WO2016145741A1 - Distributed cache-based message authentication method and apparatus - Google Patents

Distributed cache-based message authentication method and apparatus Download PDF

Info

Publication number
WO2016145741A1
WO2016145741A1 PCT/CN2015/081877 CN2015081877W WO2016145741A1 WO 2016145741 A1 WO2016145741 A1 WO 2016145741A1 CN 2015081877 W CN2015081877 W CN 2015081877W WO 2016145741 A1 WO2016145741 A1 WO 2016145741A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
distributed cache
node
authentication
service
Prior art date
Application number
PCT/CN2015/081877
Other languages
French (fr)
Chinese (zh)
Inventor
杨宇
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016145741A1 publication Critical patent/WO2016145741A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to the field of data communication technologies, and in particular, to a message authentication method and apparatus based on distributed cache.
  • Existing operator companies generally construct a message-based business authentication platform by the following methods.
  • the terminal user sends a message to the industry gateway, and the message sent by the terminal user may be a service instruction for ordering an operator, and the industry gateway forwards the service instruction to the service authentication platform, and the service distribution module in the service authentication platform is based on the main
  • the calling number finds a specific service authentication module, and the service authentication module completes the authentication of the message sent by the terminal user, generates a user relationship, and returns the authentication result according to the original path.
  • the operator can also send a message to the industry gateway.
  • the message sent by the operator can be the content provided by the operator, and the industry gateway forwards the content provided by the operator to the service authentication platform, and the service authentication platform
  • the service distribution module finds a specific service authentication module according to the called number, and the service authentication module authenticates the content provided by the operator, verifies the user relationship, and returns the authentication result according to the original path.
  • the message-based business authentication platform constructed by the above method is not suitable for the further development of the business growth of each operator.
  • the service authentication module there are two main ways for the service authentication module to store user relationships, one is memory storage and the other is database storage. If the memory is used to store the user relationship, there is a problem that the memory is limited and the current service authentication module fails to be taken over. If the database is used to store the user relationship, there will be a problem that the database access time is long and the authentication result cannot be fed back to the industry gateway in real time. .
  • the main purpose of the embodiments of the present invention is to provide a message authentication method and device based on distributed cache, which solves the problem that the service authentication performance of the enterprise enterprise is low, and the current service authentication node fails to be taken over, and the real-time feedback authentication cannot be performed. The problem with the result.
  • a distributed cache-based message authentication method includes the following steps:
  • the to-be-authenticated message is an uplink message, performing a service authentication operation to generate a corresponding user relationship;
  • the user relationship is stored in the distributed cache node, and when the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful.
  • the method further includes:
  • the to-be-authenticated message is a downlink message, accessing the user relationship in the distributed cache node according to the downlink message;
  • the step of accessing the user relationship in the distributed cache node according to the downlink message includes:
  • the to-be-authenticated message is a downlink message, requesting to verify a user relationship in the distributed cache node;
  • Accessing the user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  • the step of performing a service authentication operation to generate a corresponding user relationship further includes:
  • the method before the step of determining the category of the to-be-authenticated message, the method further includes:
  • the service authentication node and the distributed cache access node are reduced.
  • an embodiment of the present invention further provides a message authentication apparatus based on a distributed cache, where the apparatus includes:
  • a message receiving module configured to determine a category of the to-be-authenticated message when receiving the to-be-authenticated message
  • the service authentication module is configured to perform a service authentication operation to generate a corresponding user relationship, if the to-be-authenticated message is an uplink message;
  • a distributed cache module configured to store the user relationship in a distributed cache node
  • the determining module is configured to determine that the uplink message authentication is successful when the user relationship is successfully stored in the at least two distributed cache nodes.
  • the distributed cache-based message authentication device further includes a distributed cache access module, configured to: if the to-be-authenticated message is a downlink message, access the distributed cache node according to the downlink message User relationship in ;
  • the determining module is further configured to determine that the downlink message is successfully authenticated when the access is successful.
  • the service authentication module is further configured to: if the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
  • the distributed cache access module is further configured to access a user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  • the service authentication module is further configured to request to store the user relationship
  • the distributed cache access module is further configured to submit the user relationship according to the request for storing the user relationship.
  • the distributed cache-based message authentication apparatus further includes a monitoring module and an adjustment module.
  • the monitoring module is configured to monitor a load status of the service authentication node in real time
  • the adjusting module is configured to adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
  • a method for message authentication is implemented by using a distributed cache, so that when the message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to authenticate in a fixed or specific service authentication node, thereby improving The performance of real-time authentication of the message; at the same time, the service authentication node can be dynamically increased or decreased, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is realized.
  • FIG. 1 is a schematic flowchart of a first embodiment of a message authentication method based on distributed cache according to the present invention
  • FIG. 2 is a schematic flowchart diagram of a second embodiment of a message authentication method based on distributed cache according to the present invention
  • step S40 in FIG. 2 is a schematic flowchart of a refinement of an embodiment of step S40 in FIG. 2;
  • FIG. 4 is a schematic flowchart diagram of a third embodiment of a message authentication method based on distributed cache according to the present invention.
  • FIG. 5 is a schematic diagram of functional modules of a first embodiment of a message authentication apparatus based on distributed cache according to the present invention
  • FIG. 6 is a schematic diagram of functional modules of a second embodiment of a message authentication device based on distributed cache according to the present invention.
  • FIG. 7 is a schematic diagram of functional modules of a third embodiment of a message authentication apparatus based on distributed cache according to the present invention.
  • the main solution of the embodiment of the present invention is: determining the category of the to-be-authenticated message when receiving the to-be-authenticated message; determining the category of the to-be-authenticated message when receiving the to-be-authenticated message; If the authentication message is an uplink message, perform a service authentication operation to generate a corresponding user relationship;
  • the user relationship is stored in the distributed cache node, and when the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful.
  • the method of message authentication is implemented by distributed caching, so that when the message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to authenticate in a fixed or specific service authentication node, thereby improving the message real-time authentication. At the same time, it solves the problem of busy single-service authentication nodes, and also realizes the function of seamlessly taking over the service authentication node of the downtime.
  • the present invention provides a message authentication method based on distributed caching.
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of a message authentication method based on distributed cache according to the present invention.
  • the distributed cache-based message authentication method includes:
  • Step S10 Determine, when receiving the to-be-authenticated message, the category of the to-be-authenticated message
  • the industry gateway receives the to-be-authenticated message
  • the industry gateway forwards the to-be-authenticated message to the service authentication platform, and determines the category of the to-be-authenticated message, that is, determines that the service authentication platform receives the to-be-authenticated message.
  • the uplink message is a content sent by a mobile terminal user, and may be a certain mobile terminal user ordering a certain service of an operator, for example, the mobile terminal user 13100000001 sends a service message for ordering the weather forecast to The carrier 10001; the downlink message is content sent by the operator.
  • the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
  • Step S20 If the to-be-authenticated message is an uplink message, perform a service authentication operation to generate a corresponding user relationship.
  • the uplink message is randomly sent to its message receiving node by its network switch.
  • the message receiving node forwards the uplink message to its service authentication node according to a preset algorithm, where the service load of the service authentication node is the smallest among all service authentication nodes of the service authentication platform at the time,
  • the service authentication operation is performed in the service authentication node with the smallest service load, and the corresponding user relationship is generated according to the uplink message.
  • the preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
  • Load balancing has two meanings: First, a large number of concurrent access or data traffic is shared to multiple node devices for processing, reducing user waiting time; secondly, a single heavy load operation is shared to multiple node devices for parallel processing. After each node device finishes processing, the results are summarized and returned to the user, and the system processing capability is greatly improved.
  • Load balancing balances the communication load between all servers and applications, judges the real-time response time, and hands the task to the server with the lightest load to achieve true intelligent communication management and optimal service performance.
  • Load balancing distributes network or computer processing load between multiple nodes according to certain policies, providing an inexpensive and efficient way to extend server bandwidth, increase throughput, and improve data processing while avoiding single points of failure.
  • the service authentication platform receives the service message that the mobile terminal user 13100000001 sends to the operator 10001 to subscribe to the weather forecast, and the service message for ordering the weather forecast is randomly sent to the message receiving node through the network switch. And the message receiving node forwards the service message for ordering the weather forecast to the service authentication node whose service load is the smallest according to the load balancing algorithm, and the service authentication node with the smallest service load quantity subscribes to the weather forecast
  • the service message performs a service authentication operation, such as detecting whether the service message for ordering the weather forecast is legal, whether the mobile terminal user 13100000001 can subscribe to the weather forecast service of the operator 10001, and when it is detected that the mobile terminal user 13100000001 has been in arrears, If the user does not have the right to subscribe to the weather forecast service of the operator 10001, the weather forecast service of the operator 10001 may not be subscribed, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated.
  • the forecast service is provided to the mobile terminal user 13100000001, etc., for example, when the operator 10001 does not provide the service of the weather forecast service, the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated; the mobile can be generated only when all the tests pass. End user 1310 User relationship between 0000001 and carrier 10001.
  • step S30 the user relationship is stored in the distributed cache node.
  • the uplink message authentication is determined to be successful.
  • the user relationship is stored in a distributed cache node of the service authentication platform.
  • the service authentication node of the service authentication platform will The message receiving node is notified, and the uplink message authentication operation is successful. After receiving the message that the uplink message authentication operation succeeds, the message receiving node of the service authentication platform notifies the industry gateway that the uplink message authentication is successful.
  • the service authentication node of the service authentication platform notifies the message receiving node that the uplink message authentication operation fails. After receiving the message that the uplink message authentication operation fails, the message receiving node notifies the industry gateway that the uplink message authentication fails.
  • the user relationship between the mobile terminal user 13100000001 and the operator 10001 is stored in two or more distributed cache nodes of the service authentication platform, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 is
  • the service authentication node of the service authentication platform will notify the message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast.
  • the message authentication operation was successful.
  • the message receiving node of the service authentication platform After receiving the message that the service message authentication operation for ordering the weather forecast is successful, the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast is successful, and the SMS industry gateway receives the message.
  • the service message for ordering the weather forecast is forwarded to the operator 10001; when the user relationship between the mobile terminal user 13100000001 and the operator 10001 is not in the service authentication platform
  • the service authentication node of the service authentication platform will notify its message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast.
  • the message authentication node fails to receive the message that the service message authentication operation for ordering the weather forecast fails
  • the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast fails.
  • the short message industry gateway notifies the mobile terminal user 13100000001 that the service of the operator 10001 weather forecast fails.
  • the uplink message is authenticated by the distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, thereby improving the performance of real-time message authentication; and simultaneously solving the single service
  • the problem that the right node is busy also realizes the function of seamlessly taking over the business authentication node of the downtime.
  • FIG. 2 is a schematic flowchart diagram of a second embodiment of a message authentication method based on distributed cache according to the present invention. Based on the first embodiment of the foregoing method, after the step S10, the method further includes:
  • Step S40 If the to-be-authenticated message is a downlink message, access the user relationship in the distributed cache node according to the downlink message;
  • the step of accessing the user relationship in the distributed cache node according to the downlink message includes:
  • Step S41 If the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
  • Step S42 Access the user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  • the downlink message is randomly sent to the message receiving node by the network switch, and the message receiving node forwards the downlink message according to a preset algorithm. Go to its business authentication node.
  • the service load of the service authentication node is the smallest among all the service authentication nodes of the service authentication platform at that time, and the service authentication operation is performed in the service authentication node with the smallest service load, and the verification service authentication is requested.
  • a user relationship in the distributed cache node of the platform and submitting the user relationship verification request to a distributed cache access node of the service authentication platform, the distributed cache access node accessing the extracted from the distributed cache node User relationship.
  • the preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
  • the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
  • the service authentication platform randomly transmits the specific weather forecast message to its message receiving node through its network switch.
  • the message receiving node according to a load balancing algorithm
  • the specific weather forecast message is forwarded to the service authentication node whose traffic load is the smallest, and the service authentication operation is performed on the specific weather forecast message in the service authentication node with the smallest traffic load, such as detecting Whether the specific weather forecast message is legal, whether the detecting operator 10001 can send the specific weather forecast message to the mobile terminal user 13100000001, and detecting whether the mobile terminal user 13100000001 can receive the specific weather forecast message sent by the operator 10001, and detecting the mobile terminal. Whether there is a user relationship between the user 13100000001 and the operator 10001, whether the user relationship is legal or the like.
  • the distributed cache access node of the service authentication platform extracts the user relationship between the mobile terminal user 13100000001 and the operator 10001, and if the user relationship between the mobile terminal user 13100000001 and the operator 10001 is extracted, the user relationship is unsuccessful. Then, the operator 10001 cannot send a specific weather forecast message to the mobile terminal user 13100000001.
  • step S50 when the access is successful, it is determined that the downlink message is successfully authenticated.
  • the distributed cache access node of the service authentication platform accesses the user relationship extracted from its distributed cache node
  • the distributed cache access node notifies its service authentication node
  • the service authentication platform accesses the distributed cache node. The visit was successful.
  • the service authentication node of the service authentication platform After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the downlink message is successfully authenticated. After receiving the message that the downlink message is successfully authenticated, the message receiving node of the service authentication platform notifies the industry gateway that the downlink message is successfully authenticated.
  • the distributed cache access node notification of the service authentication platform Its service authentication node accesses the distributed cache node successfully.
  • the service authentication node of the service authentication platform After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the specific weather forecast message sent by the operator 10001 is successfully authenticated. After receiving the message that the specific weather forecast message sent by the operator 10001 is successfully authenticated, the receiving node notifies the SMS industry gateway operator 10001 that the specific weather forecast message is successfully authenticated.
  • the short message industry gateway After receiving the message that the specific weather forecast message is successfully sent by the operator 10001, the short message industry gateway forwards the specific weather forecast message sent by the operator 10001 to the mobile terminal user 13100000001. If the SMS industry gateway receives the message that the specific weather forecast message authentication failure sent by the operator 10001, the operator 10001 is notified that the specific weather forecast message transmission fails.
  • the method for message authentication is implemented by using a distributed cache, so that when the downlink message is authenticated, the user relationship can be accessed in any service authentication node without having to authenticate in a fixed or specific service authentication node.
  • the performance of real-time authentication of the message is improved; at the same time, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is also realized.
  • FIG. 4 is a schematic flowchart of a third embodiment of a method for authenticating a message based on a distributed cache according to a second embodiment of the method. Before the step S10, the method further includes:
  • Step S60 monitoring the load status of the service authentication node in real time
  • Step S70 Adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
  • the service authentication platform monitors the service load status of its service authentication node in real time, and increases or decreases its service authentication node and distributed cache access node according to the service load status of its service authentication node. For example, when the service load of the service authentication node exceeds the first preset threshold, the service authentication node and the distributed cache access node are added.
  • the first preset threshold may be freely set as needed, and may be set to 60%, 70%, and 80%, and is set to 70% in the embodiment of the present invention.
  • the service load of the three service authentication nodes of the service authentication platform has exceeded 70% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are increased;
  • the load of the service authentication node of the service authentication platform is lower than the second preset threshold, the service authentication node and the distributed cache access node are reduced.
  • the first preset threshold is greater than the second preset threshold, and the second preset threshold may be set as required, and may be set to 20%, 30%, 40%, etc., in the embodiment of the present invention, set to 30. %, that is, when the service volume of the three service authentication nodes of the service authentication platform is less than 30% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are reduced. .
  • the method further includes:
  • Step S201 requesting to store the user relationship
  • Step S202 Submit the user relationship according to the request for storing the user relationship.
  • the service authentication node of the service authentication platform requests its distributed cache access node to store the user relationship, and when the distributed cache access node receives the storage request of the user relationship, submits the user relationship to its distribution. Cache node.
  • the service authentication node of the service authentication platform requests the distributed cache access node to store the user relationship between the mobile terminal user 13100000001 and the operator 10001, when the distributed cache access node receives the mobile terminal user 13100000001 and the operator. After the storage request of the user relationship between 10001, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is submitted to its distributed cache node.
  • the method for message authentication is implemented by using a distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to check in a fixed or specific service authentication node.
  • improve the performance of real-time message authentication can also dynamically increase or decrease the service authentication node, and solve the problem of busy single-service authentication node, and also realize the function of seamlessly taking over the service authentication node.
  • the present invention further provides a message authentication device based on distributed cache.
  • FIG. 5 is a schematic diagram of functional modules of a first embodiment of a message authentication apparatus based on distributed cache according to the present invention.
  • the distributed cache-based message authentication apparatus includes: a message receiving module 10, a service authentication module 20, a distributed cache module 30, and a determining module 40.
  • the message receiving module 10 is configured to determine a category of the to-be-authenticated message when receiving the to-be-authenticated message;
  • the industry gateway receives the to-be-authenticated message
  • the industry gateway forwards the to-be-authenticated message to the service authentication platform, and determines the category of the to-be-authenticated message, that is, determines that the service authentication platform receives the to-be-authenticated message.
  • the uplink message is a content sent by a mobile terminal user, and may be a certain mobile terminal user ordering a certain service of an operator, for example, the mobile terminal user 13100000001 sends a service message for ordering the weather forecast to The carrier 10001; the downlink message is content sent by the operator.
  • the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
  • the service authentication module 20 is configured to perform a service authentication operation to generate a corresponding user relationship, if the to-be-authenticated message is an uplink message;
  • the uplink message is randomly sent to its message receiving node by its network switch.
  • the message receiving node forwards the uplink message to its service authentication node according to a preset algorithm, where the service load of the service authentication node is the smallest among all service authentication nodes of the service authentication platform at the time,
  • the service authentication operation is performed in the service authentication node with the smallest service load, and the corresponding user relationship is generated according to the uplink message.
  • the preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
  • Load balancing has two meanings: First, a large number of concurrent access or data traffic is shared to multiple node devices for processing, reducing user waiting time; secondly, a single heavy load operation is shared to multiple node devices for parallel processing. After each node device finishes processing, the results are summarized and returned to the user, and the system processing capability is greatly improved.
  • Load balancing balances the communication load between all servers and applications, judges the real-time response time, and hands the task to the server with the lightest load to achieve true intelligent communication management and optimal service performance.
  • Load balancing distributes network or computer processing load between multiple nodes according to certain policies, providing an inexpensive and efficient way to extend server bandwidth, increase throughput, and improve data processing while avoiding single points of failure.
  • the service authentication platform receives the service message that the mobile terminal user 13100000001 sends to the operator 10001 to subscribe to the weather forecast, and the service message for ordering the weather forecast is randomly sent to the message receiving node through the network switch. And the message receiving node forwards the service message for ordering the weather forecast to the service authentication node whose service load is the smallest according to the load balancing algorithm, and the service authentication node with the smallest service load quantity subscribes to the weather forecast
  • the service message performs a service authentication operation, such as detecting whether the service message for ordering the weather forecast is legal, whether the mobile terminal user 13100000001 can subscribe to the weather forecast service of the operator 10001, and when it is detected that the mobile terminal user 13100000001 has been in arrears, If the user does not have the right to subscribe to the weather forecast service of the operator 10001, the weather forecast service of the operator 10001 may not be subscribed, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated.
  • the forecast service is provided to the mobile terminal user 13100000001, etc., for example, when the operator 10001 does not provide the service of the weather forecast service, the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated; the mobile can be generated only when all the tests pass. End user 1310 User relationship between 0000001 and carrier 10001.
  • the distributed cache module 30 is configured to store the user relationship into a distributed cache node
  • the determining module 40 is configured to determine that the uplink message authentication is successful when the user relationship is successfully stored in the at least two distributed cache nodes.
  • the user relationship is stored in a distributed cache node of the service authentication platform.
  • the service authentication node of the service authentication platform will The message receiving node is notified, and the uplink message authentication operation is successful. After receiving the message that the uplink message authentication operation succeeds, the message receiving node of the service authentication platform notifies the industry gateway that the uplink message authentication is successful.
  • the service authentication node of the service authentication platform notifies the message receiving node that the uplink message authentication operation fails. After receiving the message that the uplink message authentication operation fails, the message receiving node notifies the industry gateway that the uplink message authentication fails.
  • the user relationship between the mobile terminal user 13100000001 and the operator 10001 is stored in two or more distributed cache nodes of the service authentication platform, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 is
  • the service authentication node of the service authentication platform will notify the message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast.
  • the message authentication operation was successful.
  • the message receiving node of the service authentication platform After receiving the message that the service message authentication operation for ordering the weather forecast is successful, the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast is successful, and the SMS industry gateway receives the message.
  • the service message for ordering the weather forecast is forwarded to the operator 10001; when the user relationship between the mobile terminal user 13100000001 and the operator 10001 is not in the service authentication platform Two
  • the service authentication node of the service authentication platform will notify the message receiving node that the mobile terminal user 13100000001 sends the service message authentication operation to the operator 10001 to subscribe to the weather forecast, and the service fails.
  • the message receiving node of the authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast fails.
  • the short message industry gateway notifies the mobile terminal user 13100000001 that the service of the operator 10001 weather forecast fails.
  • the uplink message is authenticated by the distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, thereby improving the performance of real-time message authentication; and simultaneously solving the single service
  • the problem that the right node is busy also realizes the function of seamlessly taking over the business authentication node of the downtime.
  • FIG. 6 is a schematic diagram of functional modules of a second embodiment of a message authentication apparatus based on distributed cache according to the present invention.
  • the apparatus also includes a distributed cache access module 50.
  • the distributed cache access module 50 is configured to: if the to-be-authenticated message is a downlink message, access the user relationship in the distributed cache node according to the downlink message;
  • the service authentication module 20 is further configured to: if the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
  • the distributed cache access module 50 is further configured to access a user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  • the downlink message is randomly sent to the message receiving node by the network switch, and the message receiving node forwards the downlink message according to a preset algorithm. Go to its business authentication node.
  • the service load of the service authentication node is the smallest among all the service authentication nodes of the service authentication platform at that time, and the service authentication operation is performed in the service authentication node with the smallest service load, and the verification service authentication is requested.
  • a user relationship in the distributed cache node of the platform and submitting the user relationship verification request to a distributed cache access node of the service authentication platform, the distributed cache access node accessing the extracted from the distributed cache node User relationship.
  • the preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
  • the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
  • the service authentication platform randomly transmits the specific weather forecast message to its message receiving node through its network switch.
  • the message receiving node forwards the specific weather forecast message to a service authentication node whose service load is the smallest according to a load balancing algorithm, where the service load
  • the minimum service authentication node performs a service authentication operation on the specific weather forecast message, such as detecting whether the specific weather forecast message is legal, and detecting whether the operator 10001 can send the specific weather forecast message to the mobile terminal.
  • the user 13100000001 detects whether the mobile terminal user 13100000001 can receive the specific weather forecast message sent by the operator 10001, and detects whether there is a user relationship between the mobile terminal user 13100000001 and the operator 10001, whether the user relationship is legal or the like. If all the tests are passed, the distributed cache access node of the service authentication platform extracts the user relationship between the mobile terminal user 13100000001 and the operator 10001, and if the user relationship between the mobile terminal user 13100000001 and the operator 10001 is extracted, the user relationship is unsuccessful. Then, the operator 10001 cannot send a specific weather forecast message to the mobile terminal user 13100000001.
  • the determining module 40 is further configured to determine that the downlink message is successfully authenticated when the access is successful.
  • the distributed cache access node of the service authentication platform accesses the user relationship extracted from its distributed cache node
  • the distributed cache access node notifies its service authentication node
  • the service authentication platform accesses the distributed cache node. The visit was successful.
  • the service authentication node of the service authentication platform After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the downlink message is successfully authenticated. After receiving the message that the downlink message is successfully authenticated, the message receiving node of the service authentication platform notifies the industry gateway that the downlink message is successfully authenticated.
  • the distributed cache access node notification of the service authentication platform Its service authentication node accesses the distributed cache node successfully.
  • the service authentication node of the service authentication platform After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the specific weather forecast message sent by the operator 10001 is successfully authenticated. After receiving the message that the specific weather forecast message sent by the operator 10001 is successfully authenticated, the receiving node notifies the SMS industry gateway operator 10001 that the specific weather forecast message is successfully authenticated.
  • the short message industry gateway After receiving the message that the specific weather forecast message is successfully sent by the operator 10001, the short message industry gateway forwards the specific weather forecast message sent by the operator 10001 to the mobile terminal user 13100000001. If the SMS industry gateway receives the message that the specific weather forecast message authentication failure sent by the operator 10001, the operator 10001 is notified that the specific weather forecast message transmission fails.
  • the method for message authentication is implemented by using a distributed cache, so that when the downlink message is authenticated, the user relationship can be accessed in any service authentication node without having to authenticate in a fixed or specific service authentication node.
  • the performance of real-time authentication of the message is improved; at the same time, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is also realized.
  • FIG. 7 is a schematic diagram of functional modules of a third embodiment of a message authentication apparatus based on distributed cache according to the present invention.
  • the device also includes a detection module 60 and an adjustment module 70.
  • the monitoring module 60 is configured to monitor the load status of the service authentication node in real time
  • the adjusting module 70 is configured to adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
  • the service authentication platform monitors the service load status of its service authentication node in real time, and increases or decreases its service authentication node and distributed cache access node according to the service load status of its service authentication node. For example, when the service load of the service authentication node exceeds the first preset threshold, the service authentication node and the distributed cache access node are added.
  • the first preset threshold may be freely set as needed, and may be set to 60%, 70%, and 80%, and is set to 70% in the embodiment of the present invention.
  • the service load of the three service authentication nodes of the service authentication platform has exceeded 70% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are increased;
  • the load of the service authentication node of the service authentication platform is lower than the second preset threshold, the service authentication node and the distributed cache access node are reduced.
  • the first preset threshold is greater than the second preset threshold, and the second preset threshold may be set as required, and may be set to 20%, 30%, 40%, etc., in the embodiment of the present invention, set to 30. %, that is, when the service volume of the three service authentication nodes of the service authentication platform is less than 30% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are reduced. .
  • the service authentication module 20 is further configured to request to store the user relationship
  • the distributed cache access module 50 is further configured to submit the user relationship according to the request for storing the user relationship.
  • the service authentication node of the service authentication platform requests its distributed cache access node to store the user relationship, and when the distributed cache access node receives the storage request of the user relationship, submits the user relationship to its distribution. Cache node.
  • the service authentication node of the service authentication platform requests the distributed cache access node to store the user relationship between the mobile terminal user 13100000001 and the operator 10001, when the distributed cache access node receives the mobile terminal user 13100000001 and the operator. After the storage request of the user relationship between 10001, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is submitted to its distributed cache node.
  • the method for message authentication is implemented by using a distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to check in a fixed or specific service authentication node.
  • improve the performance of real-time message authentication can also dynamically increase or decrease the service authentication node, and solve the problem of busy single-service authentication node, and also realize the function of seamlessly taking over the service authentication node.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • a storage medium such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is a distributed cache-based message authentication method. The method comprises the following steps: when receiving a message to be authenticated, determining the type of the message to be authenticated; if the message to be authenticated is an uplink message, performing a service authentication operation, and generating a corresponding user relationship; and storing the user relationship into a distributed cache node, and when the user relationship is successfully stored into at least two distributed cache nodes, determining that authentication of the uplink message is successful. Also disclosed is a distributed cache-based message authentication apparatus. The present invention improves performance of real-time authentication of messages, implements functions of dynamically increasing/reducing the quantities of service authentication nodes, and seamlessly taking over functions of service authentication nodes that are in shutdown.

Description

基于分布式缓存的消息鉴权方法和装置Message authentication method and device based on distributed cache 技术领域Technical field
本发明涉及数据通信技术领域,尤其涉及一种基于分布式缓存的消息鉴权方法和装置。The present invention relates to the field of data communication technologies, and in particular, to a message authentication method and apparatus based on distributed cache.
背景技术Background technique
随着消息类业务的迅速发展,各运营商企业的消息类业务鉴权平台处理数据的性能要求也随着快速增长,单纯地增加业务鉴权节点提高性能已成为各运营商企业管理和运营成本的桎梏。With the rapid development of the message-based services, the performance requirements of the message-based business authentication platform of each operator's enterprise are also increasing rapidly. Simply increasing the service authentication node to improve performance has become the management and operation cost of each operator. Hey.
现有运营商企业一般是通过如下方法构建消息类业务鉴权平台。终端用户发送消息到行业网关,终端用户所发送的消息可以是订购某个运营商的业务指令,行业网关将所述业务指令转发到业务鉴权平台,业务鉴权平台内的业务分发模块根据主叫号码找到具体的业务鉴权模块,由业务鉴权模块完成对终端用户所发送消息的鉴权,生成用户关系,将鉴权结果按原路径返回。同时,运营商也可以发送消息到行业网关,所述运营商发送的消息可以是运营商所提供的内容,行业网关将所述运营商提供的内容转发到业务鉴权平台,业务鉴权平台内的业务分发模块根据被叫号码找到具体的业务鉴权模块,由业务鉴权模块对运营商所提供的内容进行鉴权,校验用户关系,将鉴权结果按原路径返回。Existing operator companies generally construct a message-based business authentication platform by the following methods. The terminal user sends a message to the industry gateway, and the message sent by the terminal user may be a service instruction for ordering an operator, and the industry gateway forwards the service instruction to the service authentication platform, and the service distribution module in the service authentication platform is based on the main The calling number finds a specific service authentication module, and the service authentication module completes the authentication of the message sent by the terminal user, generates a user relationship, and returns the authentication result according to the original path. At the same time, the operator can also send a message to the industry gateway. The message sent by the operator can be the content provided by the operator, and the industry gateway forwards the content provided by the operator to the service authentication platform, and the service authentication platform The service distribution module finds a specific service authentication module according to the called number, and the service authentication module authenticates the content provided by the operator, verifies the user relationship, and returns the authentication result according to the original path.
但是,运用上述方法构建的消息类业务鉴权平台不适合各运营商企业业务增长的进一步发展。目前,业务鉴权模块存储用户关系的方式主要有两种,一种是内存存储,另一种是数据库存储。如果采用内存存储用户关系,会存在内存有限和当前业务鉴权模块出现故障无法被接管的问题;如果采用数据库存储用户关系,会存在数据库访问时间长,无法实时反馈鉴权结果给行业网关的问题。However, the message-based business authentication platform constructed by the above method is not suitable for the further development of the business growth of each operator. At present, there are two main ways for the service authentication module to store user relationships, one is memory storage and the other is database storage. If the memory is used to store the user relationship, there is a problem that the memory is limited and the current service authentication module fails to be taken over. If the database is used to store the user relationship, there will be a problem that the database access time is long and the authentication result cannot be fed back to the industry gateway in real time. .
上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above content is only used to assist in understanding the technical solutions of the present invention, and does not constitute an admission that the above is prior art.
发明内容Summary of the invention
本发明实施例的主要目的在于提供一种基于分布式缓存的消息鉴权方法和装置,解决运营商企业业务鉴权性能低下,在当前业务鉴权节点出现故障无法被接管,无法实时反馈鉴权结果的问题。 The main purpose of the embodiments of the present invention is to provide a message authentication method and device based on distributed cache, which solves the problem that the service authentication performance of the enterprise enterprise is low, and the current service authentication node fails to be taken over, and the real-time feedback authentication cannot be performed. The problem with the result.
为实现上述目的,本发明实施例提供的一种基于分布式缓存的消息鉴权方法,包括步骤:To achieve the above object, a distributed cache-based message authentication method provided by an embodiment of the present invention includes the following steps:
在接收到待鉴权消息时,确定所述待鉴权消息的类别;Determining a category of the to-be-authenticated message when receiving the to-be-authenticated message;
若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;If the to-be-authenticated message is an uplink message, performing a service authentication operation to generate a corresponding user relationship;
将所述用户关系存储到分布式缓存节点中,当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。The user relationship is stored in the distributed cache node, and when the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful.
在本发明实施例中,所述在接收到待鉴权消息时,确定所述待鉴权消息的类别的步骤之后,还包括:In the embodiment of the present invention, after the step of determining the category of the to-be-authenticated message when the to-be-authenticated message is received, the method further includes:
若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;If the to-be-authenticated message is a downlink message, accessing the user relationship in the distributed cache node according to the downlink message;
当访问成功时,判定所述下行消息鉴权成功。When the access is successful, it is determined that the downlink message is successfully authenticated.
在本发明实施例中,所述若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系的步骤包括:In the embodiment of the present invention, if the to-be-authenticated message is a downlink message, the step of accessing the user relationship in the distributed cache node according to the downlink message includes:
若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;If the to-be-authenticated message is a downlink message, requesting to verify a user relationship in the distributed cache node;
根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。Accessing the user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
在本发明实施例中,所述若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系的步骤之后,还包括:In the embodiment of the present invention, if the to-be-authenticated message is an uplink message, the step of performing a service authentication operation to generate a corresponding user relationship further includes:
请求存储所述用户关系;Requesting to store the user relationship;
根据所述存储所述用户关系的请求,提交所述用户关系。Submitting the user relationship according to the request to store the user relationship.
在本发明实施例中,所述在接收到待鉴权消息时,确定所述待鉴权消息的类别的步骤之前,还包括:In the embodiment of the present invention, before the step of determining the category of the to-be-authenticated message, the method further includes:
实时监测业务鉴权节点的负载状态;Real-time monitoring of the load status of the service authentication node;
当所述业务鉴权节点的负载超过第一预设阈值时,增加所述业务鉴权节点和分布式缓存访问节点; When the load of the service authentication node exceeds a first preset threshold, adding the service authentication node and the distributed cache access node;
当所述业务鉴权节点的负载低于第二预设阈值时,减少所述业务鉴权节点和分布式缓存访问节点。When the load of the service authentication node is lower than a second preset threshold, the service authentication node and the distributed cache access node are reduced.
此外,为实现上述目的,本发明实施例还提供一种基于分布式缓存的消息鉴权装置,该装置包括:In addition, in order to achieve the above object, an embodiment of the present invention further provides a message authentication apparatus based on a distributed cache, where the apparatus includes:
消息接收模块,设置为在接收到待鉴权消息时,确定所述待鉴权消息的类别;a message receiving module, configured to determine a category of the to-be-authenticated message when receiving the to-be-authenticated message;
业务鉴权模块,设置为若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;The service authentication module is configured to perform a service authentication operation to generate a corresponding user relationship, if the to-be-authenticated message is an uplink message;
分布式缓存模块,设置为将所述用户关系存储到分布式缓存节点中;a distributed cache module, configured to store the user relationship in a distributed cache node;
判定模块,设置为当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。The determining module is configured to determine that the uplink message authentication is successful when the user relationship is successfully stored in the at least two distributed cache nodes.
在本发明实施例中,所述基于分布式缓存的消息鉴权装置还包括分布式缓存访问模块,设置为若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;In the embodiment of the present invention, the distributed cache-based message authentication device further includes a distributed cache access module, configured to: if the to-be-authenticated message is a downlink message, access the distributed cache node according to the downlink message User relationship in ;
所述判定模块,还设置为当访问成功时,判定所述下行消息鉴权成功。The determining module is further configured to determine that the downlink message is successfully authenticated when the access is successful.
在本发明实施例中,所述业务鉴权模块,还设置为若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;In the embodiment of the present invention, the service authentication module is further configured to: if the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
所述分布式缓存访问模块,还设置为根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。The distributed cache access module is further configured to access a user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
在本发明实施例中,所述业务鉴权模块,还设置为请求存储所述用户关系;In the embodiment of the present invention, the service authentication module is further configured to request to store the user relationship;
所述分布式缓存访问模块,还设置为根据所述存储所述用户关系的请求,提交所述用户关系。The distributed cache access module is further configured to submit the user relationship according to the request for storing the user relationship.
在本发明实施例中,所述基于分布式缓存的消息鉴权装置还包括监测模块和调整模块,In the embodiment of the present invention, the distributed cache-based message authentication apparatus further includes a monitoring module and an adjustment module.
所述监测模块,设置为实时监测业务鉴权节点的负载状态;The monitoring module is configured to monitor a load status of the service authentication node in real time;
所述调整模块,设置为根据所述业务鉴权节点的负载状态,调整所述业务鉴权节点和分布式缓存访问节点的数量。 The adjusting module is configured to adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
本发明实施例通过分布式缓存来实现消息鉴权的方法,使消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;同时,可以动态增加或减少业务鉴权节点,解决了单业务鉴权节点繁忙的问题,实现了无缝接管宕机业务鉴权节点的功能。In the embodiment of the present invention, a method for message authentication is implemented by using a distributed cache, so that when the message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to authenticate in a fixed or specific service authentication node, thereby improving The performance of real-time authentication of the message; at the same time, the service authentication node can be dynamically increased or decreased, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is realized.
附图说明DRAWINGS
图1为本发明基于分布式缓存的消息鉴权方法的第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of a message authentication method based on distributed cache according to the present invention;
图2为本发明基于分布式缓存的消息鉴权方法的第二实施例的流程示意图;2 is a schematic flowchart diagram of a second embodiment of a message authentication method based on distributed cache according to the present invention;
图3为图2中步骤S40一实施例的细化流程示意图;3 is a schematic flowchart of a refinement of an embodiment of step S40 in FIG. 2;
图4为本发明基于分布式缓存的消息鉴权方法的第三实施例的流程示意图;4 is a schematic flowchart diagram of a third embodiment of a message authentication method based on distributed cache according to the present invention;
图5为本发明基于分布式缓存的消息鉴权装置的第一实施例的功能模块示意图;FIG. 5 is a schematic diagram of functional modules of a first embodiment of a message authentication apparatus based on distributed cache according to the present invention; FIG.
图6为本发明基于分布式缓存的消息鉴权装置的第二实施例的功能模块示意图;6 is a schematic diagram of functional modules of a second embodiment of a message authentication device based on distributed cache according to the present invention;
图7为本发明基于分布式缓存的消息鉴权装置的第三实施例的功能模块示意图。FIG. 7 is a schematic diagram of functional modules of a third embodiment of a message authentication apparatus based on distributed cache according to the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明实施例的主要解决方案是:在接收到待鉴权消息时,确定所述待鉴权消息的类别;在接收到待鉴权消息时,确定所述待鉴权消息的类别;若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;The main solution of the embodiment of the present invention is: determining the category of the to-be-authenticated message when receiving the to-be-authenticated message; determining the category of the to-be-authenticated message when receiving the to-be-authenticated message; If the authentication message is an uplink message, perform a service authentication operation to generate a corresponding user relationship;
将所述用户关系存储到分布式缓存节点中,当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。通过分布式缓存来实现消息鉴权的方法,使消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。The user relationship is stored in the distributed cache node, and when the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful. The method of message authentication is implemented by distributed caching, so that when the message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to authenticate in a fixed or specific service authentication node, thereby improving the message real-time authentication. At the same time, it solves the problem of busy single-service authentication nodes, and also realizes the function of seamlessly taking over the service authentication node of the downtime.
由于现有的业务鉴权节点存储用户关系的方式主要有两种,一种是内存存储,另一种是数据库存储。如果采用内存存储用户关系,会存在内存有限和当前业务鉴权节 点出现故障无法被接管的问题;如果采用数据库存储用户关系,会存在数据库访问时间长,无法实时反馈鉴权结果给行业网关的问题。There are two main ways for existing service authentication nodes to store user relationships, one is memory storage and the other is database storage. If memory is used to store user relationships, there will be limited memory and current business authentication sections. The problem that the fault cannot be taken over; if the database is used to store the user relationship, there will be a problem that the database access time is long and the authentication result cannot be fed back to the industry gateway in real time.
基于上述问题,本发明提供一种基于分布式缓存的消息鉴权方法。Based on the above problems, the present invention provides a message authentication method based on distributed caching.
参照图1,图1为本发明基于分布式缓存的消息鉴权方法的第一实施例的流程示意图。Referring to FIG. 1, FIG. 1 is a schematic flowchart diagram of a first embodiment of a message authentication method based on distributed cache according to the present invention.
在一实施例中,所述基于分布式缓存的消息鉴权方法包括:In an embodiment, the distributed cache-based message authentication method includes:
步骤S10,在接收到待鉴权消息时,确定所述待鉴权消息的类别;Step S10: Determine, when receiving the to-be-authenticated message, the category of the to-be-authenticated message;
一个业务鉴权平台有N(N>=3)个消息接收节点,N个业务鉴权节点,N个分布式缓存访问节点,N个分布式缓存节点。当行业网关接收到待鉴权消息时,行业网关将所述待鉴权消息转发到业务鉴权平台,确定所述待鉴权消息的类别,即确定业务鉴权平台所接收到待鉴权的消息是上行消息还是下行消息,所述上行消息是移动终端用户发出的内容,可以是某个移动终端用户订购某个运营商的某项业务,如移动终端用户13100000001发送订购天气预报的业务消息到运营商10001;所述下行消息是运营商发出的内容,如运营商10001根据移动终端用户13100000001订购的天气预报的业务消息,发送具体的天气预报消息到移动终端用户13100000001。A service authentication platform has N (N>=3) message receiving nodes, N service authentication nodes, N distributed cache access nodes, and N distributed cache nodes. When the industry gateway receives the to-be-authenticated message, the industry gateway forwards the to-be-authenticated message to the service authentication platform, and determines the category of the to-be-authenticated message, that is, determines that the service authentication platform receives the to-be-authenticated message. Whether the message is an uplink message or a downlink message, the uplink message is a content sent by a mobile terminal user, and may be a certain mobile terminal user ordering a certain service of an operator, for example, the mobile terminal user 13100000001 sends a service message for ordering the weather forecast to The carrier 10001; the downlink message is content sent by the operator. For example, the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
步骤S20,若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;Step S20: If the to-be-authenticated message is an uplink message, perform a service authentication operation to generate a corresponding user relationship.
若业务鉴权平台接收的待鉴权消息是上行消息,则通过其网络交换机将所述上行消息随机发送给其消息接收节点。所述消息接收节点按照预设算法将所述上行消息转发到其业务鉴权节点,所述业务鉴权节点的业务负载量是当时业务鉴权平台所有业务鉴权节点中最小的,在所述业务负载量最小的业务鉴权节点中进行业务鉴权操作,并根据所述上行消息生成对应的用户关系。所述预设算法为负载均衡算法,也可以是实现同样功能的其他算法。负载均衡有两方面的含义:首先,将大量的并发访问或数据流量分担到多台节点设备上分别处理,减少用户等待时间;其次,单个重负载的运算分担到多台节点设备上做并行处理,每个节点设备处理结束后,将结果汇总,返回给用户,系统处理能力得到大幅度提高。负载均衡能够均衡所有的服务器和应用之间的通信负载,根据实时响应时间进行判断,将任务交由负载最轻的服务器来处理,以实现真正的智能通信管理和最佳的服务性能。负载均衡在多节点之间按照一定的策略分发网络或计算机处理负载,提供了一种廉价而有效的方法来扩展服务器带宽,增加吞吐量,提高数据处理能力,同时又可以避免单点故障。 If the to-be-authenticated message received by the service authentication platform is an uplink message, the uplink message is randomly sent to its message receiving node by its network switch. The message receiving node forwards the uplink message to its service authentication node according to a preset algorithm, where the service load of the service authentication node is the smallest among all service authentication nodes of the service authentication platform at the time, The service authentication operation is performed in the service authentication node with the smallest service load, and the corresponding user relationship is generated according to the uplink message. The preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function. Load balancing has two meanings: First, a large number of concurrent access or data traffic is shared to multiple node devices for processing, reducing user waiting time; secondly, a single heavy load operation is shared to multiple node devices for parallel processing. After each node device finishes processing, the results are summarized and returned to the user, and the system processing capability is greatly improved. Load balancing balances the communication load between all servers and applications, judges the real-time response time, and hands the task to the server with the lightest load to achieve true intelligent communication management and optimal service performance. Load balancing distributes network or computer processing load between multiple nodes according to certain policies, providing an inexpensive and efficient way to extend server bandwidth, increase throughput, and improve data processing while avoiding single points of failure.
如业务鉴权平台接收的是移动终端用户13100000001发送给运营商10001订购天气预报的业务消息,通过其网络交换机将所述订购天气预报的业务消息随机发送给其消息接收节点。所述消息接收节点按照负载均衡算法,将所述订购天气预报的业务消息转发到其业务负载量最小的业务鉴权节点,所述业务负载量最小的业务鉴权节点对所述订购天气预报的业务消息进行业务鉴权操作,如检测所述订购天气预报的业务消息是否合法,所述移动终端用户13100000001是否可以订购运营商10001的天气预报业务,当检测出移动终端用户13100000001已经欠费停机,或没有权限订购运营商10001的天气预报业务等,则不可以订购运营商10001的天气预报业务,移动终端用户13100000001与运营商10001之间不能生成用户关系;还需要检测运营商10001是否可以提供天气预报业务给移动终端用户13100000001等,如当运营商10001并没有提供天气预报业务的服务,则移动终端用户13100000001与运营商10001之间不能生成用户关系;只有当所有检测都通过时,才能生成移动终端用户13100000001和运营商10001之间的用户关系。For example, the service authentication platform receives the service message that the mobile terminal user 13100000001 sends to the operator 10001 to subscribe to the weather forecast, and the service message for ordering the weather forecast is randomly sent to the message receiving node through the network switch. And the message receiving node forwards the service message for ordering the weather forecast to the service authentication node whose service load is the smallest according to the load balancing algorithm, and the service authentication node with the smallest service load quantity subscribes to the weather forecast The service message performs a service authentication operation, such as detecting whether the service message for ordering the weather forecast is legal, whether the mobile terminal user 13100000001 can subscribe to the weather forecast service of the operator 10001, and when it is detected that the mobile terminal user 13100000001 has been in arrears, If the user does not have the right to subscribe to the weather forecast service of the operator 10001, the weather forecast service of the operator 10001 may not be subscribed, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated. It is also required to detect whether the operator 10001 can provide the weather. The forecast service is provided to the mobile terminal user 13100000001, etc., for example, when the operator 10001 does not provide the service of the weather forecast service, the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated; the mobile can be generated only when all the tests pass. End user 1310 User relationship between 0000001 and carrier 10001.
步骤S30,将所述用户关系存储到分布式缓存节点中,当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。In step S30, the user relationship is stored in the distributed cache node. When the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful.
在业务鉴权平台的分布式缓存节点中存储所述用户关系,当所述用户关系在业务鉴权平台的至少两个分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,上行消息鉴权操作成功。业务鉴权平台的消息接收节点接收到上行消息鉴权操作成功的消息后,通知行业网关上行消息鉴权成功。当所述用户关系未在业务鉴权平台的两个或两个以上的分布式缓存节点存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点上行消息鉴权操作失败,所述消息接收节点接收到上行消息鉴权操作失败的消息后,通知行业网关上行消息鉴权失败。如将移动终端用户13100000001与运营商10001之间的用户关系存储到业务鉴权平台的两个或两个以上的分布式缓存节点中,当移动终端用户13100000001与运营商10001之间的用户关系在业务鉴权平台的两个或两个以上分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,移动终端用户13100000001发送给运营商10001订购天气预报的业务消息鉴权操作成功。业务鉴权平台的消息接收节点接收到所述订购天气预报的业务消息鉴权操作成功的消息后,通知短信行业网关所述订购天气预报的业务消息鉴权操作成功,所述短信行业网关接收到所述订购天气预报的业务消息鉴权操作成功的消息后,转发所述订购天气预报的业务消息到运营商10001;当移动终端用户13100000001与运营商10001之间的用户关系未在业务鉴权平台的两个或两个以上分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,移动终端用户13100000001发送给运营商10001订购天气预报的业务消 息鉴权操作失败,业务鉴权平台的消息接收节点接收到所述订购天气预报的业务消息鉴权操作失败的消息后,通知短信行业网关所述订购天气预报的业务消息鉴权操作失败。所述短信行业网关接收到所述订购天气预报的业务消息鉴权操作失败的消息后,通知移动终端用户13100000001订购运营商10001天气预报的业务失败。The user relationship is stored in a distributed cache node of the service authentication platform. When the user relationship is successfully stored in at least two distributed cache nodes of the service authentication platform, the service authentication node of the service authentication platform will The message receiving node is notified, and the uplink message authentication operation is successful. After receiving the message that the uplink message authentication operation succeeds, the message receiving node of the service authentication platform notifies the industry gateway that the uplink message authentication is successful. When the user relationship is not successfully stored in the two or more distributed cache nodes of the service authentication platform, the service authentication node of the service authentication platform notifies the message receiving node that the uplink message authentication operation fails. After receiving the message that the uplink message authentication operation fails, the message receiving node notifies the industry gateway that the uplink message authentication fails. For example, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is stored in two or more distributed cache nodes of the service authentication platform, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 is When the storage of two or more distributed cache nodes of the service authentication platform is successful, the service authentication node of the service authentication platform will notify the message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast. The message authentication operation was successful. After receiving the message that the service message authentication operation for ordering the weather forecast is successful, the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast is successful, and the SMS industry gateway receives the message. After the message of the service message authentication operation for ordering the weather forecast is successful, the service message for ordering the weather forecast is forwarded to the operator 10001; when the user relationship between the mobile terminal user 13100000001 and the operator 10001 is not in the service authentication platform When the storage is successful in two or more distributed cache nodes, the service authentication node of the service authentication platform will notify its message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast. After the message authentication node fails to receive the message that the service message authentication operation for ordering the weather forecast fails, the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast fails. After receiving the message that the service message authentication operation for ordering the weather forecast fails, the short message industry gateway notifies the mobile terminal user 13100000001 that the service of the operator 10001 weather forecast fails.
本实施例通过分布式缓存对上行消息进行鉴权,使上行消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,提高了消息实时鉴权的性能;同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。In this embodiment, the uplink message is authenticated by the distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, thereby improving the performance of real-time message authentication; and simultaneously solving the single service The problem that the right node is busy also realizes the function of seamlessly taking over the business authentication node of the downtime.
参照图2,图2为本发明基于分布式缓存的消息鉴权方法的第二实施例的流程示意图。基于上述方法的第一实施例,所述步骤S10之后,还包括:Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of a second embodiment of a message authentication method based on distributed cache according to the present invention. Based on the first embodiment of the foregoing method, after the step S10, the method further includes:
步骤S40,若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;Step S40: If the to-be-authenticated message is a downlink message, access the user relationship in the distributed cache node according to the downlink message;
具体地,参照图3,在一实施例中,所述若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系的步骤包括:Specifically, referring to FIG. 3, in an embodiment, if the to-be-authenticated message is a downlink message, the step of accessing the user relationship in the distributed cache node according to the downlink message includes:
步骤S41,若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;Step S41: If the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
步骤S42,根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。Step S42: Access the user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
若业务鉴权平台接收到的待鉴权的消息是下行消息,则通过其网络交换机将所述下行消息随机发送到其消息接收节点,所述消息接收节点按照预设算法将所述下行消息转发到其业务鉴权节点。所述业务鉴权节点的业务负载量是当时业务鉴权平台所有业务鉴权节点中最小的,在所述业务负载量最小的业务鉴权节点中进行业务鉴权操作,请求校验业务鉴权平台的分布式缓存节点中的用户关系,并将所述用户关系校验请求提交给业务鉴权平台的分布式缓存访问节点,所述分布式缓存访问节点访问从其分布式缓存节点所提取的用户关系。所述的预设算法为负载均衡算法,也可以是实现同样功能的其他算法。If the message to be authenticated received by the service authentication platform is a downlink message, the downlink message is randomly sent to the message receiving node by the network switch, and the message receiving node forwards the downlink message according to a preset algorithm. Go to its business authentication node. The service load of the service authentication node is the smallest among all the service authentication nodes of the service authentication platform at that time, and the service authentication operation is performed in the service authentication node with the smallest service load, and the verification service authentication is requested. a user relationship in the distributed cache node of the platform, and submitting the user relationship verification request to a distributed cache access node of the service authentication platform, the distributed cache access node accessing the extracted from the distributed cache node User relationship. The preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
如业务鉴权平台接收到的是运营商10001根据移动终端用户13100000001订购的天气预报的业务消息,给移动终端用户13100000001发送具体的天气预报消息。当业务鉴权平台接收到所述的具体的天气预报消息后,通过其网络交换机将所述具体的天气预报消息随机发送到其消息接收节点。所述消息接收节点按照负载均衡算法,将所 述具体的天气预报消息转发到其业务负载量最小的业务鉴权节点,在所述业务负载量最小的业务鉴权节点中对所述具体的天气预报消息进行业务鉴权操作,如检测所述具体的天气预报消息是否合法,检测运营商10001是否可以发送所述具体的天气预报消息给移动终端用户13100000001,检测移动终端用户13100000001是否可以接收运营商10001发送的具体的天气预报消息,检测移动终端用户13100000001和运营商10001之间是否存在用户关系,所述用户关系是否合法等。如果所有的检测都通过了,业务鉴权平台的分布式缓存访问节点提取移动终端用户13100000001和运营商10001之间的用户关系,如果提取移动终端用户13100000001和运营商10001之间的用户关系不成功,则运营商10001不能给移动终端用户13100000001发送具体的天气预报消息。As received by the service authentication platform, the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001. After receiving the specific weather forecast message, the service authentication platform randomly transmits the specific weather forecast message to its message receiving node through its network switch. The message receiving node according to a load balancing algorithm The specific weather forecast message is forwarded to the service authentication node whose traffic load is the smallest, and the service authentication operation is performed on the specific weather forecast message in the service authentication node with the smallest traffic load, such as detecting Whether the specific weather forecast message is legal, whether the detecting operator 10001 can send the specific weather forecast message to the mobile terminal user 13100000001, and detecting whether the mobile terminal user 13100000001 can receive the specific weather forecast message sent by the operator 10001, and detecting the mobile terminal. Whether there is a user relationship between the user 13100000001 and the operator 10001, whether the user relationship is legal or the like. If all the tests are passed, the distributed cache access node of the service authentication platform extracts the user relationship between the mobile terminal user 13100000001 and the operator 10001, and if the user relationship between the mobile terminal user 13100000001 and the operator 10001 is extracted, the user relationship is unsuccessful. Then, the operator 10001 cannot send a specific weather forecast message to the mobile terminal user 13100000001.
步骤S50,当访问成功时,判定所述下行消息鉴权成功。In step S50, when the access is successful, it is determined that the downlink message is successfully authenticated.
当业务鉴权平台的分布式缓存访问节点访问从其分布式缓存节点所提取的用户关系成功时,所述分布式缓存访问节点通知其业务鉴权节点,业务鉴权平台的访问分布式缓存节点访问成功。业务鉴权平台的业务鉴权节点接收到其分布式缓存访问节点成功访问其分布式缓存节点的消息后,通知其消息接收节点,下行消息鉴权成功。业务鉴权平台的消息接收节点接收到下行消息鉴权成功的消息后,通知行业网关下行消息鉴权成功。如当在业务鉴权平台的分布式缓存访问节点访问从其分布式缓存节点所提取的移动终端用户13100000001和运营商10001之间的用户关系成功时,业务鉴权平台的分布式缓存访问节点通知其业务鉴权节点,其访问分布式缓存节点访问成功。业务鉴权平台的业务鉴权节点接收到其分布式缓存访问节点成功访问其分布式缓存节点的消息后,通知其消息接收节点,运营商10001发送的具体天气预报消息鉴权成功,所述消息接收节点接收到运营商10001发送的具体天气预报消息鉴权成功的消息后,通知短信行业网关运营商10001发送的具体天气预报消息鉴权成功。所述短信行业网关接收到运营商10001发送的具体天气预报消息鉴权成功的消息后,将运营商10001发送的具体天气预报消息转发给移动终端用户13100000001。若所述短信行业网关接收到运营商10001发送的具体的天气预报消息鉴权失败的消息,则通知运营商10001其具体的天气预报消息发送失败。When the distributed cache access node of the service authentication platform accesses the user relationship extracted from its distributed cache node, the distributed cache access node notifies its service authentication node, and the service authentication platform accesses the distributed cache node. The visit was successful. After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the downlink message is successfully authenticated. After receiving the message that the downlink message is successfully authenticated, the message receiving node of the service authentication platform notifies the industry gateway that the downlink message is successfully authenticated. For example, when the distributed cache access node of the service authentication platform accesses the user relationship between the mobile terminal user 13100000001 and the operator 10001 extracted from its distributed cache node, the distributed cache access node notification of the service authentication platform Its service authentication node accesses the distributed cache node successfully. After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the specific weather forecast message sent by the operator 10001 is successfully authenticated. After receiving the message that the specific weather forecast message sent by the operator 10001 is successfully authenticated, the receiving node notifies the SMS industry gateway operator 10001 that the specific weather forecast message is successfully authenticated. After receiving the message that the specific weather forecast message is successfully sent by the operator 10001, the short message industry gateway forwards the specific weather forecast message sent by the operator 10001 to the mobile terminal user 13100000001. If the SMS industry gateway receives the message that the specific weather forecast message authentication failure sent by the operator 10001, the operator 10001 is notified that the specific weather forecast message transmission fails.
在本实施例中,通过分布式缓存来实现消息鉴权的方法,使下行消息在鉴权时,可以在任意业务鉴权节点中访问用户关系,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。In this embodiment, the method for message authentication is implemented by using a distributed cache, so that when the downlink message is authenticated, the user relationship can be accessed in any service authentication node without having to authenticate in a fixed or specific service authentication node. The performance of real-time authentication of the message is improved; at the same time, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is also realized.
参照图4,图4为本发明基于分布式缓存的消息鉴权方法的第三实施例流程示意图,基于上述方法的第二实施例,所述步骤S10之前,还包括: Referring to FIG. 4, FIG. 4 is a schematic flowchart of a third embodiment of a method for authenticating a message based on a distributed cache according to a second embodiment of the method. Before the step S10, the method further includes:
步骤S60,实时监测业务鉴权节点的负载状态;Step S60: monitoring the load status of the service authentication node in real time;
步骤S70,根据所述业务鉴权节点的负载状态,调整所述业务鉴权节点和分布式缓存访问节点的数量。Step S70: Adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
业务鉴权平台实时监测其业务鉴权节点的业务负载状态,根据其业务鉴权节点的业务负载状态,增加或减少其业务鉴权节点和分布式缓存访问节点。如当其业务鉴权节点的业务负载超过第一预设阈值时,增加其业务鉴权节点和分布式缓存访问节点。所述第一预设阈值可以根据需要自由设置,可以设置为60%,70%,80%,在本发明实施例中,设置为70%。如当业务鉴权平台的3个业务鉴权节点的业务负载量都已超过其业务鉴权节点总容量的70%时,增加其业务鉴权平台的业务鉴权节点和分布式缓存访问节点;当业务鉴权平台的业务鉴权节点的负载低于第二预设阈值时,减少其业务鉴权节点和分布式缓存访问节点。所述第一预设阈值大于第二预设阈值,所述第二预设阈值可以根据需要自由设置,可以设置为20%,30%,40%等,在本发明实施例中,设置为30%,即当业务鉴权平台的3个业务鉴权节点的业务量都低于其业务鉴权节点总容量的30%时,减少其业务鉴权平台的业务鉴权节点和分布式缓存访问节点。The service authentication platform monitors the service load status of its service authentication node in real time, and increases or decreases its service authentication node and distributed cache access node according to the service load status of its service authentication node. For example, when the service load of the service authentication node exceeds the first preset threshold, the service authentication node and the distributed cache access node are added. The first preset threshold may be freely set as needed, and may be set to 60%, 70%, and 80%, and is set to 70% in the embodiment of the present invention. For example, when the service load of the three service authentication nodes of the service authentication platform has exceeded 70% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are increased; When the load of the service authentication node of the service authentication platform is lower than the second preset threshold, the service authentication node and the distributed cache access node are reduced. The first preset threshold is greater than the second preset threshold, and the second preset threshold may be set as required, and may be set to 20%, 30%, 40%, etc., in the embodiment of the present invention, set to 30. %, that is, when the service volume of the three service authentication nodes of the service authentication platform is less than 30% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are reduced. .
所述步骤S20之后,还包括:After the step S20, the method further includes:
步骤S201,请求存储所述用户关系;Step S201, requesting to store the user relationship;
步骤S202,根据所述存储所述用户关系的请求,提交所述用户关系。Step S202: Submit the user relationship according to the request for storing the user relationship.
业务鉴权平台的业务鉴权节点请求其分布式缓存访问节点存储所述用户关系,当所述分布式缓存访问节点接收到所述用户关系的存储请求后,将所述用户关系提交给其分布式缓存节点。如业务鉴权平台的业务鉴权节点请求其的分布式缓存访问节点存储移动终端用户13100000001与运营商10001之间的用户关系,当所述分布式缓存访问节点接收到移动终端用户13100000001与运营商10001之间的用户关系的存储请求后,将移动终端用户13100000001与运营商10001之间的用户关系提交给其分布式缓存节点。The service authentication node of the service authentication platform requests its distributed cache access node to store the user relationship, and when the distributed cache access node receives the storage request of the user relationship, submits the user relationship to its distribution. Cache node. For example, the service authentication node of the service authentication platform requests the distributed cache access node to store the user relationship between the mobile terminal user 13100000001 and the operator 10001, when the distributed cache access node receives the mobile terminal user 13100000001 and the operator. After the storage request of the user relationship between 10001, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is submitted to its distributed cache node.
在本实施例中,通过分布式缓存来实现消息鉴权的方法,使上行消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;还可以动态增加或减少业务鉴权节点,同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。 In this embodiment, the method for message authentication is implemented by using a distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to check in a fixed or specific service authentication node. Right, improve the performance of real-time message authentication; can also dynamically increase or decrease the service authentication node, and solve the problem of busy single-service authentication node, and also realize the function of seamlessly taking over the service authentication node.
对应的,基于上述基于分布式缓存的消息鉴权方法,本发明进一步提供一种基于分布式缓存的消息鉴权装置。Correspondingly, based on the above-mentioned distributed cache-based message authentication method, the present invention further provides a message authentication device based on distributed cache.
参照图5,图5为本发明基于分布式缓存的消息鉴权装置的第一实施例的功能模块示意图。Referring to FIG. 5, FIG. 5 is a schematic diagram of functional modules of a first embodiment of a message authentication apparatus based on distributed cache according to the present invention.
在一实施例中,所述基于分布式缓存的消息鉴权装置包括:消息接收模块10、业务鉴权模块20、分布式缓存模块30及判定模块40。In an embodiment, the distributed cache-based message authentication apparatus includes: a message receiving module 10, a service authentication module 20, a distributed cache module 30, and a determining module 40.
所述消息接收模块10,设置为在接收到待鉴权消息时,确定所述待鉴权消息的类别;The message receiving module 10 is configured to determine a category of the to-be-authenticated message when receiving the to-be-authenticated message;
一个业务鉴权平台有N(N>=3)个消息接收节点,N个业务鉴权节点,N个分布式缓存访问节点,N个分布式缓存节点。当行业网关接收到待鉴权消息时,行业网关将所述待鉴权消息转发到业务鉴权平台,确定所述待鉴权消息的类别,即确定业务鉴权平台所接收到待鉴权的消息是上行消息还是下行消息,所述上行消息是移动终端用户发出的内容,可以是某个移动终端用户订购某个运营商的某项业务,如移动终端用户13100000001发送订购天气预报的业务消息到运营商10001;所述下行消息是运营商发出的内容,如运营商10001根据移动终端用户13100000001订购的天气预报的业务消息,发送具体的天气预报消息到移动终端用户13100000001。A service authentication platform has N (N>=3) message receiving nodes, N service authentication nodes, N distributed cache access nodes, and N distributed cache nodes. When the industry gateway receives the to-be-authenticated message, the industry gateway forwards the to-be-authenticated message to the service authentication platform, and determines the category of the to-be-authenticated message, that is, determines that the service authentication platform receives the to-be-authenticated message. Whether the message is an uplink message or a downlink message, the uplink message is a content sent by a mobile terminal user, and may be a certain mobile terminal user ordering a certain service of an operator, for example, the mobile terminal user 13100000001 sends a service message for ordering the weather forecast to The carrier 10001; the downlink message is content sent by the operator. For example, the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001.
所述业务鉴权模块20,设置为若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;The service authentication module 20 is configured to perform a service authentication operation to generate a corresponding user relationship, if the to-be-authenticated message is an uplink message;
若业务鉴权平台接收的待鉴权消息是上行消息,则通过其网络交换机将所述上行消息随机发送给其消息接收节点。所述消息接收节点按照预设算法将所述上行消息转发到其业务鉴权节点,所述业务鉴权节点的业务负载量是当时业务鉴权平台所有业务鉴权节点中最小的,在所述业务负载量最小的业务鉴权节点中进行业务鉴权操作,并根据所述上行消息生成对应的用户关系。所述预设算法为负载均衡算法,也可以是实现同样功能的其他算法。负载均衡有两方面的含义:首先,将大量的并发访问或数据流量分担到多台节点设备上分别处理,减少用户等待时间;其次,单个重负载的运算分担到多台节点设备上做并行处理,每个节点设备处理结束后,将结果汇总,返回给用户,系统处理能力得到大幅度提高。负载均衡能够均衡所有的服务器和应用之间的通信负载,根据实时响应时间进行判断,将任务交由负载最轻的服务器来处理,以实现真正的智能通信管理和最佳的服务性能。负载均衡在多节点之间按照一定的策略分发网络或计算机处理负载,提供了一种廉价而有效的方法来扩展服务器带宽,增加吞吐量,提高数据处理能力,同时又可以避免单点故障。 If the to-be-authenticated message received by the service authentication platform is an uplink message, the uplink message is randomly sent to its message receiving node by its network switch. The message receiving node forwards the uplink message to its service authentication node according to a preset algorithm, where the service load of the service authentication node is the smallest among all service authentication nodes of the service authentication platform at the time, The service authentication operation is performed in the service authentication node with the smallest service load, and the corresponding user relationship is generated according to the uplink message. The preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function. Load balancing has two meanings: First, a large number of concurrent access or data traffic is shared to multiple node devices for processing, reducing user waiting time; secondly, a single heavy load operation is shared to multiple node devices for parallel processing. After each node device finishes processing, the results are summarized and returned to the user, and the system processing capability is greatly improved. Load balancing balances the communication load between all servers and applications, judges the real-time response time, and hands the task to the server with the lightest load to achieve true intelligent communication management and optimal service performance. Load balancing distributes network or computer processing load between multiple nodes according to certain policies, providing an inexpensive and efficient way to extend server bandwidth, increase throughput, and improve data processing while avoiding single points of failure.
如业务鉴权平台接收的是移动终端用户13100000001发送给运营商10001订购天气预报的业务消息,通过其网络交换机将所述订购天气预报的业务消息随机发送给其消息接收节点。所述消息接收节点按照负载均衡算法,将所述订购天气预报的业务消息转发到其业务负载量最小的业务鉴权节点,所述业务负载量最小的业务鉴权节点对所述订购天气预报的业务消息进行业务鉴权操作,如检测所述订购天气预报的业务消息是否合法,所述移动终端用户13100000001是否可以订购运营商10001的天气预报业务,当检测出移动终端用户13100000001已经欠费停机,或没有权限订购运营商10001的天气预报业务等,则不可以订购运营商10001的天气预报业务,移动终端用户13100000001与运营商10001之间不能生成用户关系;还需要检测运营商10001是否可以提供天气预报业务给移动终端用户13100000001等,如当运营商10001并没有提供天气预报业务的服务,则移动终端用户13100000001与运营商10001之间不能生成用户关系;只有当所有检测都通过时,才能生成移动终端用户13100000001和运营商10001之间的用户关系。For example, the service authentication platform receives the service message that the mobile terminal user 13100000001 sends to the operator 10001 to subscribe to the weather forecast, and the service message for ordering the weather forecast is randomly sent to the message receiving node through the network switch. And the message receiving node forwards the service message for ordering the weather forecast to the service authentication node whose service load is the smallest according to the load balancing algorithm, and the service authentication node with the smallest service load quantity subscribes to the weather forecast The service message performs a service authentication operation, such as detecting whether the service message for ordering the weather forecast is legal, whether the mobile terminal user 13100000001 can subscribe to the weather forecast service of the operator 10001, and when it is detected that the mobile terminal user 13100000001 has been in arrears, If the user does not have the right to subscribe to the weather forecast service of the operator 10001, the weather forecast service of the operator 10001 may not be subscribed, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated. It is also required to detect whether the operator 10001 can provide the weather. The forecast service is provided to the mobile terminal user 13100000001, etc., for example, when the operator 10001 does not provide the service of the weather forecast service, the user relationship between the mobile terminal user 13100000001 and the operator 10001 cannot be generated; the mobile can be generated only when all the tests pass. End user 1310 User relationship between 0000001 and carrier 10001.
所述分布式缓存模块30,设置为将所述用户关系存储到分布式缓存节点中;The distributed cache module 30 is configured to store the user relationship into a distributed cache node;
所述判定模块40,设置为当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。The determining module 40 is configured to determine that the uplink message authentication is successful when the user relationship is successfully stored in the at least two distributed cache nodes.
在业务鉴权平台的分布式缓存节点中存储所述用户关系,当所述用户关系在业务鉴权平台的至少两个分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,上行消息鉴权操作成功。业务鉴权平台的消息接收节点接收到上行消息鉴权操作成功的消息后,通知行业网关上行消息鉴权成功。当所述用户关系未在业务鉴权平台的两个或两个以上的分布式缓存节点存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点上行消息鉴权操作失败,所述消息接收节点接收到上行消息鉴权操作失败的消息后,通知行业网关上行消息鉴权失败。如将移动终端用户13100000001与运营商10001之间的用户关系存储到业务鉴权平台的两个或两个以上的分布式缓存节点中,当移动终端用户13100000001与运营商10001之间的用户关系在业务鉴权平台的两个或两个以上分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,移动终端用户13100000001发送给运营商10001订购天气预报的业务消息鉴权操作成功。业务鉴权平台的消息接收节点接收到所述订购天气预报的业务消息鉴权操作成功的消息后,通知短信行业网关所述订购天气预报的业务消息鉴权操作成功,所述短信行业网关接收到所述订购天气预报的业务消息鉴权操作成功的消息后,转发所述订购天气预报的业务消息到运营商10001;当移动终端用户13100000001与运营商10001之间的用户关系未在业务鉴权平台的两个 或两个以上分布式缓存节点中存储成功时,业务鉴权平台的业务鉴权节点将通知其消息接收节点,移动终端用户13100000001发送给运营商10001订购天气预报的业务消息鉴权操作失败,业务鉴权平台的消息接收节点接收到所述订购天气预报的业务消息鉴权操作失败的消息后,通知短信行业网关所述订购天气预报的业务消息鉴权操作失败。所述短信行业网关接收到所述订购天气预报的业务消息鉴权操作失败的消息后,通知移动终端用户13100000001订购运营商10001天气预报的业务失败。The user relationship is stored in a distributed cache node of the service authentication platform. When the user relationship is successfully stored in at least two distributed cache nodes of the service authentication platform, the service authentication node of the service authentication platform will The message receiving node is notified, and the uplink message authentication operation is successful. After receiving the message that the uplink message authentication operation succeeds, the message receiving node of the service authentication platform notifies the industry gateway that the uplink message authentication is successful. When the user relationship is not successfully stored in the two or more distributed cache nodes of the service authentication platform, the service authentication node of the service authentication platform notifies the message receiving node that the uplink message authentication operation fails. After receiving the message that the uplink message authentication operation fails, the message receiving node notifies the industry gateway that the uplink message authentication fails. For example, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is stored in two or more distributed cache nodes of the service authentication platform, and the user relationship between the mobile terminal user 13100000001 and the operator 10001 is When the storage of two or more distributed cache nodes of the service authentication platform is successful, the service authentication node of the service authentication platform will notify the message receiving node, and the mobile terminal user 13100000001 sends the service to the operator 10001 to subscribe to the weather forecast. The message authentication operation was successful. After receiving the message that the service message authentication operation for ordering the weather forecast is successful, the message receiving node of the service authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast is successful, and the SMS industry gateway receives the message. After the message of the service message authentication operation for ordering the weather forecast is successful, the service message for ordering the weather forecast is forwarded to the operator 10001; when the user relationship between the mobile terminal user 13100000001 and the operator 10001 is not in the service authentication platform Two When the storage of the two or more distributed cache nodes is successful, the service authentication node of the service authentication platform will notify the message receiving node that the mobile terminal user 13100000001 sends the service message authentication operation to the operator 10001 to subscribe to the weather forecast, and the service fails. After receiving the message that the service message authentication operation for ordering the weather forecast fails, the message receiving node of the authentication platform notifies the SMS industry gateway that the service message authentication operation for ordering the weather forecast fails. After receiving the message that the service message authentication operation for ordering the weather forecast fails, the short message industry gateway notifies the mobile terminal user 13100000001 that the service of the operator 10001 weather forecast fails.
本实施例通过分布式缓存对上行消息进行鉴权,使上行消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,提高了消息实时鉴权的性能;同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。In this embodiment, the uplink message is authenticated by the distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, thereby improving the performance of real-time message authentication; and simultaneously solving the single service The problem that the right node is busy also realizes the function of seamlessly taking over the business authentication node of the downtime.
参照图6,图6为本发明基于分布式缓存的消息鉴权装置的第二实施例的功能模块示意图。所述装置还包括分布式缓存访问模块50。Referring to FIG. 6, FIG. 6 is a schematic diagram of functional modules of a second embodiment of a message authentication apparatus based on distributed cache according to the present invention. The apparatus also includes a distributed cache access module 50.
所述分布式缓存访问模块50,设置为若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;The distributed cache access module 50 is configured to: if the to-be-authenticated message is a downlink message, access the user relationship in the distributed cache node according to the downlink message;
在本发明实施例中所述业务鉴权模块20,还设置为若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;In the embodiment of the present invention, the service authentication module 20 is further configured to: if the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
所述分布式缓存访问模块50,还设置为根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。The distributed cache access module 50 is further configured to access a user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
若业务鉴权平台接收到的待鉴权的消息是下行消息,则通过其网络交换机将所述下行消息随机发送到其消息接收节点,所述消息接收节点按照预设算法将所述下行消息转发到其业务鉴权节点。所述业务鉴权节点的业务负载量是当时业务鉴权平台所有业务鉴权节点中最小的,在所述业务负载量最小的业务鉴权节点中进行业务鉴权操作,请求校验业务鉴权平台的分布式缓存节点中的用户关系,并将所述用户关系校验请求提交给业务鉴权平台的分布式缓存访问节点,所述分布式缓存访问节点访问从其分布式缓存节点所提取的用户关系。所述的预设算法为负载均衡算法,也可以是实现同样功能的其他算法。If the message to be authenticated received by the service authentication platform is a downlink message, the downlink message is randomly sent to the message receiving node by the network switch, and the message receiving node forwards the downlink message according to a preset algorithm. Go to its business authentication node. The service load of the service authentication node is the smallest among all the service authentication nodes of the service authentication platform at that time, and the service authentication operation is performed in the service authentication node with the smallest service load, and the verification service authentication is requested. a user relationship in the distributed cache node of the platform, and submitting the user relationship verification request to a distributed cache access node of the service authentication platform, the distributed cache access node accessing the extracted from the distributed cache node User relationship. The preset algorithm is a load balancing algorithm, and may be other algorithms that implement the same function.
如业务鉴权平台接收到的是运营商10001根据移动终端用户13100000001订购的天气预报的业务消息,给移动终端用户13100000001发送具体的天气预报消息。当业务鉴权平台接收到所述的具体的天气预报消息后,通过其网络交换机将所述具体的天气预报消息随机发送到其消息接收节点。所述消息接收节点按照负载均衡算法,将所述具体的天气预报消息转发到其业务负载量最小的业务鉴权节点,在所述业务负载量 最小的业务鉴权节点中对所述具体的天气预报消息进行业务鉴权操作,如检测所述具体的天气预报消息是否合法,检测运营商10001是否可以发送所述具体的天气预报消息给移动终端用户13100000001,检测移动终端用户13100000001是否可以接收运营商10001发送的具体的天气预报消息,检测移动终端用户13100000001和运营商10001之间是否存在用户关系,所述用户关系是否合法等。如果所有的检测都通过了,业务鉴权平台的分布式缓存访问节点提取移动终端用户13100000001和运营商10001之间的用户关系,如果提取移动终端用户13100000001和运营商10001之间的用户关系不成功,则运营商10001不能给移动终端用户13100000001发送具体的天气预报消息。As received by the service authentication platform, the operator 10001 sends a specific weather forecast message to the mobile terminal user 13100000001 according to the service message of the weather forecast subscribed by the mobile terminal user 13100000001. After receiving the specific weather forecast message, the service authentication platform randomly transmits the specific weather forecast message to its message receiving node through its network switch. The message receiving node forwards the specific weather forecast message to a service authentication node whose service load is the smallest according to a load balancing algorithm, where the service load The minimum service authentication node performs a service authentication operation on the specific weather forecast message, such as detecting whether the specific weather forecast message is legal, and detecting whether the operator 10001 can send the specific weather forecast message to the mobile terminal. The user 13100000001 detects whether the mobile terminal user 13100000001 can receive the specific weather forecast message sent by the operator 10001, and detects whether there is a user relationship between the mobile terminal user 13100000001 and the operator 10001, whether the user relationship is legal or the like. If all the tests are passed, the distributed cache access node of the service authentication platform extracts the user relationship between the mobile terminal user 13100000001 and the operator 10001, and if the user relationship between the mobile terminal user 13100000001 and the operator 10001 is extracted, the user relationship is unsuccessful. Then, the operator 10001 cannot send a specific weather forecast message to the mobile terminal user 13100000001.
所述判定模块40,还设置为当访问成功时,判定所述下行消息鉴权成功。The determining module 40 is further configured to determine that the downlink message is successfully authenticated when the access is successful.
当业务鉴权平台的分布式缓存访问节点访问从其分布式缓存节点所提取的用户关系成功时,所述分布式缓存访问节点通知其业务鉴权节点,业务鉴权平台的访问分布式缓存节点访问成功。业务鉴权平台的业务鉴权节点接收到其分布式缓存访问节点成功访问其分布式缓存节点的消息后,通知其消息接收节点,下行消息鉴权成功。业务鉴权平台的消息接收节点接收到下行消息鉴权成功的消息后,通知行业网关下行消息鉴权成功。如当在业务鉴权平台的分布式缓存访问节点访问从其分布式缓存节点所提取的移动终端用户13100000001和运营商10001之间的用户关系成功时,业务鉴权平台的分布式缓存访问节点通知其业务鉴权节点,其访问分布式缓存节点访问成功。业务鉴权平台的业务鉴权节点接收到其分布式缓存访问节点成功访问其分布式缓存节点的消息后,通知其消息接收节点,运营商10001发送的具体天气预报消息鉴权成功,所述消息接收节点接收到运营商10001发送的具体天气预报消息鉴权成功的消息后,通知短信行业网关运营商10001发送的具体天气预报消息鉴权成功。所述短信行业网关接收到运营商10001发送的具体天气预报消息鉴权成功的消息后,将运营商10001发送的具体天气预报消息转发给移动终端用户13100000001。若所述短信行业网关接收到运营商10001发送的具体的天气预报消息鉴权失败的消息,则通知运营商10001其具体的天气预报消息发送失败。When the distributed cache access node of the service authentication platform accesses the user relationship extracted from its distributed cache node, the distributed cache access node notifies its service authentication node, and the service authentication platform accesses the distributed cache node. The visit was successful. After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the downlink message is successfully authenticated. After receiving the message that the downlink message is successfully authenticated, the message receiving node of the service authentication platform notifies the industry gateway that the downlink message is successfully authenticated. For example, when the distributed cache access node of the service authentication platform accesses the user relationship between the mobile terminal user 13100000001 and the operator 10001 extracted from its distributed cache node, the distributed cache access node notification of the service authentication platform Its service authentication node accesses the distributed cache node successfully. After receiving the message that the distributed cache access node successfully accesses its distributed cache node, the service authentication node of the service authentication platform notifies its message receiving node that the specific weather forecast message sent by the operator 10001 is successfully authenticated. After receiving the message that the specific weather forecast message sent by the operator 10001 is successfully authenticated, the receiving node notifies the SMS industry gateway operator 10001 that the specific weather forecast message is successfully authenticated. After receiving the message that the specific weather forecast message is successfully sent by the operator 10001, the short message industry gateway forwards the specific weather forecast message sent by the operator 10001 to the mobile terminal user 13100000001. If the SMS industry gateway receives the message that the specific weather forecast message authentication failure sent by the operator 10001, the operator 10001 is notified that the specific weather forecast message transmission fails.
在本实施例中,通过分布式缓存来实现消息鉴权的方法,使下行消息在鉴权时,可以在任意业务鉴权节点中访问用户关系,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。In this embodiment, the method for message authentication is implemented by using a distributed cache, so that when the downlink message is authenticated, the user relationship can be accessed in any service authentication node without having to authenticate in a fixed or specific service authentication node. The performance of real-time authentication of the message is improved; at the same time, the problem of busy single-service authentication node is solved, and the function of seamlessly taking over the service authentication node of the downtime is also realized.
参照图7,图7为本发明基于分布式缓存的消息鉴权装置的第三实施例的功能模块示意图。所述装置还包括检测模块60和调整模块70。 Referring to FIG. 7, FIG. 7 is a schematic diagram of functional modules of a third embodiment of a message authentication apparatus based on distributed cache according to the present invention. The device also includes a detection module 60 and an adjustment module 70.
所述监测模块60,设置为实时监测业务鉴权节点的负载状态;The monitoring module 60 is configured to monitor the load status of the service authentication node in real time;
所述调整模块70,设置为根据所述业务鉴权节点的负载状态,调整所述业务鉴权节点和分布式缓存访问节点的数量。The adjusting module 70 is configured to adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
业务鉴权平台实时监测其业务鉴权节点的业务负载状态,根据其业务鉴权节点的业务负载状态,增加或减少其业务鉴权节点和分布式缓存访问节点。如当其业务鉴权节点的业务负载超过第一预设阈值时,增加其业务鉴权节点和分布式缓存访问节点。所述第一预设阈值可以根据需要自由设置,可以设置为60%,70%,80%,在本发明实施例中,设置为70%。如当业务鉴权平台的3个业务鉴权节点的业务负载量都已超过其业务鉴权节点总容量的70%时,增加其业务鉴权平台的业务鉴权节点和分布式缓存访问节点;当业务鉴权平台的业务鉴权节点的负载低于第二预设阈值时,减少其业务鉴权节点和分布式缓存访问节点。所述第一预设阈值大于第二预设阈值,所述第二预设阈值可以根据需要自由设置,可以设置为20%,30%,40%等,在本发明实施例中,设置为30%,即当业务鉴权平台的3个业务鉴权节点的业务量都低于其业务鉴权节点总容量的30%时,减少其业务鉴权平台的业务鉴权节点和分布式缓存访问节点。The service authentication platform monitors the service load status of its service authentication node in real time, and increases or decreases its service authentication node and distributed cache access node according to the service load status of its service authentication node. For example, when the service load of the service authentication node exceeds the first preset threshold, the service authentication node and the distributed cache access node are added. The first preset threshold may be freely set as needed, and may be set to 60%, 70%, and 80%, and is set to 70% in the embodiment of the present invention. For example, when the service load of the three service authentication nodes of the service authentication platform has exceeded 70% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are increased; When the load of the service authentication node of the service authentication platform is lower than the second preset threshold, the service authentication node and the distributed cache access node are reduced. The first preset threshold is greater than the second preset threshold, and the second preset threshold may be set as required, and may be set to 20%, 30%, 40%, etc., in the embodiment of the present invention, set to 30. %, that is, when the service volume of the three service authentication nodes of the service authentication platform is less than 30% of the total capacity of the service authentication node, the service authentication node and the distributed cache access node of the service authentication platform are reduced. .
在本发明实施例中,所述业务鉴权模块20,还设置为请求存储所述用户关系;In the embodiment of the present invention, the service authentication module 20 is further configured to request to store the user relationship;
所述分布式缓存访问模块50,还设置为根据所述存储所述用户关系的请求,提交所述用户关系。The distributed cache access module 50 is further configured to submit the user relationship according to the request for storing the user relationship.
业务鉴权平台的业务鉴权节点请求其分布式缓存访问节点存储所述用户关系,当所述分布式缓存访问节点接收到所述用户关系的存储请求后,将所述用户关系提交给其分布式缓存节点。如业务鉴权平台的业务鉴权节点请求其的分布式缓存访问节点存储移动终端用户13100000001与运营商10001之间的用户关系,当所述分布式缓存访问节点接收到移动终端用户13100000001与运营商10001之间的用户关系的存储请求后,将移动终端用户13100000001与运营商10001之间的用户关系提交给其分布式缓存节点。The service authentication node of the service authentication platform requests its distributed cache access node to store the user relationship, and when the distributed cache access node receives the storage request of the user relationship, submits the user relationship to its distribution. Cache node. For example, the service authentication node of the service authentication platform requests the distributed cache access node to store the user relationship between the mobile terminal user 13100000001 and the operator 10001, when the distributed cache access node receives the mobile terminal user 13100000001 and the operator. After the storage request of the user relationship between 10001, the user relationship between the mobile terminal user 13100000001 and the operator 10001 is submitted to its distributed cache node.
在本实施例中,通过分布式缓存来实现消息鉴权的方法,使上行消息在鉴权时,用户关系可以在多个业务鉴权节点中存储,不必在固定或特定的业务鉴权节点中鉴权,提高了消息实时鉴权的性能;还可以动态增加或减少业务鉴权节点,同时,解决了单业务鉴权节点繁忙的问题,也实现了无缝接管宕机业务鉴权节点的功能。In this embodiment, the method for message authentication is implemented by using a distributed cache, so that when the uplink message is authenticated, the user relationship can be stored in multiple service authentication nodes, and it is not necessary to check in a fixed or specific service authentication node. Right, improve the performance of real-time message authentication; can also dynamically increase or decrease the service authentication node, and solve the problem of busy single-service authentication node, and also realize the function of seamlessly taking over the service authentication node.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的 通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments. Through the description of the above embodiments, those skilled in the art can clearly understand that the above embodiment method can be added by software. The way the general hardware platform is implemented, of course, can also be through hardware, but in many cases the former is a better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.

Claims (10)

  1. 一种基于分布式缓存的消息鉴权方法,包括以下步骤:A message authentication method based on distributed cache, comprising the following steps:
    在接收到待鉴权消息时,确定所述待鉴权消息的类别;Determining a category of the to-be-authenticated message when receiving the to-be-authenticated message;
    若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;If the to-be-authenticated message is an uplink message, performing a service authentication operation to generate a corresponding user relationship;
    将所述用户关系存储到分布式缓存节点中,当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。The user relationship is stored in the distributed cache node, and when the user relationship is successfully stored in the at least two distributed cache nodes, the uplink message authentication is determined to be successful.
  2. 如权利要求1所述的基于分布式缓存的消息鉴权方法,其中,在接收到待鉴权消息时,确定所述待鉴权消息的类别的步骤之后,还包括:The distributed cache-based message authentication method according to claim 1, wherein after the step of determining the category of the to-be-authenticated message, the method further comprises:
    若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;If the to-be-authenticated message is a downlink message, accessing the user relationship in the distributed cache node according to the downlink message;
    当访问成功时,判定所述下行消息鉴权成功。When the access is successful, it is determined that the downlink message is successfully authenticated.
  3. 如权利要求2所述的基于分布式缓存的消息鉴权方法,其中,若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系的步骤包括:The distributed cache-based message authentication method according to claim 2, wherein if the to-be-authenticated message is a downlink message, the step of accessing the user relationship in the distributed cache node according to the downlink message comprises:
    若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;If the to-be-authenticated message is a downlink message, requesting to verify a user relationship in the distributed cache node;
    根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。Accessing the user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  4. 如权利要求1所述的基于分布式缓存的消息鉴权方法,其中,若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系的步骤之后,还包括:The distributed cache-based message authentication method according to claim 1, wherein, if the to-be-authenticated message is an uplink message, the step of performing a service authentication operation to generate a corresponding user relationship further includes:
    请求存储所述用户关系;Requesting to store the user relationship;
    根据所述存储所述用户关系的请求,提交所述用户关系。 Submitting the user relationship according to the request to store the user relationship.
  5. 如权利要求1至4任一项所述的基于分布式缓存的消息鉴权方法,其中,在接收到待鉴权消息时,确定所述待鉴权消息的类别之前,还包括:The distributed cache-based message authentication method according to any one of claims 1 to 4, wherein, before receiving the to-be-authenticated message, determining the category of the to-be-authenticated message, the method further includes:
    实时监测业务鉴权节点的负载状态;Real-time monitoring of the load status of the service authentication node;
    根据所述业务鉴权节点的负载状态,调整所述业务鉴权节点和分布式缓存访问节点的数量。Adjusting the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
  6. 一种基于分布式缓存的消息鉴权装置,包括:A message authentication device based on distributed cache, comprising:
    消息接收模块,设置为在接收到待鉴权消息时,确定所述待鉴权消息的类别;a message receiving module, configured to determine a category of the to-be-authenticated message when receiving the to-be-authenticated message;
    业务鉴权模块,设置为若所述待鉴权消息是上行消息,则进行业务鉴权操作,生成对应的用户关系;The service authentication module is configured to perform a service authentication operation to generate a corresponding user relationship, if the to-be-authenticated message is an uplink message;
    分布式缓存模块,设置为将所述用户关系存储到分布式缓存节点中;a distributed cache module, configured to store the user relationship in a distributed cache node;
    判定模块,设置为当所述用户关系在至少两个分布式缓存节点中存储成功时,判定所述上行消息鉴权成功。The determining module is configured to determine that the uplink message authentication is successful when the user relationship is successfully stored in the at least two distributed cache nodes.
  7. 如权利要求6所述的基于分布式缓存的消息鉴权装置,其中,所述基于分布式缓存的消息鉴权装置还包括分布式缓存访问模块,设置为若所述待鉴权消息是下行消息,则根据所述下行消息访问分布式缓存节点中的用户关系;The distributed cache-based message authentication apparatus according to claim 6, wherein the distributed cache-based message authentication apparatus further comprises a distributed cache access module, configured to: if the to-be-authenticated message is a downlink message And accessing the user relationship in the distributed cache node according to the downlink message;
    所述判定模块,还设置为当访问成功时,判定所述下行消息鉴权成功。The determining module is further configured to determine that the downlink message is successfully authenticated when the access is successful.
  8. 如权利要求7所述的基于分布式缓存的消息鉴权装置,其中,The distributed cache based message authentication apparatus according to claim 7, wherein
    所述业务鉴权模块,还设置为若所述待鉴权消息是下行消息,则请求校验分布式缓存节点中的用户关系;The service authentication module is further configured to: if the to-be-authenticated message is a downlink message, request to verify a user relationship in the distributed cache node;
    所述分布式缓存访问模块,还设置为根据所述校验分布式缓存节点中的用户关系的请求,访问分布式缓存节点中的用户关系。The distributed cache access module is further configured to access a user relationship in the distributed cache node according to the request for verifying the user relationship in the distributed cache node.
  9. 如权利要求7所述的基于分布式缓存的消息鉴权装置,其中,所述业务鉴权模块,还设置为请求存储所述用户关系; The distributed cache-based message authentication apparatus according to claim 7, wherein the service authentication module is further configured to request to store the user relationship;
    所述分布式缓存访问模块,还设置为根据所述存储所述用户关系的请求,提交所述用户关系。The distributed cache access module is further configured to submit the user relationship according to the request for storing the user relationship.
  10. 如权利要求6至9任一项所述的基于分布式缓存的消息鉴权装置,其中,所述基于分布式缓存的消息鉴权装置还包括监测模块和调整模块,The distributed cache-based message authentication apparatus according to any one of claims 6 to 9, wherein the distributed cache-based message authentication apparatus further comprises a monitoring module and an adjustment module,
    所述监测模块,设置为实时监测业务鉴权节点的负载状态;The monitoring module is configured to monitor a load status of the service authentication node in real time;
    所述调整模块,设置为根据所述业务鉴权节点的负载状态,调整所述业务鉴权节点和分布式缓存访问节点的数量。 The adjusting module is configured to adjust the number of the service authentication node and the distributed cache access node according to the load status of the service authentication node.
PCT/CN2015/081877 2015-03-18 2015-06-18 Distributed cache-based message authentication method and apparatus WO2016145741A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510119274.7 2015-03-18
CN201510119274.7A CN106034156A (en) 2015-03-18 2015-03-18 Message authentication method based on distributed cache and apparatus thereof

Publications (1)

Publication Number Publication Date
WO2016145741A1 true WO2016145741A1 (en) 2016-09-22

Family

ID=56919515

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/081877 WO2016145741A1 (en) 2015-03-18 2015-06-18 Distributed cache-based message authentication method and apparatus

Country Status (2)

Country Link
CN (1) CN106034156A (en)
WO (1) WO2016145741A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431659A (en) * 2008-12-08 2009-05-13 中兴通讯股份有限公司 Interactive Web TV system and its processing method
CN101834744A (en) * 2010-05-14 2010-09-15 中兴通讯股份有限公司 Convergence service system and implementation method thereof
CN102281302A (en) * 2011-08-24 2011-12-14 中国联合网络通信集团有限公司 resource access processing method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431659A (en) * 2008-12-08 2009-05-13 中兴通讯股份有限公司 Interactive Web TV system and its processing method
CN101834744A (en) * 2010-05-14 2010-09-15 中兴通讯股份有限公司 Convergence service system and implementation method thereof
CN102281302A (en) * 2011-08-24 2011-12-14 中国联合网络通信集团有限公司 resource access processing method and system

Also Published As

Publication number Publication date
CN106034156A (en) 2016-10-19

Similar Documents

Publication Publication Date Title
US11558388B2 (en) Provisional computing resource policy evaluation
US11159649B2 (en) Systems and methods of rate limiting for a representational state transfer (REST) application programming interface (API)
WO2019179192A1 (en) Blockchain transaction processing method and device and storage medium
US20210152658A1 (en) Quality of service in a distributed system
DE102019105193A1 (en) TECHNOLOGIES FOR ACCELERATING EDGE DEVICE WORKLOADS
US20140188801A1 (en) Method and system for intelligent load balancing
CN111104675A (en) Method and device for detecting system security vulnerability
US20170279706A1 (en) Link processing method, apparatus, and system
CN113472852A (en) CDN node back-source method, device and equipment
US20220116393A1 (en) Resource Security Integration Platform
US20220116400A1 (en) Authorization in communication networks
US9444800B1 (en) Virtual communication endpoint services
CN103051647A (en) Method, device and system for implementing session
US10743247B2 (en) Network access control method, apparatus, and device
KR101824562B1 (en) Gateway and method for authentication
CN106612263B (en) Method and equipment for processing application access request
CN107770203B (en) Service request forwarding method, device and system
CN111130714B (en) Data transmission method, device, electronic equipment and computer readable medium
CN110309213B (en) Database access control method, device, system, medium and equipment
WO2019201111A1 (en) Information processing method, apparatus and device, and computer-readable storage medium
WO2016145741A1 (en) Distributed cache-based message authentication method and apparatus
CN113225348B (en) Request anti-replay verification method and device
US8805987B1 (en) Ensuring a cookie-less namespace
US9071569B1 (en) System, method, and computer program for content metadata and authorization exchange between content providers and service providers
WO2016165443A1 (en) Method for protecting machine type communication device, network entity, and mtc device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15885124

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15885124

Country of ref document: EP

Kind code of ref document: A1