CN101309139B - License authentication system - Google Patents
License authentication system Download PDFInfo
- Publication number
- CN101309139B CN101309139B CN2007100406602A CN200710040660A CN101309139B CN 101309139 B CN101309139 B CN 101309139B CN 2007100406602 A CN2007100406602 A CN 2007100406602A CN 200710040660 A CN200710040660 A CN 200710040660A CN 101309139 B CN101309139 B CN 101309139B
- Authority
- CN
- China
- Prior art keywords
- database
- authentication
- server
- data base
- master
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a passport authentication system which realizes different authentication policy making according to different idiographic situations by using SDK (software development kit) in a login server, and balances the user login requests according to real stress. Meanwhile, the passport authentication system divides the authentication databases into a master database dedicated for <writing>, a slave database dedicated for <reading>, and a synchronous database connected with the master database and the slave database by star type connection; thus reduces the stress brought by large authentication data stream during authentication. The passport authentication system of the invention realizes the purpose of authentication stress balancing, and can be developed based on the original authentication system; thereby saves the cost of developing and realizing, and is easy to be realized.
Description
Technical field
The present invention relates to a kind of license authentication system, relate in particular to a kind of towards numerous users, the license authentication system that need authenticate in a large number simultaneously.
Background technology
Be disclosed on 03 02nd, 2005, publication number is CN1588850A, name is called in the application for a patent for invention file of " a kind of method for network authorization and system ", following a kind of Verification System is disclosed: except that comprising the network terminal, the webserver be connected link outside, also comprise the authentication management server, can realize when the webserver is landed in network terminal request by this system configuration, by third party's authentication management server the network terminal is authenticated, and by the authentication management server to webserver return authentication results messages, the webserver is with authentication result message informing network terminal.But this scheme can't solve the immense pressure owing to the soaring rapidly required user log-in authentication that bears of the webserver that brings of number of network users, causes the network congestion phenomenon more and more serious easily.For example, for certain comparatively popular online game, usually will receive a hundreds of thousands authentication request in one minute, authentication pressure is very huge.Therefore,, how can on the basis of legacy network framework, develop for Virtual network operator, with reduce immense pressure that each webserver born become essential.
Summary of the invention
Technical problem to be solved by this invention provides a kind of license authentication system, can solve owing to problems such as the soaring rapidly user log-in authentication pressure that brings of the network user are huge, and can be on the basis of legacy network framework, realization distributes user's authentication request according to the actual conditions of calling party amount in each station server, balanced authentication pressure, improve the efficient and the reliability of authentication, save cost simultaneously.
For solving the problems of the technologies described above, the invention provides a kind of license authentication system, comprising: Login Register layer, application service layer and Database Systems layer three-tier architecture;
Described Login Register layer is realized by many logon servers, and SDK all is housed on every logon server, and being used for provides the operation strategy according to the customer traffic situation of reality;
Described application service layer comprises: many certificate servers, a monitoring server and one or more distribution server; Wherein, described certificate server is used for user's log-on message is authenticated; Described monitoring server is used for user's authentication request is added up and calculated, and judges current pressure condition; Described distribution server, be used to receive from monitoring server show the excessive signal of pressure after, SDK in logon server sends the interruptive command that transmission channel is redistributed in request, SDK is after receiving described interruptive command, redistribute transmission channel for each authentication request, make each authentication request can send to different certificate servers and authenticate;
Described Database Systems comprise: authentication database and sync database; Wherein, described authentication database adopts master/slave pattern, is divided into master data base and from database; Master data base is used to carry out " writing " operation; Be used to carry out " reading " operation from database; Described sync database and each master and slave database Y-connection are used for being recorded in each master data base and from the daily record of each step operation that database carried out together, realize between master and slave database synchronously.
