CN1421798A - Hardware-type network charge unit and its realizing method - Google Patents
Hardware-type network charge unit and its realizing method Download PDFInfo
- Publication number
- CN1421798A CN1421798A CN 01139759 CN01139759A CN1421798A CN 1421798 A CN1421798 A CN 1421798A CN 01139759 CN01139759 CN 01139759 CN 01139759 A CN01139759 A CN 01139759A CN 1421798 A CN1421798 A CN 1421798A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- accounting
- hardware
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The present invention relates to the automatic charge technology in wideband network. The present invention features the integrated software and hardware, and includes mainly charge gateway, charge server, system configuration interface, system management interface, subscriber log-in server and management server, which can packed completely as hardware and have enciphered data transmission among them. The system manager performs control, configuration and operation of the charge system through siple commands via RS232 serial interface and terminal, and manages the system accounts and resource via management interface. The present invention is reliable, universal, safe, flexible, convenient, expandable, and suitable for network charge.
Description
The present invention relates to universal broadband network automatic charging technology.
Background technology
At present, domestic network charge system product is various, and all charge systems are the software-type charge system entirely, and most charge systems only provide single billing function and at the charging of 10M network.Software-type operating system exists a lot of shortcomings: 1) operating system of software-type charge system all adopts the general-purpose operating system, its security depends mainly on the security of operating system, and operating system is all done very complicatedly, have a lot of potential safety hazards, so the security of software-type charge system is very poor.2) the software-type charge system operates on the general-purpose operating system, must move relevant or irrelevant various application programs, therefore may use the influence that brings others to charge system.3) account software closely is connected with operating system, and as network interface, because of its management does not rely on charge system itself, so other application or application management may make the unavailable or collapse of network interface, this requires the system manager must be proficient in related application or business.4) operation platform of software-type charge system is various commercial level PC or server, for satisfying running without interruption of charge system, requires the user to buy high-reliability server.5) aspect upgrading, difficulty and complexity that software-type charge system relevant issues are handled are also very high.6) ability that deals with an urgent situation of software-type charge system is not high, may cause the unavailable of operating system, and the reinstalling with need for a long time of system.
Summary of the invention
With not enough, the invention provides a kind of hardware-type network charge unit and its implementation at problems of the prior art, its high safety, versatility is good, reliability is high, with low cost, control flexibly, convenient operating maintenance, be easy to expansion.
Technical solution of the present invention is as follows:
A kind of hardware-type network charge unit, comprise system power supply, express network port, system-based platform, control interface, wherein the system-based platform comprises cabinet, mainboard, CPU, internal memory, network interface card, storer, it is characterized in that, also comprise the charging gateway, accounting server, management server, User login server, system configuration interface, the management interface that are solidificated on the system-based platform.
The implementation method step that hardware-type network charges is: 1) network user login is to the user login services device; 2) the user login services device passes to charging gateway with user login information; 3) charging gateway takes out user profile from the customer data base of accounting server, and the user is verified; 4) charging gateway will verify that the result is transmitted to accounting server, if validated user then enters step 5), the disabled user enters step 7); 5) user registration success, the user can go out the charging gateway visit, and charging gateway writes down this user's flow information simultaneously, and behind the user log off, charging gateway is write the flow daily record; 6) the Timing Processing time arrives, and accounting module is got the daily record of gateway end flow, and charging way is as requested chargeed, and charging result is write in the accounting server database; 7) disabled user returns step 1).
Utilize the system configuration interface, finish control, configuration and operation charging gateway and accounting server by the VT100 terminal.Management work station finishes user management, report form statistics and Host Administration by management interface connection management server.
Charging gateway job step wherein is: 1) user connects by User login thread USER_LOGIN THREADS and interior network interface card NICO; 2) initialization intranet and extranet card; 3) set up two IP that are bundled in respectively on the inside and outside network interface card and transmit thread IP_FORWARD THREADS; 4) set up to detect the whether online timing thread ARP_REPLY THREADS of user; 5) set up the gateway management thread that receives the accounting server order;
Accounting server wherein comprises customer data base, broadband networks accounting server, dialing accounting server, mail accounting server, proxy accounting server.
The present invention adopts the integrated design of hardware integrationization, software solidifications such as charging gateway, accounting servers on the system-based platform, combine together with system kernel, make the present invention need not to rely on other operating system, therefore also need not to rely on other workstation and server, have the advantage that reliability height, security performance are strong, with low cost, be easy to expand.Accounting server comprises broadband networks charge on traffic server, dialing accounting server, mail accounting server, proxy accounting server, can provide multiple charging ways such as time, flow, mails, and the user can select according to actual needs, and versatility is good.Information in user profile, host information, the transport process is all passed through encryption, has strengthened the security of system.The system manager finishes control, configuration and operation to charging gateway and accounting server by configuration interface, and control method is simple, flexibly.Management work station can finish Host Administration, user management, report form statistics, convenient operating maintenance by management interface.Be provided with heat abstractor, anti-tampering shield assembly and Machine case lock in the cabinet, solved the heat dissipation problem of each parts, provide safest protection for the sensitive data in the machine simultaneously.
Description of drawings
Fig. 1 is a charge system information transitive graph of the present invention;
Fig. 2 is a structural representation of the present invention;
Fig. 3 is the process flow diagram of charging gateway of the present invention;
Fig. 4 is that the IP in the charging gateway of the present invention transmits the thread process flow diagram;
Fig. 5 is the timing thread process flow diagram in the charging gateway of the present invention;
Fig. 6 is the gateway management process process flow diagram in the charging gateway of the present invention;
Fig. 7 is the process flow diagram of broadband networks charge on traffic server;
Fig. 8 is that dialing accounting server of the present invention is realized schematic diagram;
Fig. 9 is a subscriber authorisation authentication module process flow diagram in the dialing accounting server of the present invention;
Figure 10 is an accounting module process flow diagram in the dialing accounting server of the present invention;
Figure 11 is that mail server of the present invention is realized schematic diagram;
Figure 12 proxy accounting server of the present invention is realized schematic diagram.
Embodiment
Referring to Fig. 2, a kind of hardware-type network charge unit, comprise system power supply 10, express network port one 1, system-based platform 12, control interface 13, wherein system-based platform 12 comprises cabinet, mainboard, CPU, internal memory, network interface card, storer, it is characterized in that, also comprise the charging gateway 1, accounting server 2, management server 9, User login server 3, system configuration interface 4, the management interface 8 that are solidificated on the system-based platform 12.Utilizing air-cooled design aspect the layout of structural design and high power device,, solving the heat dissipation problem of each parts in the cabinet as adopting double fan 15.In order to shield internal crosstalk, the radiating element that metal cap is separated printed-wiring board (PWB) is installed.Radio frequency system adopts the plate screen method, adopts metal sheet to encapsulate fully total system, comprehensive shield electromagnetic interference.
Referring to Fig. 1, the implementation method that hardware-type network charges realizes chargeing by following step: 1) network user 5 signs in to user login services device 3; 2) user login services device 3 passes to charging gateway 1 with user login information; 3) charging gateway 1 takes out user related information from the customer data base of accounting server 2, and the user is verified; 4) charging gateway 1 will verify that knot brightly is transmitted to accounting server 2, if validated user then enters step 5), the disabled user enters step 7); 5) user registration success, the user can go out charging gateway 1 visit, and charging gateway 1 writes down this user's flow information simultaneously, and behind the user log off, charging gateway 1 is write the flow daily record; 6) the Timing Processing time arrives, and accounting server 2 is got charging gateway 1 end flow daily record, and charging way is as requested chargeed, and charging result is write in accounting server 2 databases; 7) disabled user returns step 1).The system manager utilizes system configuration interface 4, as RS-232, finishes control, configuration and operation to charging gateway 1 and accounting server 2 by VT100 terminal 6; Management work station 7 finishes user management, report form statistics and Host Administration by management interface 8 connection management servers 9.
Referring to Fig. 3, the job step of charging gateway 1 is: 1) user connects by User login thread USER_LOGIN THREADS and interior network interface card NICO; 2) initialization intranet and extranet card; 3) set up two IP that are bundled in respectively on the inside and outside network interface card and transmit thread IP_FORWARD THREADS; 4) set up to detect the whether online timing thread ARP_REPLY THREADS of user; 5) set up the gateway management thread that receives the accounting server order.Wherein the rule inspection of IP forwarding thread IP_FORWARD THREADS comprises charging and safe two parts content, check IP-MAC address pair and the IP-MAC that sets in advance in the IP header packet information during forwarding to whether mating, thereby can block the communication in the unmatched main frame of IP-MAC and the external world.On this basis, the IP address is also related with the user.The user could use the service that need pay the fees after by authentication.This implementation method can prevent the IP address embezzlement well, and the flow information that the user is used records on the user account exactly.
Referring to Fig. 4, the step of transmitting thread IP_FORWARD THREADS is: 1) read the packets of information on this network interface card; 2) whether register the address of judging this IP, and step 3) is then arrived in registration, otherwise return step mule 1); 3) according to purpose IP address decision charging way; 4) the record flow writes flow information in the log file; 5) this IP bag is sent to another network interface card.
Referring to Fig. 5, regularly the step of thread ARP_EPLY THREADS is: 1) sleep a period of time; 2) scanning online user IP tabulation; Whether have flow, have flow then to jump to step 1) if 3) detecting this user, otherwise to step 4); 4) nullify this user.
Referring to Fig. 6, the step of gateway management thread is: 1) set up SOCKET; 2) intercept the order of accounting server management channels; 3) analyze command functions, comprise and list the online user, check the IP operating position, force certain user offline.
Referring to Fig. 7, the job step of broadband networks charge on traffic server is: 1) receive user's registration or de-registration request; 2) according to user name and cipher authentication user identity; 3) if register requirement arrives step 4), otherwise logging off users, and by charging gateway record flow information; 4) the IP address of registered user's use; 5) read customer data base, obtain user profile; 6) regularly send user message table to charging gateway; 7) fetch customer flow information log file from charging gateway; 8) the flow information log file is write customer data base.
Referring to Fig. 8, what dial in the accounting server employing is the most frequently used radius server, and the radius server of standard corresponding expansion and modification have been done, increased new subscriber authorisation authentication module, and increased new accounting module, when the user dials in and disconnect, write down the current time and carry out communication, the flow that this user of synchronous recording causes with the charge on traffic server.
Referring to Fig. 9, the subscriber authorisation authentication module job step of dialling in accounting server is: 1) by radius user's authentication and authorization interface, obtain user's the user name and password; 2) the subscriber's meter dial_user_tab that generates according to the database processing module, relatively username and password; 3) user name is legal, to step 4), otherwise returns step 1); 4) judged whether the dialing authority, if then success, otherwise return step mule 1).
Referring to Figure 10, the accounting module job step of dialling in accounting server is: 1) access server NAS accepts user's access and sends the information of chargeing and beginning; 2) write down time and the IP address that this user inserts; 3) the calling communication function is registered this user and IP address on broadband networks charge on traffic server, and the user is allowed to networking; 4) user disconnects dial-up connection, and access server NAS sends the charging ending message; 5) the end of record (EOR) time, calculate line duration, and the calling communication function obtains user's IP flow from broadband networks charge on traffic server, logging off users is to the use of this IP.
Referring to Figure 11, the mail accounting server is to the modification of general mail server and expansion, it uses mail server program Sendmail 19 and post office program popper 18, but uses new user management module leading subscriber, uses new mailbox structure to realize charging for mail to improve system performance and to have increased accounting module.In realization, mainly revise e-mail messages and obtain program mail.local 16. and insert obtaining the source address of letter, the length of identification mail and foreign mail whether, and these information are write the accounting module of 17 li of middle table mailmsgtab; Revise post office program popper 18, when being inserted in the user and using post office program popper 18 to get mail, take out among the information intermediate list mailmsgtab 17 with this mail, together write charging journal file mailfee.log 15 together with user's the IP and the time of winning the confidence, and the accounting module that respective entries among the middle table mailmsgtab 17 is emptied.Like this, both obtain the source address of mail, obtained user's local IP again.For the letter of the website that is out of favour, can e-mail messages obtain among the program mail.local 16 its source address identified after, return the sender or abandon.For defaulting subscriber or unwelcome user, can be when the user obtains mail by post office program popper 18 request of refusing user's.Modification and overall treatment by to mail server program Sendmail 19 and post office program Popper 18 have realized charging, management and control for the user capture mail.
Referring to Figure 12, acting server has the effect of fire wall, if the browser of a user side is made as a server that has Proxy to be provided with to Proxy, the request that this browser sent just all can be delivered to this acting server earlier so, and then by this station server request is seen off.When acting on behalf of server and receive from browse request, can in the hard disk of oneself, ask for earlier, see that hard disk has these data? if any, just directly give browser end these data; If it's not true, just really send a request to the outside, real data to be grabbed, acting server is controlled oneself and is stored portion earlier, sends browser again to.Acting server provides detailed log record. and at length write down the each solicited message of all-network user, comprised user account number, visit date, time, object computer domain name, object computer IP address, send byte number, receive byte etc.By analysis to the log record file, can obtain very detailed data on flows based on user account number, corresponding standard billing rate, the traffic fee that can obtain each user is used.The accounting module of proxy accounting server comprises fees policy maintenance module, data acquisition module, billing database, accounting processing module, data query module; The fees policy maintenance module is control data acquisition module and accounting processing module respectively, and the core of accounting management is a billing database, and it is the data source and the data purpose of other module.Data acquisition module is exactly the journal file of analysis agent server, and therefrom extracted valid data is stored in the database; The accounting processing module is carried out accounting processing then according to fees policy to the data in the database; The data query module is then utilized the Web page of WWW, network traffics and cost information is provided for the network inquiry person.
For the security of strengthening system, partial information transmits to adopt to encrypt and transmits and deposit between the accounting server 2 of charge system and the charging gateway 1; User cipher in the database, host information etc. adopt the ciphertext storage, and promptly the information in user profile, host information and the transport process is all passed through the specific program encryption.
Claims (11)
1. hardware-type network charge unit, comprise cabinet, system power supply (10), express network port (11), system-based platform (12), control interface (13), wherein system-based platform (12) comprises mainboard, CPU, internal memory, network interface card, storer, it is characterized in that, also be solidified with charging gateway (1), accounting server (2), management server (9), User login server (3), system configuration interface (4), management interface (8) on the described system-based platform (12).
2. hardware-type network charge unit according to claim 1 is characterized in that: also be provided with heat abstractor, anti-tampering shield assembly in the described cabinet.
3. the implementation method that hardware-type network charges is characterized in that, realize chargeing by following step: 1) network user (5) signs in to user login services device (3); 2) user login services device (3) passes to charging gateway (1) with user login information; 3) charging gateway (1) takes out user profile from the customer data base of accounting server (2), and the user is verified; 4) charging gateway (1) will verify that the result is transmitted to accounting server (2), if validated user then enters step 5), the disabled user enters step 7); 5) user registration success, the user can go out charging gateway (1) visit, and charging gateway (1) writes down this user's flow information simultaneously, and behind the user log off, charging gateway (1) is write the flow daily record; 6) the Timing Processing time arrives, and accounting server (2) is got the daily record of charging gateway (1) end flow, and charging way is as requested chargeed, and charging result is write in accounting server (2) database; 7) disabled user returns step 1);
Utilize system configuration interface (4), VT100 terminal (6) is finished control, configuration and the operation to charging gateway (1) and accounting server (2);
Management work station (7) finishes user management, report form statistics and Host Administration by management interface (8) connection management server (9).
4. the implementation method that hardware-type network according to claim 3 charges, it is characterized in that the job step of described charging gateway (1) is: 1) user connects by User login thread USER_LOGINTHREADS and interior network interface card NICO; 2) initialization intranet and extranet card; 3) set up two IP that are bundled in respectively on the inside and outside network interface card and transmit thread IP_FORWARD THREADS; 4) set up to detect the whether online timing thread ARP_REPLY THREADS of user; 5) set up the gateway management thread that receives the accounting server order;
5. the implementation method that hardware-type network according to claim 4 charges is characterized in that the step of described forwarding thread IP_FORWARD THREADS is: 1) read the packets of information on this network interface card; 2) whether register the address of judging this IP, and step 3) is then arrived in registration, otherwise returns step 1); 3) according to purpose IP address decision charging way; 4) the record flow writes flow information in the log file; 5) this IP bag is sent to another network interface card;
The step of described timing thread ARP_REPLY THREADS is: 1) sleep a period of time; 2) scanning online user IP tabulation; Whether have flow, have flow then to jump to step 1) if 3) detecting this user, otherwise to step 4); 4) nullify this user;
The step of described gateway management thread is: 1) set up SOCKET; 2) intercept the order of accounting server management channels; 3) analyze command functions, comprise and list the online user, check the IP operating position, force certain user offline.
6. the implementation method that hardware-type network according to claim 3 charges is characterized in that, described accounting server (2) comprises customer data base, broadband networks accounting server, dialing accounting server, mail accounting server, proxy accounting server.
7. the implementation method that hardware-type network according to claim 6 charges is characterized in that the job step of described broadband networks charge on traffic server is: 1) receive user's registration or de-registration request; 2) according to user name and cipher authentication user identity; 3) if register requirement arrives step 4), otherwise logging off users, and by charging gateway record flow information; 4) the IP address of registered user's use; 5) read customer data base, obtain user profile; 6) regularly send user message table to charging gateway; 7) fetch customer flow information log file from charging gateway; 8) the flow information log file is write customer data base;
8. the implementation method that hardware-type network according to claim 6 charges is characterized in that described dialing accounting server is the radius server that has increased subscriber authorisation authentication module and accounting module; Described subscriber authorisation authentication module job step is: 1) by radius user's authentication and authorization interface, obtain user's the user name and password; 2) the subscriber's meter dial_user_tab that generates according to the database processing module, relatively username and password; 3) user name is legal, to step 4), otherwise returns step 1); 4) judged whether the dialing authority,, otherwise returned step 1) if return success; Described accounting module job step is: 1) access server NAS accepts user's access and sends the information of chargeing and beginning; 2) write down time and the IP address that this user inserts; 3) the calling communication function is registered this user and IP address on broadband networks charge on traffic server, and the user is allowed to networking; 4) user disconnects dial-up connection, and access server NAS sends the charging ending message; 5) the end of record (EOR) time, calculate line duration, and the calling communication function obtains user's IP flow from broadband networks charge on traffic server, logging off users is to the use of this IP;
9. the implementation method that hardware-type network according to claim 6 charges, it is characterized in that, described mail accounting server is the modification to general mail server, revise e-mail messages and obtain program mail.local (16), the source address of letter is obtained in insertion, length and foreign mail and these information are write accounting module among the middle table mailmsgtab (17) whether; Revise post office program popper (18) simultaneously, insertion writes user's the IP that wins the confidence, the information among win the confidence time and the middle table mailmsgtab (17) journal file mailfee.log (15), and empties the accounting module of middle table mailmsgtab (17);
10. the implementation method that hardware-type network according to claim 6 charges is characterized in that described proxy accounting server comprises fees policy maintenance module, data acquisition module, billing database, accounting processing module, data query module; The fees policy maintenance module is control data acquisition module and accounting processing module respectively, data acquisition module extracted valid data from the acting server journal file deposits billing database in, the accounting processing module is carried out accounting processing to data in the billing database, and data query provides network traffics and cost information by billing database.
11. the implementation method that hardware-type network according to claim 3 charges is characterized in that, the information via in described user profile and the transport process is encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139759 CN1421798A (en) | 2001-11-30 | 2001-11-30 | Hardware-type network charge unit and its realizing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139759 CN1421798A (en) | 2001-11-30 | 2001-11-30 | Hardware-type network charge unit and its realizing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1421798A true CN1421798A (en) | 2003-06-04 |
Family
ID=4675390
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01139759 Pending CN1421798A (en) | 2001-11-30 | 2001-11-30 | Hardware-type network charge unit and its realizing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1421798A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112350A (en) * | 2014-06-30 | 2014-10-22 | 国家电网公司 | Additional apparatus for ammeter |
| CN105323734A (en) * | 2014-07-11 | 2016-02-10 | 国网河南省电力公司漯河供电公司 | Ammeter accessorial device |
-
2001
- 2001-11-30 CN CN 01139759 patent/CN1421798A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112350A (en) * | 2014-06-30 | 2014-10-22 | 国家电网公司 | Additional apparatus for ammeter |
| CN105323734A (en) * | 2014-07-11 | 2016-02-10 | 国网河南省电力公司漯河供电公司 | Ammeter accessorial device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100550739C (en) | A kind of method, system and routing device of initiating authentication request for user terminal | |
| US7774842B2 (en) | Method and system for prioritizing cases for fraud detection | |
| CN100437550C (en) | Ethernet confirming access method | |
| US20020194140A1 (en) | Metered access to content | |
| US20040078325A1 (en) | Managing activation/deactivation of transaction accounts enabling temporary use of those accounts | |
| CN102045375B (en) | Remote command interaction method and bastion host | |
| CN1937499A (en) | Domainname-based unified identification mark and authentication method | |
| EP1493246B1 (en) | Monitoring of information in a network environment | |
| RU2006104559A (en) | METHOD FOR CHARGING THE FEE FOR USING CONTENTS TRANSMITTED ON THE COMMUNICATION NETWORK, PREFERREDLY ON THE INTERNET NETWORK, AND A SYSTEM FOR ITS IMPLEMENTATION | |
| WO2010013251A1 (en) | Internet control management and accounting in a utility computing environment | |
| CN111314381A (en) | Safety isolation gateway | |
| CN101378312B (en) | Safety payment control system and method based on broadband network | |
| CN101247239A (en) | Authenticated authorization accounting system and implementing method thereof | |
| CN1430377A (en) | Method of realizing Internet contents paying | |
| US20050281198A1 (en) | Method and apparatus for ascertaining utilization state | |
| CN101729310B (en) | Method and system for realizing business monitor and information acquisition equipment | |
| CN110611611A (en) | Web security access method for home gateway | |
| CN202150865U (en) | System suitable for enterprises to carry out network behavior management | |
| CN100438446C (en) | Switch-in control equipment, Switch-in control system and switch-in control method | |
| CN1421798A (en) | Hardware-type network charge unit and its realizing method | |
| JP4065436B2 (en) | Method and system for building and communicating data about network access and service transactions in a communication network | |
| CN1476207A (en) | IP special line charging method and system | |
| CN112953951B (en) | User login verification and security detection method and system based on domestic CPU | |
| CN109120583A (en) | A method of the buffer encrypted data based on action boundary operation | |
| US8683568B1 (en) | Using packet interception to integrate risk-based user authentication into online services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |