CN113901431A - Method and device for extracting characteristic information of authenticated user - Google Patents

Method and device for extracting characteristic information of authenticated user Download PDF

Info

Publication number
CN113901431A
CN113901431A CN202111100962.0A CN202111100962A CN113901431A CN 113901431 A CN113901431 A CN 113901431A CN 202111100962 A CN202111100962 A CN 202111100962A CN 113901431 A CN113901431 A CN 113901431A
Authority
CN
China
Prior art keywords
sub
matching value
authentication
information
user characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111100962.0A
Other languages
Chinese (zh)
Other versions
CN113901431B (en
Inventor
杨振宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruijie Networks Co Ltd filed Critical Ruijie Networks Co Ltd
Priority to CN202111100962.0A priority Critical patent/CN113901431B/en
Publication of CN113901431A publication Critical patent/CN113901431A/en
Application granted granted Critical
Publication of CN113901431B publication Critical patent/CN113901431B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for extracting characteristic information of an authenticated user, wherein the method comprises the following steps: after receiving an authentication passing message sent by the authentication server, respectively searching a matching value matched with the authentication passing message in each sub-table of an authentication user characteristic information judgment table; for the first sub-table with the searched matching value, acquiring first authentication user characteristic sub-information from the authentication passing message according to the deviation value and the length of the table entry where the searched matching value is located in the first sub-table; for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information; and combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information. The scheme greatly improves the accuracy of the characteristic information of the authenticated user.