The present invention has such beneficial effect owing to adopted technique scheme, promptly by use SDK (SDK) in logon server (Login Server), has realized and can formulate certification policy according to various concrete situations; By cooperatively interacting of monitoring server (Monitor Server), distribution server (DispatchSvr) and SDK, realized the user log-in authentication request is distributed according to the actual pressure situation; Simultaneously by authentication database is divided into the master data base (MasterDB) that is specifically designed to " writing ", be specifically designed to " reading " from database (SlaveDB) and with described each master and slave database Y-connection sync database (Sync) together, alleviated when authenticating, owing to the huge pressure that causes of verify data amount; Therefore license authentication system of the present invention has been realized the purpose of balanced authentication pressure, and owing to can develop on the basis of original Verification System, has therefore been saved exploitation and realized cost, is easy to simultaneously realize.
Description of drawings
The present invention is further detailed explanation below in conjunction with accompanying drawing and embodiment:
Accompanying drawing is the system architecture diagram of an embodiment of system of the present invention.
Embodiment
Be the system architecture diagram of an embodiment of license authentication system of the present invention as shown in drawings, be three-tier architecture, ground floor is the Login Register layer, and the second layer is an application service layer, and the 3rd layer is the Database Systems layer, and these three layers link together by transfer bus.
The Login Register layer of ground floor is realized by many logon servers (Login Server), wherein on every logon server SDK (SDK) is housed all, be used for providing various operation strategies according to the customer traffic situation of reality, as masking operation is set, for example system is set to per minute and shields 10 inferior; When connecting network appearance broken string, system is switched to local authentication, thereby guaranteed the reliability that system passes through and authenticates; When occurring having the situation of a large amount of authentication request, distribute transmission channel for each authentication request, promptly determine to finish the authentication of user login information, thereby realize the equilibrium of load pressure by which platform certificate server.
The application service layer of the second layer comprises many certificate servers (AccountSvr), a monitoring server (Monitor Server) and one or more distribution server (DispatchSvr).Wherein, the log-on message (as username and password etc.) that is used for the user of certificate server authenticates; Monitoring server is used for user's authentication request is added up and calculated, and judges current pressure condition; When authentication request surpasses certain quantity when (as surpassing 50,000 authentication request in one minute), described monitoring server can send signal to distribution server, shows that load pressure is excessive.Distribution server receive from monitoring server show the excessive signal of pressure after, SDK in logon server is sent interruptive command, SDK is after receiving described interruptive command, to redistribute transmission channel for above-mentioned authentication request, make each authentication request can send to different certificate servers and authenticate, thereby realized isostasy.
The 3rd layer Database Systems layer is preserved all users' log-on message (as user name, password etc.).In the present invention, described Database Systems layer comprises authentication database and sync database two parts, and because the user's registration information amount and the quantity that need authenticate huge, therefore, described authentication database adopts master/slave (Master/Slave) pattern, promptly is divided into main (Master) database and from (Slave) database.Master data base is used for user profile is carried out " writing " operation, and all business such as the modification of user to log-on message, authentication promptly are provided; Because the operation that user profile is carried out " writing " can be concentrated and be carried out, and therefore can adopt two master data base to finish " writing " operation of all user profile in one embodiment.Be used to carry out " reading " operation from database, the business of inquiry classes such as the authentication of user to log-on message, data check promptly is provided; Because " reading " operation is what the request timesharing according to different user took place, therefore in order to alleviate the pressure that may cause, can adopt 8 in one embodiment from database.Sync database and each master data base be in the same place from the database Y-connection, can be recorded in each master data base and the daily record of each step operation of from database, being carried out by this sync database, therefore when the data in the master data base after user's modification changes (promptly having carried out new operation), according to the Operation Log that writes down in this sync database, same operating in all reformed from database one time, thus realized between master and slave database synchronously.The synchronization job of sync database is according to the setting that realizes, carries out once every certain cycle.Come the synchronous method of fulfillment database by each data in the sync database among the SQL Server with respect to current Microsoft commonly used, because the present invention is by synchronous " operation ", promptly synchronously the mode of " behavior " realizes synchronous between master and slave database, therefore comparatively speaking, database synchronization efficient of the present invention, accuracy and reliability are higher.In addition, the present invention is by the authentication database of master/slave pattern, also can strengthen safety and system's robustness of data, when master data base goes wrong (as the media damage such as disk of preserving data, loss of data, connection fault etc.), can will upgrade to master data base fast, thereby the integrality of data and normally providing of systemic-function have been provided from database.
As mentioned above, be master/slave pattern because authentication database adopts in the present invention, so the certificate server in the application service layer is divided into following three kinds of operational modes: promptly lead (Master) pattern, from (Slave) pattern and pure from (Slave) pattern.When certificate server runs on holotype, only be used to realize user's " writing " operation to master data base, all business such as the modification of user to log-on message, authentication promptly are provided; When certificate server runs on purely during from pattern, only be used to realize that the user to " reading " operation from database, promptly provides the business of inquiry classes such as the authentication of user to log-on message, data check; And when certificate server runs on from pattern, both can be used for realizing user's " writing " operation to master data base, can realize again " reading " operation from database.
Claims (6)
1. a license authentication system comprises Login Register layer, application service layer and Database Systems layer three-tier architecture, it is characterized in that:
Described Login Register layer is realized by many logon servers, and SDK all is housed on every logon server, and being used for provides the operation strategy according to the customer traffic situation of reality;
Described application service layer comprises: many certificate servers, a monitoring server and one or more distribution server; Wherein, described certificate server is used for user's log-on message is authenticated; Described monitoring server is used for user's authentication request is added up and calculated, and judges current pressure condition; Described distribution server, be used to receive from monitoring server show the excessive signal of pressure after, SDK in logon server sends the interruptive command that transmission channel is redistributed in request, SDK is after receiving described interruptive command, redistribute transmission channel for each authentication request, make each authentication request can send to different certificate servers and authenticate;
Described Database Systems comprise: authentication database and sync database; Wherein, described authentication database adopts master/slave pattern, is divided into master data base and from database; Master data base is used to carry out " writing " operation; Be used to carry out " reading " operation from database; Described sync database and each master and slave database Y-connection are used for being recorded in each master data base and from the daily record of each step operation that database carried out, finish the synchronization job between master and slave database together.
2. license authentication system according to claim 1, it is characterized in that, the operation strategy that described SDK provided comprises: distribute transmission channel for each authentication request, promptly determine by which platform certificate server to be finished the authentication of user login information.
3. license authentication system according to claim 2 is characterized in that, the operation strategy that described SDK provided also comprises: when connecting network appearance broken string, system is switched to local authentication; And, masking operation is set.
4. according to each described license authentication system in the claim 1 to 3, it is characterized in that, when master data base breaks down, by will being the operate as normal that master data base is guaranteed system from database upgrade.
5. according to claim 4 license authentication system, it is characterized in that described certificate server has following three kinds of operational modes: holotype, from pattern and pure from pattern; Wherein, when described certificate server runs on holotype, only be used to realize user's " writing " operation to master data base; When described certificate server runs on purely during from pattern, only be used to realize that the user is to " reading " operation from database; And when described certificate server runs on from pattern, both can be used for realizing user's " writing " operation to master data base, can realize again " reading " operation from database.
6. according to claim 1,2,3 or 5 described license authentication systems, it is characterized in that, described synchronization job is carried out once every some cycles, its concrete steps are: according to the Operation Log that writes down in the described sync database, operating in of being carried out in the master data base all reformed from database one time, thus finish between master and slave database synchronously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100406602A CN101309139B (en) | 2007-05-15 | 2007-05-15 | License authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100406602A CN101309139B (en) | 2007-05-15 | 2007-05-15 | License authentication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101309139A CN101309139A (en) | 2008-11-19 |
| CN101309139B true CN101309139B (en) | 2011-03-30 |
Family
ID=40125375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100406602A Active CN101309139B (en) | 2007-05-15 | 2007-05-15 | License authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101309139B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763569A (en) * | 2016-04-21 | 2016-07-13 | 网宿科技股份有限公司 | Method for authentication of account number, client, service platform and management platform |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8402530B2 (en) * | 2010-07-30 | 2013-03-19 | Microsoft Corporation | Dynamic load redistribution among distributed servers |
| CN102457493B (en) * | 2010-10-26 | 2015-12-16 | 中兴通讯股份有限公司 | A kind of certification route system of cloud computing service, method and certification router |
| CN102426594B (en) * | 2011-10-31 | 2013-05-29 | 沈文策 | Method and system for operating database |
| CN102509234B (en) * | 2011-12-28 | 2016-05-04 | 北京北纬通信科技股份有限公司 | Advertisement demonstration method based on intelligent mobile terminal and system |
| CN103902548B (en) * | 2012-12-25 | 2017-06-23 | 航天信息股份有限公司 | A kind of system and method and registration, ticket booking, net purchase system for accessing database |
| CN103812871B (en) * | 2014-02-24 | 2017-03-22 | 北京明朝万达科技股份有限公司 | Development method and system based on mobile terminal application program security application |
| CN105141586B (en) * | 2015-07-31 | 2018-07-10 | 广州华多网络科技有限公司 | A kind of method and system verified to user |
| CN105912539A (en) * | 2015-12-11 | 2016-08-31 | 乐视网信息技术(北京)股份有限公司 | System and method for data storage for protecting privacy of local user |
| CN106713337B (en) * | 2017-01-03 | 2020-04-21 | 北京并行科技股份有限公司 | Method and system for accessing super computing center and scheduling server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1298952A2 (en) * | 2001-09-26 | 2003-04-02 | Kabushiki Kaisha Toshiba | Method for maintaining information consistency between multiple authentication servers of a radio network |
| US20030140151A1 (en) * | 2002-01-14 | 2003-07-24 | Alcatel | Method and a system for controlling the access and the connections to a network |
| CN1697378A (en) * | 2005-06-02 | 2005-11-16 | 北京立通无限科技有限公司 | Method for implementing authentication service through memory hash table |
| CN1863120A (en) * | 2005-10-27 | 2006-11-15 | 华为技术有限公司 | User access method and apparatus based on multiple users |
-
2007
- 2007-05-15 CN CN2007100406602A patent/CN101309139B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1298952A2 (en) * | 2001-09-26 | 2003-04-02 | Kabushiki Kaisha Toshiba | Method for maintaining information consistency between multiple authentication servers of a radio network |
| US20030140151A1 (en) * | 2002-01-14 | 2003-07-24 | Alcatel | Method and a system for controlling the access and the connections to a network |
| CN1697378A (en) * | 2005-06-02 | 2005-11-16 | 北京立通无限科技有限公司 | Method for implementing authentication service through memory hash table |
| CN1863120A (en) * | 2005-10-27 | 2006-11-15 | 华为技术有限公司 | User access method and apparatus based on multiple users |
Non-Patent Citations (2)
| Title |
|---|
| 王融丽 等.RADIUS 服务器负载平衡的设计与实现.中国科技信息 24.2006,(24),124-126. |
| 王融丽等.RADIUS 服务器负载平衡的设计与实现.中国科技信息 24.2006,(24),124-126. * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763569A (en) * | 2016-04-21 | 2016-07-13 | 网宿科技股份有限公司 | Method for authentication of account number, client, service platform and management platform |
| CN105763569B (en) * | 2016-04-21 | 2019-05-03 | 网宿科技股份有限公司 | To the method for account authentication, client, service platform and management platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101309139A (en) | 2008-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101309139B (en) | License authentication system | |
| CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
| CN102739658B (en) | A kind of offline verification method of single-sign-on | |
| CN109347909B (en) | Working method of PROXZONE service platform | |
| CN106713271A (en) | Web system log in constraint method based on single sign-on | |
| CN103560888B (en) | Digital certificate-based unified authentication login method for integrating multiple application systems | |
| CN103036856A (en) | Multi-tenant system achievement based on software as a service (SAAS) application | |
| CN103888409A (en) | Distributed unified authentication method and system | |
| CN101651546A (en) | Method for off-line generation of dynamic password and debarkation authentication and synchronization of server | |
| CN110516454A (en) | Exchange method, system, device and the computer readable storage medium of more equipment | |
| CN106302574A (en) | A kind of service availability management method, device and network function virtualization architecture thereof | |
| CN113221093B (en) | Single sign-on system, method, equipment and product based on block chain | |
| CN104754009A (en) | