when the RADIUS is in a fault state, the network connection request of the non-subscriber is released. In the system:
BRAS110, which is used to send the user log on the internet during the fault of RADIUS130 to the backup server 120 in real time;
the backup server 120 is used for receiving and storing the user internet record during the fault period;
the RADIUS130 is configured to obtain a user internet record during the fault period from the backup server 120 after the fault state is restored to the normal working state, determine a non-subscriber user who accesses the internet during the fault period according to the user internet record during the fault period, and control the non-subscriber user to be offline if the non-subscriber user is currently in the internet state.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
In the system shown in fig. 1, a BRAS is a new access gateway for broadband network applications, and is located at an edge layer of a backbone network, and can complete data access of a user bandwidth network. When a user needs to surf the internet, a network connection request is sent to the BRAS, and the BRAS sends the network connection request of the user to the RADIUS.
The RADIUS is used for storing the subscription data and detailed information of the home broadband user, providing, authenticating, charging and authorizing services for a remote dialing user accessing the BRAS, and recording the authentication and charging information of the user. In this embodiment, when the RADIUS is in a normal state, the RADIUS may receive a network connection request of a user sent by the BRAS, and according to the network connection request, the user on the internet is granted and the user on the internet is denied. When the RADIUS is in a fault state, the RADIUS cannot receive the network connection request sent by the BRAS, and the BRAS directly passes the network connection requests of all users in order to avoid overlong waiting time of the users, so that non-signed users can directly surf the internet.
In the user internet access process, the BRAS can acquire the internet access records of the user and respectively send the internet access records to the RADIUS and the backup server, wherein the internet access records of the user can be generated according to the charging messages of the user internet access.
When the RADIUS is in a normal state, the RADIUS can receive and store the user surfing records. When the RADIUS is in a fault state, the user internet record sent by the BRAS cannot be received. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from the backup server, determine a non-subscriber on line during the fault period according to the user internet record during the fault period, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state.
The backup server is used for backing up the internet surfing records of the user. If the RADIUS is in a normal working state, the backup server and the RADIUS can both store the user internet record sent by the BRAS. If the RADIUS is in a fault state, the backup server can store the user internet record sent by the BRAS to achieve the backup effect.
It can be seen that, with the system in fig. 1, it is possible to determine the non-subscriber user who surfs the internet during the failure period and control the type of user to go offline, thereby reducing the waste of network resources and the traffic loss of the operator. For the specific operation of RADIUS in fig. 1, reference may be made to the description of the embodiment of the method shown in fig. 2.
Fig. 2 is a first flowchart of a non-subscriber control method according to an embodiment of the present disclosure. The method flow is applied to the RADIUS and executed by the RADIUS. When the RADIUS is in a normal working state, rejecting the network connection request of the non-signed user, and when the RADIUS is in a fault state, releasing the network connection request of the non-signed user; the method comprises the following steps:
step S202, after the fault state is recovered to the normal working state, user Internet access records during the fault period are obtained from a preset backup server, and the user Internet access records during the fault period are sent to the backup server by a BRAS in real time;
step S204, according to the user Internet surfing record during the fault period, determining the non-signed user surfing the Internet during the fault period, and if the non-signed user is currently in the Internet surfing state, controlling the non-signed user to be off-line.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
The non-subscriber control method in the exemplary embodiment of fig. 2 is explained in detail below.
Referring to fig. 2, in step S202, after the RADIUS is restored from the fault state to the normal operating state, the user internet record during the fault is obtained from the preset backup server, and the user internet record during the fault is sent to the backup server by the BRAS in real time.
In this embodiment, the fault state may be a network cause or a cause of the RADIUS itself, so that the RADIUS cannot normally receive the network connection request of the user sent by the BRAS, thereby causing the BRAS to directly pass through the internet access of the non-subscriber.
In an exemplary embodiment, obtaining a user internet record during a failure from a preset backup server includes: and sending a user internet record query instruction to the backup server, wherein the user internet record query instruction carries fault starting time information and fault ending time information, and receiving a user internet record of a fault period returned by the backup server according to the user internet record query instruction.
In this embodiment, the preset backup server may also be referred to as a RADIUS message resource receiving server. The backup server is independent from the RADIUS and is placed in a place different from the RADIUS and used for receiving and storing the user online records sent by the BRAS in real time. The user internet record includes various information of the user internet, such as identification information of the user, internet traffic information, internet time information, and the like, and the user internet record may be generated according to a charging message of the user internet. For example, the charging message is used as a user internet record, or the identification information (such as a name) and internet time information of the user are extracted from the charging message, and the user internet record is generated by using the identification information and the internet time information of the user.
Specifically, the RADIUS sends a user internet record query instruction to the backup server in a message form, where the instruction carries fault start time information and fault end time information. After receiving the query instruction, the backup server compares the fault start time information and the fault end time information in the message with the internet access time information in the stored user internet access record, so as to find out the user internet access record in the fault period and send the user internet access record to the RADIUS.
In the embodiment, the required user internet record can be quickly and timely inquired by sending the user internet record inquiry instruction to the backup server.
Referring to fig. 2, in step S204, according to the user internet record during the fault, a non-subscriber user who accesses the internet during the fault is determined, and if the non-subscriber user is currently in the internet state, the non-subscriber user is controlled to be offline.
In an exemplary embodiment, determining a non-subscriber user who surfs the internet during the failure according to the user surfing record during the failure includes: and determining the identification information of the user surfing the Internet during the fault period according to the user surfing record during the fault period, and determining the non-signed user surfing the Internet during the fault period according to the identification information of the user surfing the Internet during the fault period and a pre-established signed user identification list.
In the exemplary embodiment, if a user wants to use the home broadband service normally, the user needs to apply for handling the service, after the staff determines the identification information of the user, the staff logs in and stores the identification information, the IP address, the account opening name, the password and other information of the user on the broadband system and the RADIUS, and contacts the constructor to install the broadband for the user. After the above procedures are completed, the user can be called a subscriber and can use the network normally. If the process is not completed normally, the RADIUS does not have identification information of the user and the like, and the user is regarded as a non-signed user.
In this embodiment, the RADIUS receives the user surfing record during the failure from the backup server. Because the log of surfing the Internet can be in the form of message, so through analyzing the data structure of representing the user's label in the message, can confirm the label information of surfing the Internet user during trouble, the label information can be the user name.
Specifically, identification information such as a user name of the subscriber is stored in the RADIUS, and the RADIUS compares the stored user name of the subscriber with the identification information of the internet access user during the analyzed and sorted fault period. If the identification information is the same, the user is proved to be a signed user, otherwise, the user is a non-signed user. Thus, the identification information of the internet users during the fault period is compared, and the non-signed users who surf the internet during the fault period can be determined by removing the signed users.
And after the RADIUS determines the non-signed user who surfs the Internet during the fault period, the RADIUS also controls the non-signed user to be off-line. In an exemplary embodiment, RADIUS controls non-subscribers offline, including: and sending a user offline instruction to the BRAS, wherein the user offline instruction is used for indicating the BRAS to control the non-signed user to be offline.
Specifically, the RADIUS records identification information of a non-subscriber on line during a fault period in a message and sends the message to the BRAS, and the function of the message is to indicate that the BRAS is off line and the non-subscriber. After receiving the message, the BRAS immediately forces all non-signed users to log on the internet during the fault period.
In an exemplary embodiment, after the fault state is recovered to the normal working state, the RADIUS acquires the user online record during normal working, which is sent by the BRAS in real time, and the user online record during normal working is also sent to the backup server by the BRAS in real time.
Here, referring to the system shown in fig. 1, when the BRAS is in the working state, the user internet record is always sent to the RADIUS and the backup server, so that after the RADIUS is restored from the fault state to the normal working state, the user internet record during the normal working period sent by the BRAS in real time can also be obtained, and the user internet record can be sorted into a log by the RADIUS and stored.
Further, in the exemplary embodiment, the user internet record during the fault period and the user internet record during the normal working period are both generated according to the charging message of the user internet. For example, the charging message is used as a user internet record, or the identification information (such as a name) and internet time information of the user are extracted from the charging message, and the user internet record is generated according to the identification information and the internet time information of the user.
In summary, through the method flow shown in fig. 2, a non-subscriber user who surfs the internet during a fault period can be determined and the user of the type can be controlled to be offline, so that waste of network resources and traffic loss of an operator are reduced. For the specific operation of RADIUS in fig. 1, reference may be made to the description of the embodiment of the method shown in fig. 2. In addition, in the embodiment, the user internet record is backed up by setting the backup server, and the effect of tracing the user internet record during the fault period can be achieved, so that the problem that the user internet record during the fault period is lost after the RADIUS fault in the prior art is solved.
Fig. 3 is a second flowchart of a non-subscriber control method according to an embodiment of the present disclosure. As shown in fig. 3, the flow is used to introduce a work flow in a normal working state of RADIUS, and the flow is described by taking a charging message of user surfing as a user surfing record. As shown in fig. 3, the process includes the following steps:
step S302, the BRAS receives the network connection request of the user.
Specifically, when the user wants to access the internet, the user inputs a user name and a password and sends a network connection request to the BRAS.
And step S304, the BRAS sends a user authentication request to the RADIUS according to the network connection request of the user.
After receiving a network connection request of a user, the BRAS sends a user authentication request to the RADIUS so that the RADIUS can judge whether the user is a signed user. The BRAS can send the user authentication request to the RADIUS in the form of a message through the RADIUS protocol.
Step S306, the RADIUS returns response information to the BRAS according to the user authentication request.
In an exemplary embodiment, the RADIUS performs a comparison analysis with information in a stored subscriber database according to subscriber information included in an authentication request message sent by the BRAS. If the correspondence is successful, the user is a signed user, the RADIUS sends an authentication success response to the BRAS, and the response message contains authority information of the user, such as information of what set of food the user transacts, how to charge and the like. And if the correspondence fails, sending an authentication failure response to the BRAS.
And step S308, the BRAS allows or refuses the user to access the Internet according to the response information.
In this embodiment, if the BRAS receives the authentication success response replied by the RADIUS, the user is allowed to use the internet, the charging is started, and the charging packet is generated. And if the BRAS receives the authentication failure response replied by the RADIUS, the BRAS refuses the user to use the Internet and does not generate a charging message.
Step S310, when the BRAS allows the user to access the Internet, the BRAS respectively sends the accounting messages of the user to the backup server and the RADIUS.
Specifically, if the BRAS allows the user to use the internet, the BRAS sends accounting messages to the RADIUS as accounting starts and simultaneously sends the same accounting messages to the backup server. The charging message is sent once every a period of time.
Step S312, the backup server receives and stores the charging message.
And during the normal internet surfing of the user, the backup server only receives and stores the charging message sent by the BRAS as a backup internet surfing record of the user.
Step S314, the RADIUS receives and stores the accounting message.
During the normal internet access of the user, if the RADIUS works normally, the RADIUS can receive the accounting message sent by the BRAS and arrange the accounting message into a log to be stored.
In the flow of fig. 3, when the user finishes accessing the internet, the BRAS may also send an accounting end instruction to the RADIUS.
Fig. 4 is a third flowchart of a non-subscriber control method according to an embodiment of the present disclosure. As shown in fig. 4, the flow is used to introduce a working flow in which the RADIUS fault state and the fault state are recovered to the normal state, and the flow is described by taking an accounting message of user surfing as a user surfing record. As shown in fig. 4, the process includes the following steps:
in step S402, the BRAS receives the network connection request of the user.
Specifically, when the user wants to access the internet, the user inputs a user name and a password and sends a network connection request to the BRAS.
Step S404, the BRAS sends a user authentication request to the RADIUS according to the network connection request of the user.
After receiving a network connection request of a user, the BRAS sends a user authentication request to the RADIUS so that the RADIUS can judge whether the user is a signed user. The BRAS can send the user authentication request to the RADIUS in the form of a message through the RADIUS protocol.
Step S406, when RADIUS is in fault, BRAS returns response information allowing to access the Internet to the user.
Specifically, when a fault occurs due to a network reason or a RADIUS self reason, the RADIUS cannot normally receive an authentication request sent by the BRAS. After the BRAS sends the authentication request once, if the authentication response replied by the RADIUS is not received, the BRAS sends the authentication request once again at intervals of 3 seconds, if the authentication request is continuously sent for 5 times and the authentication response replied by the RADIUS is still not obtained, the BRAS regards that the RADIUS has a fault, and all users are automatically allowed to access the internet.
Step S408, the BRAS sends the accounting messages of the user to the backup server and the RADIUS respectively.
The BRAS allows the user to access the internet, and then sends the accounting message to the RADIUS, and simultaneously sends the same accounting message to the backup server. The charging message is sent once every a period of time.
Step S410, the backup server receives and stores the charging message.
During a RADIUS failure, RADIUS cannot receive accounting messages. The backup server can work normally, namely receiving and storing the charging message.
Step S412, after the RADIUS is recovered to normal, sending a user internet record query instruction to the backup server.
In the exemplary embodiment, after the RADIUS fails, manual detection is adopted to detect whether RADIUS service is recovered to normal. And after the normal state is recovered, the RADIUS sends a user Internet access record query instruction to the backup server in a message form. The query command includes time information of the start and end of the fault.
Step S414, the backup server sends the charging message during the failure period according to the query instruction.
After receiving the query instruction, the backup server compares and searches the time information of the charging message with the stored time information of the charging message according to the fault time information in the message, and sends the charging message which meets the fault period to the RADIUS.
Step S416, the RADIUS receives and stores the accounting message during the fault period, and determines the offline list.
In the exemplary embodiment, after the RADIUS receives the accounting message sent by the backup server during the failure, the accounting message is arranged into a log for storage. And simultaneously analyzing the user identification information in the charging message by the RADIUS, and determining all the users on the network during the fault period, namely the users on the network are the offline user list. Then comparing the user identification information in the charging message with the stored identification information of the signing user, and distinguishing the signing user from the non-signing user.
Step S418, the RADIUS sends the user offline command to the BRAS.
Specifically, RADIUS sends a user order of going down to BRAS batch. After the RADIUS determines the signed users and the non-signed users in the offline list, the RADIUS immediately sends offline indication messages containing identification information of the non-signed users to the BRAS, and the RADIUS sends the offline indication messages containing the identification information of the signed users to the BRAS in the time with low online demand, such as in the early morning and the like.
And step S420, the BRAS forces the user to be offline according to the received user offline instruction.
After receiving the off-line indication message sent by the RADIUS, the BRAS forces the user to be off-line according to the user identification information contained in the message.
And step S422, the user who is off-line by the BRAS is re-authenticated.
In the exemplary embodiment, if the subscriber who is off-line from the BRAS needs to log on the internet, the BRAS automatically repeats the authentication process and can continue to log on the internet. If the non-signed user needs to surf the internet, the authentication fails and the internet can not be surfed continuously.
As can be seen from the flows in fig. 3 and fig. 4, by using the non-subscriber control method in this embodiment, a non-subscriber accessing the internet during a fault period can be determined, and the non-subscriber can be controlled to be offline after recovery, so that the non-subscriber can be prevented from using the network for a long time after the fault is recovered, and the waste of network resources and the loss of operators can be reduced. In addition, in the embodiment, the charging message during the storage failure of the backup server is set, so that the loss of the user internet record during the failure is avoided, and the problem of traceability is reduced. After the RADIUS is recovered to normal, the charging message stored in the backup server during the fault period can be extracted, and the charging message is arranged into a log for storage, so that the log loss during the fault period is avoided, and the smooth operation of the log management process is ensured.
Fig. 5 is a schematic block diagram of a non-subscriber control device according to an embodiment of the present disclosure, which is applied to a remote authentication dial in user service RADIUS, where when the RADIUS is in a normal operating state, a network connection request of a non-subscriber is rejected, and when the RADIUS is in a fault state, a network connection request of a non-subscriber is released.
As shown in fig. 5, the apparatus includes:
the user record extraction module 51 is used for acquiring a user internet record during a fault period from a preset backup server after the RADIUS is restored from a fault state to a normal working state, and the user internet record during the fault period is sent to the backup server by a broadband remote access server BRAS in real time;
and the non-subscriber offline module 52 is configured to determine, by using the RADIUS, a non-subscriber on the internet during the failure according to the user internet record during the failure, and if the non-subscriber is currently in an internet state, control the non-subscriber to be offline.
The non-subscriber control device in the exemplary embodiment of fig. 5 is explained in detail below.
Optionally, the user record extracting module 51 is specifically configured to: sending a user internet record query instruction to the backup server, wherein the user internet record query instruction carries fault starting time information and fault ending time information; and receiving the user internet record during the fault period returned by the backup server according to the user internet record query instruction.
Optionally, the offline module 52 of the non-subscriber is specifically configured to: according to the user internet record in the fault period, determining the identification information of the user who accesses the internet in the fault period; and determining the non-signed user who surfs the internet during the fault period according to the identification information of the user who surfs the internet during the fault period and a pre-established identification list of the signed user.
Optionally, the offline module 52 of the non-subscriber is specifically configured to: and sending a user offline instruction to the BRAS, wherein the user offline instruction is used for indicating the BRAS to control the non-signed user to be offline.
Optionally, the apparatus further comprises: a backup module: after the fault state is recovered to the normal working state, acquiring a user internet access record during the normal working period, which is sent by the BRAS in real time; and the user Internet surfing record in the normal working period is also sent to the backup server by the BRAS in real time.
Optionally, in this embodiment, the user internet record during the fault period and the user internet record during the normal working period are both generated according to the charging message of the user internet.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
It should be noted that the non-subscriber control device in this embodiment can implement each process in the foregoing non-subscriber control method embodiment, and achieve the same function and effect, which is not repeated here.
Further, an embodiment of the present specification further provides a non-subscriber control device, and fig. 6 is a schematic structural diagram of the non-subscriber control device provided in the embodiment of the present specification, as shown in fig. 6, the device includes: memory 601, processor 602, bus 603, and communication interface 604. The memory 601, processor 602, and communication interface 604 communicate via the bus 603. the communication interface 604 may include input and output interfaces including, but not limited to, a keyboard, mouse, display, microphone, and the like.
In fig. 6, the memory 601 stores thereon computer-executable instructions executable on the processor 602, and when executed by the processor 602, the computer-executable instructions implement the following processes:
when the RADIUS is in a normal working state, the network connection request of a non-subscriber is rejected. When the RADIUS is in a fault state, the network connection request of a non-signed user is released;
after the fault state is recovered to a normal working state, the RADIUS acquires a user Internet access record during the fault from a preset backup server, and the user Internet access record during the fault is sent to the backup server by a broadband remote access server BRAS in real time;
determining a non-signed user surfing the Internet during the fault period according to the user Internet surfing record during the fault period, and controlling the non-signed user to be off-line if the non-signed user is currently in an Internet surfing state;
optionally, when executed by the processor, the computer-executable instructions obtain a user internet record during a failure from a preset backup server, where the obtaining includes:
sending a user internet record query instruction to the backup server, wherein the user internet record query instruction carries fault starting time information and fault ending time information;
and receiving the user internet record during the fault period returned by the backup server according to the user internet record query instruction.
Optionally, when executed by the processor, the determining, according to the user surfing record during the fault, a non-subscriber user surfing the internet during the fault includes:
according to the user internet record in the fault period, determining the identification information of the user who accesses the internet in the fault period;
and determining the non-signed user who surfs the internet during the fault period according to the identification information of the user who surfs the internet during the fault period and a pre-established identification list of the signed user.
Optionally, the computer executable instructions, when executed by the processor, control the non-subscriber to go offline, including:
and sending a user offline instruction to the BRAS, wherein the user offline instruction is used for indicating the BRAS to control the non-signed user to be offline.
Optionally, the computer executable instructions, when executed by the processor, further comprise:
after the fault state is recovered to the normal working state, acquiring a user internet access record during the normal working period, which is sent by the BRAS in real time; and the user Internet surfing record in the normal working period is also sent to the backup server by the BRAS in real time.
Optionally, when the computer executable instruction is executed by the processor, the user internet record during the fault period and the user internet record during the normal working period are both generated according to a charging message of user internet access.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
It should be noted that the non-subscriber control device in this embodiment can implement the processes in the foregoing method embodiments, and achieve the same functions and effects, which are not repeated here.
Further, another embodiment of the present specification also provides a computer-readable storage medium for storing computer-executable instructions, which when executed by a processor implement the following process:
when the RADIUS is in a normal working state, the network connection request of a non-subscriber is rejected. When the RADIUS is in a fault state, the network connection request of a non-signed user is released;
after the fault state is recovered to a normal working state, the RADIUS acquires a user Internet access record during the fault from a preset backup server, and the user Internet access record during the fault is sent to the backup server by a broadband remote access server BRAS in real time;
and determining a non-signed user surfing the Internet during the fault period according to the user surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in a surfing state.
Optionally, when executed by the processor, the computer-executable instructions obtain a user internet record during a failure from a preset backup server, where the obtaining includes:
sending a user internet record query instruction to the backup server, wherein the user internet record query instruction carries fault starting time information and fault ending time information;
and receiving the user internet record during the fault period returned by the backup server according to the user internet record query instruction.
Optionally, when executed by the processor, the determining, according to the user surfing record during the fault, a non-subscriber user surfing the internet during the fault includes:
according to the user internet record in the fault period, determining the identification information of the user who accesses the internet in the fault period;
and determining the non-signed user who surfs the internet during the fault period according to the identification information of the user who surfs the internet during the fault period and a pre-established identification list of the signed user.
Optionally, the computer executable instructions, when executed by the processor, control the non-subscriber to go offline, including:
and sending a user offline instruction to the BRAS, wherein the user offline instruction is used for indicating the BRAS to control the non-signed user to be offline.
Optionally, the computer executable instructions, when executed by the processor, further comprise:
after the fault state is recovered to the normal working state, acquiring a user internet access record during the normal working period, which is sent by the BRAS in real time; and the user Internet surfing record in the normal working period is also sent to the backup server by the BRAS in real time.
Optionally, when the computer executable instruction is executed by the processor, the user internet record during the fault period and the user internet record during the normal working period are both generated according to a charging message of user internet access.
In this embodiment, when the RADIUS is in the normal operating state, the network connection request of the non-subscriber can be rejected, and when the RADIUS is in the fault state, the network connection request of the non-subscriber is released. When the RADIUS is recovered to the normal working state from the fault state, the RADIUS can acquire a user internet record during the fault period from a preset backup server, determine a non-subscriber on line during the fault period according to the user internet record, and control the non-subscriber to be off line if the non-subscriber is currently in the internet state. Therefore, in the embodiment, the RADIUS can determine the non-subscriber user who surfs the internet during the fault period and control the off-line of the user based on the pre-backed-up user surfing record, so that the waste of network resources and the flow loss of an operator can be reduced.
The storage medium provided in an embodiment of the present specification can implement the respective processes in the foregoing method embodiments, and achieve the same functions and effects, and will not be repeated here.
The computer-readable storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The use of the phrase "including a" does not exclude the presence of other, identical elements in the process, method, article, or apparatus that comprises the same element, whether or not the same element is present in all of the same element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.
Claims (10)
1. A non-signed user control method is characterized in that the method is applied to a remote user dial-up authentication server RADIUS, and when the RADIUS is in a normal working state, a network connection request of a non-signed user is rejected; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; the method comprises the following steps:
after the fault state is recovered to a normal working state, user internet record during the fault period is obtained from a preset backup server, and the user internet record during the fault period is sent to the backup server by a Broadband Remote Access Server (BRAS) in real time;
and determining a non-signed user surfing the Internet during the fault period according to the user surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in a surfing state.
2. The method of claim 1, wherein obtaining the user's log on the internet during the failure from a predetermined backup server comprises:
sending a user internet record query instruction to the backup server, wherein the user internet record query instruction carries fault starting time information and fault ending time information;
and receiving the user internet record during the fault period returned by the backup server according to the user internet record query instruction.
3. The method of claim 1, wherein determining a non-subscriber user accessing the internet during the failure according to the user internet record during the failure comprises:
according to the user internet record in the fault period, determining the identification information of the user who accesses the internet in the fault period;
and determining the non-signed user who surfs the internet during the fault period according to the identification information of the user who surfs the internet during the fault period and a pre-established identification list of the signed user.
4. The method of claim 1, wherein controlling the non-subscriber user to go offline comprises:
and sending a user offline instruction to the BRAS, wherein the user offline instruction is used for indicating the BRAS to control the non-signed user to be offline.
5. The method according to any one of claims 1-4, further comprising:
after the fault state is recovered to the normal working state, acquiring a user internet access record during the normal working period, which is sent by the BRAS in real time; and the user Internet surfing record in the normal working period is also sent to the backup server by the BRAS in real time.
6. The method according to claim 5, wherein the user Internet access record during the fault period and the user Internet access record during the normal working period are generated according to a charging message of user Internet access.
7. A non-signed user control system is characterized by comprising a remote user dial authentication server RADIUS, a broadband remote access server BRAS and a backup server; when the RADIUS is in a normal working state, rejecting a network connection request of a non-signed user; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; in the system:
the BRAS is used for sending the user internet record during the RADIUS fault period to the backup server in real time;
the backup server is used for receiving and storing the user internet record during the fault period;
and the RADIUS is used for acquiring the user Internet surfing record in the fault period from the backup server after the fault state is recovered to the normal working state, determining a non-subscriber on line in the fault period according to the user Internet surfing record in the fault period, and controlling the non-subscriber to be off line if the non-subscriber is in the Internet surfing state currently.
8. A non-signed user control device is characterized in that the device is applied to a remote user dial-up authentication server RADIUS, and when the RADIUS is in a normal working state, a network connection request of a non-signed user is rejected; when the RADIUS is in a fault state, the network connection request of a non-signed user is released; the device comprises:
the system comprises a user record extraction module, a broadband remote access server BRAS and a backup server, wherein the user record extraction module is used for acquiring a user internet record during a fault from a preset backup server after the fault state is recovered to a normal working state, and the user internet record during the fault is sent to the backup server by the broadband remote access server BRAS in real time;
and the non-signed user offline module is used for determining a non-signed user surfing the Internet during the fault period according to the user Internet surfing record during the fault period, and controlling the non-signed user to be offline if the non-signed user is currently in an Internet surfing state.
9. A non-subscriber control device comprising a memory and a processor, the memory having stored thereon computer-executable instructions that, when executed on the processor, are capable of performing the steps of the method of any of claims 1-6.
10. A storage medium having stored thereon computer-executable instructions, which when executed by a processor, are capable of performing the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010123443.5A CN113422750A (en) | 2020-03-03 | 2020-03-03 | Non-signed user control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010123443.5A CN113422750A (en) | 2020-03-03 | 2020-03-03 | Non-signed user control method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113422750A true CN113422750A (en) | 2021-09-21 |
Family
ID=77711587
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010123443.5A Pending CN113422750A (en) | 2020-03-03 | 2020-03-03 | Non-signed user control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113422750A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978640A (en) * | 2022-05-12 | 2022-08-30 | 恒安嘉新(北京)科技股份公司 | Monitoring method, device and system for abnormal internet traffic and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620017A (en) * | 2003-11-18 | 2005-05-25 | 华为技术有限公司 | Charging buffer storage system of broad band network cut-in service device and its method |
| EP2986042A1 (en) * | 2013-04-09 | 2016-02-17 | ZTE Corporation | Client, server, and remote authentication dial in user service capability negotiation method and system |
| CN106454833A (en) * | 2016-12-21 | 2017-02-22 | 锐捷网络股份有限公司 | Method and system for realizing wireless 802.1X authentication |
| CN107547550A (en) * | 2017-09-06 | 2018-01-05 | 新华三技术有限公司 | Authentication method and device |
-
2020
- 2020-03-03 CN CN202010123443.5A patent/CN113422750A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620017A (en) * | 2003-11-18 | 2005-05-25 | 华为技术有限公司 | Charging buffer storage system of broad band network cut-in service device and its method |
| EP2986042A1 (en) * | 2013-04-09 | 2016-02-17 | ZTE Corporation | Client, server, and remote authentication dial in user service capability negotiation method and system |
| CN106454833A (en) * | 2016-12-21 | 2017-02-22 | 锐捷网络股份有限公司 | Method and system for realizing wireless 802.1X authentication |
| CN107547550A (en) * | 2017-09-06 | 2018-01-05 | 新华三技术有限公司 | Authentication method and device |
Non-Patent Citations (2)
| Title |
|---|
| 唐阳: "宽带远程接入服务器可靠性研究和测试方法研究", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
| 王贤锋: "宽带远程接入服务器BRAS冗余热备份技术在IP城域网中的应用", 《2013年中国通信学会信息通信网络技术委员会年会论文集》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978640A (en) * | 2022-05-12 | 2022-08-30 | 恒安嘉新(北京)科技股份公司 | Monitoring method, device and system for abnormal internet traffic and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2002108728A (en) | Method for inserting fault information and provider facility | |
| CN110088744A (en) | A kind of database maintenance method and its system | |
| CN105430016A (en) | Network access authentication method and system | |
| CN110990335B (en) | Log archiving method, device, equipment and computer readable storage medium | |
| CN114090975A (en) | Cloud database resource processing method and device, electronic equipment and storage medium | |
| CN109257229B (en) | Main/standby switching method and device | |
| CN112822160A (en) | Equipment identification method, device, equipment and machine-readable storage medium | |
| CN111382008A (en) | Virtual machine data backup method, device and system | |
| CN113438292A (en) | Agent deployment method and device based on automatic operation and maintenance tool | |
| CN110602130B (en) | Terminal authentication system and method, equipment terminal and authentication server | |
| CN115002168A (en) | Safety detection method for vehicle remote control and vehicle-mounted system | |
| CN113422750A (en) | Non-signed user control method, device, equipment and storage medium | |
| CN111489100A (en) | Order creating method, device, equipment and medium based on big data | |
| CN114363334A (en) | Network configuration method, device and equipment for cloud system and cloud desktop virtual machine | |
| CN113676549A (en) | Application request distribution method, application gateway, electronic device and storage medium | |
| CN106878252B (en) | Method for establishing password-free login relationship, method for clearing account and device thereof | |
| CN113407973A (en) | Software function authority management method, system, server and storage medium | |
| CN104111862A (en) | Method and system for obtaining IP (Internet Protocol) address of virtual machine in cloud computing platform | |
| JP3216602B2 (en) | User authentication system | |
| CN110768696B (en) | NFC SIM card identification method and device | |
| CN113285855B (en) | Server monitoring method and system | |
| CN115174174B (en) | Method and device for controlling electronic management platform | |
| CN116015651A (en) | Automatic key management method and device, electronic equipment and storage medium | |
| CN112583777B (en) | Method and device for realizing user login | |
| CN115514993B (en) | Operation control method and operation control system of cloud machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210921 |
|
| RJ01 | Rejection of invention patent application after publication |