Description

Method and device for extracting characteristic information of authenticated user
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for extracting feature information of an authenticated user.
Background
Software Defined Networking (SDN) is a flexible control of Network traffic by separating the control plane and the data plane of a Network device, making the Network more intelligent as a pipeline, and providing a good platform for innovation of a core Network and applications.
The network equipment forwards an authentication request message sent by an authentication client to an authentication server, the authentication server sends an authentication passing message after the user is authenticated by the legitimacy, and the network equipment extracts the characteristic information of the authenticated user from the authentication passing message and uploads the characteristic information to an SDN controller after receiving the authentication passing message, so that the method is very important for accurately extracting the information of the authenticated user.
The existing method for extracting the authentication user information is that the network equipment extracts the field value of the set field in the authentication passing message to obtain the authentication user characteristic information, so that the extracted authentication user characteristic information often contains a lot of useless interference information and accurate authentication user characteristic information cannot be obtained.
Disclosure of Invention
The embodiment of the invention provides an extraction method and device of feature information of an authenticated user, which are used for solving the problems that the extracted feature information of the authenticated user often contains a lot of useless interference information and accurate feature information of the authenticated user cannot be obtained in the prior art.
According to the embodiment of the invention, the method for extracting the characteristic information of the authenticated user is provided and is applied to the network equipment connected with the authentication server, and the method comprises the following steps:
after receiving an authentication passing message sent by the authentication server, respectively searching a matching value matched with the authentication passing message in each sub-table of an authentication user characteristic information judgment table;
for the first sub-table with the searched matching value, acquiring first authentication user characteristic sub-information from the authentication passing message according to the deviation value and the length of the table entry where the searched matching value is located in the first sub-table;
for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information;
and combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information.
Specifically, the searching for the matching value matched with the authentication passing message in each sub-table of the authentication user characteristic information judgment table specifically includes:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of a current sub-table;
if the authentication passing message is determined to comprise the current matching value, determining to search the matching value in the current sublist;
if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
Specifically, acquiring the first authentication user characteristic sub-information from the authentication passing message according to the offset value and the length included in the table entry where the matching value found in the first sub-table is located includes:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information which is separated from the matching value by the deviation value and the length is obtained, and first authentication user characteristic sub-information is obtained.
Optionally, the method further includes:
receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
searching the matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judgment table;
and if the matching value to be added is not found in the third sub-table, adding a table entry comprising the matching value to be added, the offset bit to be added and the length to be added into the third sub-table.
Optionally, the method further includes:
receiving a deleting command carrying a matching value to be deleted, a deviation bit to be deleted and a length to be deleted;
searching the matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
and if the matching value to be deleted is found in the fourth sub-table, deleting the table entry comprising the matching value to be deleted, the deviation bit to be deleted and the length to be deleted in the fourth sub-table.
Optionally, the method further includes:
and adding the authentication user characteristic information into an authentication user characteristic information table.
According to an embodiment of the present invention, there is further provided an apparatus for extracting feature information of an authenticated user, applied to a network device connected to an authentication server, including:
the first searching module is used for respectively searching matching values matched with the authentication passing messages in each sub-table of an authentication user characteristic information judgment table after receiving the authentication passing messages sent by the authentication server;
an obtaining module, configured to, for a first sub-table where a matching value is found, obtain first authenticated user feature sub-information from the authentication pass packet according to a deviation value and a length included in an entry where the matching value found in the first sub-table is located; for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information;
and the combination module is used for combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information.
Specifically, the first searching module is configured to search, in each sub-table of an authenticated user feature information determination table, a matching value matched with the authentication passing packet, and specifically configured to:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of a current sub-table;
if the authentication passing message is determined to comprise the current matching value, determining to search the matching value in the current sublist;
if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
Specifically, the obtaining module is configured to obtain the first authenticated user feature sub-information from the authentication passing packet according to the offset value and the length included in the entry where the matching value found in the first sub-table is located, and specifically configured to:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information which is separated from the matching value by the deviation value and the length is obtained, and first authentication user characteristic sub-information is obtained.
Optionally, the method further includes:
the first receiving module is used for receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
the second searching module is used for searching the matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judgment table;
a first adding module, configured to add, if the matching value to be added is not found in the third sub-table, a table entry including the matching value to be added, the offset bit to be added, and the length to be added to the third sub-table.
Optionally, the method further includes:
the second receiving module is used for receiving a deleting command carrying the matching value to be deleted, the deviation bit to be deleted and the length to be deleted;
the third searching module is used for searching the matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
a deleting module, configured to delete the table entry including the matching value to be deleted, the offset bit to be deleted, and the length to be deleted in the fourth sub-table if the matching value to be deleted is found in the fourth sub-table.
Optionally, the method further includes:
and the second adding module is used for adding the characteristic information of the authenticated user into an authenticated user characteristic information table.
According to the embodiment of the invention, the electronic equipment comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing the above method steps when executing the program stored in the memory.
According to an embodiment of the present invention, there is also provided a computer-readable storage medium having stored therein a computer program, which when executed by a processor, performs the above-mentioned method steps.
The invention has the following beneficial effects:
the embodiment of the invention provides an extraction method and device of authentication user characteristic information, after receiving an authentication passing message sent by an authentication server, respectively searching matching values matched with the authentication passing message in each sub-table of an authentication user characteristic information judgment table; for the first sub-table with the searched matching value, acquiring first authentication user characteristic sub-information from the authentication passing message according to the deviation value and the length of the table entry where the searched matching value is located in the first sub-table; for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information; and combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information. In the method, for the first sub-table in which the matching value is found, the first authentication user characteristic sub-information is obtained from the authentication passing message according to the deviation value and the length included in the table entry in which the matching value found in the first sub-table is located, and the first authentication user characteristic sub-information is a component of the authentication user information, so that useless interference information can be reduced compared with the prior art in which the field value of the set field of the authentication passing message is directly obtained, and the accuracy of the authentication user characteristic information is greatly improved.
Drawings
Fig. 1 is a flowchart of an extraction method of feature information of an authenticated user according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an apparatus for extracting feature information of authenticated users according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device shown in the present application.
Detailed Description
Aiming at the problems that the extracted feature information of the authenticated user often contains a lot of useless interference information and accurate feature information of the authenticated user cannot be obtained in the prior art, the embodiment of the invention provides an extraction method of the feature information of the authenticated user, which is applied to network equipment connected with an authentication server, and the flow of the method is shown in figure 1, and the method comprises the following execution steps:
s11: after receiving the authentication passing message sent by the authentication server, respectively searching matching values matched with the authentication passing message in each sub-table of the authentication user characteristic information judgment table.
An authenticated user characteristic information determination table may be preset, and the authenticated user characteristic information determination table is composed of a plurality of sub-tables, for example, but not limited to, a user name determination sub-table, a user group determination sub-table, and the like, and each sub-table includes a plurality of matching values.
After the authentication server completes the validity authentication of the user, the authentication server sends an authentication passing message, and after the network equipment receives the authentication passing message, the network equipment can respectively search the matching value matched with the authentication passing message in each sub-table.
S12: for the first sub-table with the searched matching value, acquiring first authentication user characteristic sub-information from the authentication passing message according to the deviation value and the length of the table entry where the searched matching value is located in the first sub-table; and for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain the second authentication user characteristic sub-information.
When the network device searches for the matching value matching the authentication passing message in each sub-table, there may be two results, one is the found matching value and the other is the not found matching value, and the processing modes corresponding to the two results are different, which are described below:
the found matched sub-table can be defined as a first sub-table, the number of the first sub-table may be one or more, and first authentication user characteristic sub-information can be obtained from the authentication passing message according to the deviation value and the length included in the table entry where the matching value found in the first sub-table is located;
the sub-table that is not found and matched may be defined as a second sub-table, the number of the second sub-table may be one or more, and a field value of a set field corresponding to the second sub-table in the authentication passing message may be obtained to obtain second authentication user characteristic sub-information, that is, the second authentication user characteristic sub-information is obtained according to the existing manner.
S13: and combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain the authentication user characteristic information.
The authentication user characteristic information is composed of the first authentication user characteristic sub-information and the second authentication user characteristic sub-information, and the accuracy of the first authentication user characteristic sub-information is very high, so that the more information the first authentication user characteristic sub-information comprises, the higher the accuracy of the finally obtained authentication user characteristic information is.
In the method, for the first sub-table in which the matching value is found, the first authentication user characteristic sub-information is obtained from the authentication passing message according to the deviation value and the length included in the table entry in which the matching value found in the first sub-table is located, and the first authentication user characteristic sub-information is a component of the authentication user information, so that useless interference information can be reduced compared with the prior art in which the field value of the set field of the authentication passing message is directly obtained, and the accuracy of the authentication user characteristic information is greatly improved.
Specifically, in S11, the step of searching for the matching value matching the authentication passing packet in each sub-table of the authentication user characteristic information determination table includes:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of the current sub-table;
if the authentication passing message is confirmed to comprise the current matching value, the matching value is confirmed to be searched in the current sub-table;
and if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
When the matching values matched with the authentication passing message are respectively searched in each sub-table of the authentication user characteristic information judgment table, because each sub-table of the authentication user characteristic information judgment table is numerous and the matching values included in each sub-table are also numerous, the matching values of each sub-table can be polled in sequence in a polling mode, for the current matching value polled to the current sub-table, whether the authentication passing message includes the current matching value of the current sub-table is firstly determined, if the authentication passing message includes the current matching value, the matching value searched in the current sub-table is determined, the polling of the current sub-table can be finished, and the next sub-table of the current sub-table is continuously polled; if the message passing the authentication does not comprise the current matching value, whether the current matching value has the next matching value or not needs to be further determined, if the current matching value has the next matching value, the next matching value is polled, if the current matching value does not have the next matching value, the matching value is determined not to be found in the current sub-table, and the next sub-table is continuously polled.
Specifically, the obtaining of the first authenticated user characteristic sub-information from the authentication passing packet according to the offset value and the length included in the entry where the matching value found in the first sub-table in S12 specifically includes:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information of the distance deviation value and the length between the matching value and the matching value is obtained, and the first authentication user characteristic sub-information is obtained.
Therefore, when the first authenticated user characteristic sub-information is obtained from the authentication passing message according to the offset value and the length included in the entry where the matching value found in the first sub-table is located, the information that the offset value and the length are distant from the matching value after the offset value and the length included in the entry where the matching value found in the first sub-table is located are obtained from the first sub-table, and the information is the required information and can be used as the first authenticated user characteristic sub-information.
Optionally, the method further includes:
receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
searching a matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judgment table;
and if the matching value to be added is not found in the third sub-table, adding the table entry comprising the matching value to be added, the deviation bit to be added and the length to be added into the third sub-table.
In order to enhance the flexibility of management of each sub-table of the authenticated user characteristic information judgment table, an adding function of the table entries of the sub-tables may be provided, and each matching value has a corresponding sub-table, so that after receiving an adding command carrying a matching value to be added, a bias bit to be added, and a length to be added, the network device may search the matching value to be added in the sub-table (which may be defined as a third sub-table) corresponding to the matching value to be added in the authenticated user characteristic information judgment table, add the table entry including the matching value to be added, the bias bit to be added, and the length to be added in the third sub-table if the matching value to be added is not found in the third sub-table, and determine that the table entry already exists if the matching value to be added is found in the third sub-table, and no repeated addition is needed, for example, the matching value to be added is a, the bias bit to be added is B, and the length to be added is C, and the sub-table corresponding to the A is a user name judgment sub-table, the A can be searched in the user name judgment sub-table, if the A is not searched in the user name judgment sub-table, the table items comprising A, B and C are added in the user name judgment sub-table, and if the A is searched in the user name judgment sub-table, the table items are determined to exist, and the addition is not required to be repeated.
Optionally, the method further includes:
receiving a deleting command carrying a matching value to be deleted, a deviation bit to be deleted and a length to be deleted;
searching a matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
and if the matching value to be deleted is found in the fourth sub-table, deleting the table entry comprising the matching value to be deleted, the deviation bit to be deleted and the length to be deleted in the fourth sub-table.
In order to enhance the flexibility of management of each sub-table of the authenticated user characteristic information judgment table, a deletion function of an entry of the sub-table may be provided, and each matching value has a corresponding sub-table, so that after receiving a deletion command carrying a matching value to be deleted, a deviation bit to be deleted, and a length to be deleted, the network device may search for the matching value to be deleted in the sub-table (which may be defined as a fourth sub-table) corresponding to the matching value to be deleted in the authenticated user characteristic information judgment table, delete an entry including the matching value to be deleted, the deviation bit to be deleted, and the length to be deleted in the fourth sub-table if the matching value to be deleted is found in the fourth sub-table, and indicate that the fourth sub-table does not include the matching value to be deleted and does not need to perform a deletion action if the matching value to be deleted is not found in the fourth sub-table. For example, the matching value to be deleted is a, the deviation bit to be deleted is b, the length to be deleted is C, the sub-table corresponding to a is the user group judgment sub-table, a can be searched in the user group judgment sub-table, if a is found in the user group judgment sub-table, the table entry including a, b and C is deleted in the user group judgment sub-table, if a is not found in the user group judgment sub-table, it is indicated that a is not included in the user group judgment sub-table, and the deletion action is not required.
Optionally, the method further includes:
and adding the authentication user characteristic information into the authentication user characteristic information table.
For convenience of management, an authenticated user characteristic information table may be preset, and then the obtained authenticated user characteristic information is added to the authenticated user characteristic information table so as to be subsequently uploaded to an SDN controller or be subjected to other processing.
Based on the same inventive concept, an embodiment of the present invention provides an apparatus for extracting feature information of an authenticated user, which is applied to a network device connected to an authentication server, and the apparatus has a structure as shown in fig. 2, and includes:
the first searching module 21 is configured to search, after receiving the authentication passing message sent by the authentication server, matching values matched with the authentication passing message in each sub-table of the authentication user characteristic information judgment table respectively;
an obtaining module 22, configured to, for the first sub-table in which the matching value is found, obtain first authenticated user feature sub-information from the authentication passing message according to the offset value and the length included in the entry in which the matching value found in the first sub-table is located; for the second sub-table of which the matching value is not found, acquiring a field value of a set field corresponding to the second sub-table in the message passing the authentication to obtain second authentication user characteristic sub-information;
and the combination module 23 is configured to combine the first authenticated user characteristic sub-information and the second authenticated user characteristic sub-information to obtain authenticated user characteristic information.
In the method, for the first sub-table in which the matching value is found, the first authentication user characteristic sub-information is obtained from the authentication passing message according to the deviation value and the length included in the table entry in which the matching value found in the first sub-table is located, and the first authentication user characteristic sub-information is a component of the authentication user information, so that useless interference information can be reduced compared with the prior art in which the field value of the set field of the authentication passing message is directly obtained, and the accuracy of the authentication user characteristic information is greatly improved.
Specifically, the first searching module 21 is configured to search, in each sub-table of the authenticated user characteristic information determination table, a matching value matched with the authentication passing packet, and specifically configured to:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of the current sub-table;
if the authentication passing message is confirmed to comprise the current matching value, the matching value is confirmed to be searched in the current sub-table;
and if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
Specifically, the obtaining module 22 is configured to obtain the first authenticated user characteristic sub-information from the authentication passing packet according to the offset value and the length included in the entry where the matching value found in the first sub-table is located, and specifically configured to:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information of the distance deviation value and the length between the matching value and the matching value is obtained, and the first authentication user characteristic sub-information is obtained.
Optionally, the method further includes:
the first receiving module is used for receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
the second searching module is used for searching the matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judging table;
and the first adding module is used for adding a table entry comprising the matching value to be added, the deviation bit to be added and the length to be added into the third sub-table if the matching value to be added is not found in the third sub-table.
Optionally, the method further includes:
the second receiving module is used for receiving a deleting command carrying the matching value to be deleted, the deviation bit to be deleted and the length to be deleted;
the third searching module is used for searching the matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
and the deleting module is used for deleting the table entry comprising the matching value to be deleted, the deviation bit to be deleted and the length to be deleted in the fourth sub-table if the matching value to be deleted is found in the fourth sub-table.
Optionally, the method further includes:
and the second adding module is used for adding the characteristic information of the authenticated user into the characteristic information table of the authenticated user.
An electronic device is further provided in the embodiment of the present application, please refer to fig. 3, which includes a processor 310, a communication interface 320, a memory 330, and a communication bus 340, wherein the processor 310, the communication interface 320, and the memory 330 complete communication with each other through the communication bus 340.
A memory 330 for storing a computer program;
the processor 310 is configured to implement the method for extracting the feature information of the authenticated user according to any one of the embodiments described above when executing the program stored in the memory 330.
The communication interface 320 is used for communication between the above-described electronic device and other devices.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In the method, for the first sub-table in which the matching value is found, the first authentication user characteristic sub-information is obtained from the authentication passing message according to the deviation value and the length included in the table entry in which the matching value found in the first sub-table is located, and the first authentication user characteristic sub-information is a component of the authentication user information, so that useless interference information can be reduced compared with the prior art in which the field value of the set field of the authentication passing message is directly obtained, and the accuracy of the authentication user characteristic information is greatly improved.
Accordingly, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the computer is caused to execute the method for extracting feature information of an authenticated user described in any one of the above embodiments.
In the method, for the first sub-table in which the matching value is found, the first authentication user characteristic sub-information is obtained from the authentication passing message according to the deviation value and the length included in the table entry in which the matching value found in the first sub-table is located, and the first authentication user characteristic sub-information is a component of the authentication user information, so that useless interference information can be reduced compared with the prior art in which the field value of the set field of the authentication passing message is directly obtained, and the accuracy of the authentication user characteristic information is greatly improved.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While alternative embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following appended claims be interpreted as including alternative embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.

Claims (14)

1. An extraction method of feature information of an authenticated user, applied to a network device connected to an authentication server, is characterized in that the method comprises:
after receiving an authentication passing message sent by the authentication server, respectively searching a matching value matched with the authentication passing message in each sub-table of an authentication user characteristic information judgment table;
for the first sub-table with the searched matching value, acquiring first authentication user characteristic sub-information from the authentication passing message according to the deviation value and the length of the table entry where the searched matching value is located in the first sub-table;
for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information;
and combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information.
2. The method according to claim 1, wherein the step of searching each sub-table of the authenticated user characteristic information judgment table for a matching value matched with the authentication passing packet comprises:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of a current sub-table;
if the authentication passing message is determined to comprise the current matching value, determining to search the matching value in the current sublist;
if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
3. The method according to claim 1, wherein obtaining the first authenticated user feature sub-information from the authentication pass packet according to the offset value and the length included in the entry where the matching value found in the first sub-table is located includes:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information which is separated from the matching value by the deviation value and the length is obtained, and first authentication user characteristic sub-information is obtained.
4. The method of claim 1, further comprising:
receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
searching the matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judgment table;
and if the matching value to be added is not found in the third sub-table, adding a table entry comprising the matching value to be added, the offset bit to be added and the length to be added into the third sub-table.
5. The method of claim 1, further comprising:
receiving a deleting command carrying a matching value to be deleted, a deviation bit to be deleted and a length to be deleted;
searching the matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
and if the matching value to be deleted is found in the fourth sub-table, deleting the table entry comprising the matching value to be deleted, the deviation bit to be deleted and the length to be deleted in the fourth sub-table.
6. The method of any of claims 1-5, further comprising:
and adding the authentication user characteristic information into an authentication user characteristic information table.
7. An extraction apparatus for feature information of an authenticated user, applied to a network device connected to an authentication server, comprising:
the first searching module is used for respectively searching matching values matched with the authentication passing messages in each sub-table of an authentication user characteristic information judgment table after receiving the authentication passing messages sent by the authentication server;
an obtaining module, configured to, for a first sub-table where a matching value is found, obtain first authenticated user feature sub-information from the authentication pass packet according to a deviation value and a length included in an entry where the matching value found in the first sub-table is located; for the second sub-table of which the matching value is not found, acquiring the field value of a set field corresponding to the second sub-table in the authentication passing message to obtain second authentication user characteristic sub-information;
and the combination module is used for combining the first authentication user characteristic sub-information and the second authentication user characteristic sub-information to obtain authentication user characteristic information.
8. The apparatus according to claim 7, wherein the first lookup module is configured to respectively lookup matching values matched with the authentication pass packet in each sub-table of an authenticated user feature information determination table, and is specifically configured to:
polling the matching values of the sub-tables of the authenticated user characteristic information judgment table, and executing the following steps for each matching value in the polled sub-tables:
determining whether the authentication passing message comprises a current matching value of a current sub-table;
if the authentication passing message is determined to comprise the current matching value, determining to search the matching value in the current sublist;
if the authentication passing message is determined not to comprise the current matching value, determining whether the current matching value has a next matching value, and if the current matching value does not have the next matching value, determining that the matching value is not found in the current sub-table.
9. The apparatus according to claim 7, wherein the obtaining module is configured to obtain, from the authentication pass packet, first authentication user feature sub information according to the offset value and the length included in the entry where the matching value found in the first sub-table is located, and specifically is configured to:
obtaining the deviation value and the length of the table item where the searched matching value is located from the first sub-table;
and after the matching value in the authentication passing message is obtained, the information which is separated from the matching value by the deviation value and the length is obtained, and first authentication user characteristic sub-information is obtained.
10. The apparatus of claim 7, further comprising:
the first receiving module is used for receiving an adding command carrying a matching value to be added, a deviation bit to be added and a length to be added;
the second searching module is used for searching the matching value to be added in a third sub-table corresponding to the matching value to be added in the authentication user characteristic information judgment table;
a first adding module, configured to add, if the matching value to be added is not found in the third sub-table, a table entry including the matching value to be added, the offset bit to be added, and the length to be added to the third sub-table.
11. The apparatus of claim 7, further comprising:
the second receiving module is used for receiving a deleting command carrying the matching value to be deleted, the deviation bit to be deleted and the length to be deleted;
the third searching module is used for searching the matching value to be deleted in a fourth sub-table corresponding to the matching value to be deleted in the authentication user characteristic information judgment table;
a deleting module, configured to delete the table entry including the matching value to be deleted, the offset bit to be deleted, and the length to be deleted in the fourth sub-table if the matching value to be deleted is found in the fourth sub-table.
12. The apparatus of any of claims 7-11, further comprising:
and the second adding module is used for adding the characteristic information of the authenticated user into an authenticated user characteristic information table.
13. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-6 when executing a program stored on a memory.
14. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
CN202111100962.0A 2021-09-18 2021-09-18 Method and device for extracting characteristic information of authenticated user Active CN113901431B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111100962.0A CN113901431B (en) 2021-09-18 2021-09-18 Method and device for extracting characteristic information of authenticated user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111100962.0A CN113901431B (en) 2021-09-18 2021-09-18 Method and device for extracting characteristic information of authenticated user

Publications (2)

Publication Number Publication Date
CN113901431A true CN113901431A (en) 2022-01-07
CN113901431B CN113901431B (en) 2023-03-21

Family

ID=79028770

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111100962.0A Active CN113901431B (en) 2021-09-18 2021-09-18 Method and device for extracting characteristic information of authenticated user

Country Status (1)

Country Link
CN (1) CN113901431B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753316A (en) * 2008-12-02 2010-06-23 北京启明星辰信息技术股份有限公司 Method and system for intelligently extracting features
CN102075404A (en) * 2009-11-19 2011-05-25 华为技术有限公司 Message detection method and device
CN104765994A (en) * 2015-04-17 2015-07-08 努比亚技术有限公司 User identity recognition method and device
CN110012032A (en) * 2019-04-28 2019-07-12 新华三技术有限公司 A kind of user authen method and device
US20190236460A1 (en) * 2018-01-29 2019-08-01 Salesforce.Com, Inc. Machine learnt match rules

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753316A (en) * 2008-12-02 2010-06-23 北京启明星辰信息技术股份有限公司 Method and system for intelligently extracting features
CN102075404A (en) * 2009-11-19 2011-05-25 华为技术有限公司 Message detection method and device
CN104765994A (en) * 2015-04-17 2015-07-08 努比亚技术有限公司 User identity recognition method and device
US20190236460A1 (en) * 2018-01-29 2019-08-01 Salesforce.Com, Inc. Machine learnt match rules
CN110012032A (en) * 2019-04-28 2019-07-12 新华三技术有限公司 A kind of user authen method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
沈亮等: "面向移动应用识别的结构化特征提取方法", 《计算机应用》 *

Also Published As

Publication number Publication date
CN113901431B (en) 2023-03-21

Similar Documents

Publication Publication Date Title
US9774642B2 (en) Method and device for pushing multimedia resource and display terminal
CN107026832A (en) Account logon method, equipment and server
CN107644002A (en) Article searching method, device and system
CN103136342A (en) Searching method, system and searching server of application programs (APP)
CN109478311A (en) A kind of image-recognizing method and terminal
CN110012049B (en) Information push method, system, server and computer readable storage medium
WO2020073528A1 (en) Session-based information push method and apparatus, computer device, and storage medium
CN108154024B (en) Data retrieval method and device and electronic equipment
CN104079623A (en) Method and system for controlling multilevel cloud storage synchrony
CN104484413A (en) Method and device for obtaining searching results
CN108833961B (en) Method, server and system for acquiring flight record data
WO2016206389A1 (en) Url matching method and apparatus
CN113901431B (en) Method and device for extracting characteristic information of authenticated user
CN111008873B (en) User determination method, device, electronic equipment and storage medium
CN110427538B (en) Data query method, data storage method, data query device, data storage device and electronic equipment
CN104881295A (en) Window display processing method and device
CN104915394B (en) The method and apparatus for updating yellow page information
CN111538672A (en) Test case layered test method, computer device and computer-readable storage medium
CN111294613A (en) Video processing method, client and server
CN110020040B (en) Method, device and system for querying data
KR102023999B1 (en) Method and apparatus for generating web pages
CN113946592B (en) Configuration management database updating method, device, equipment, medium and program product
CN111241341A (en) Video identification information processing method and video searching method, device and server
CN112579472A (en) Automatic generation method and device of test case
WO2016086789A1 (en) Method, apparatus and system for determining existence of data file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant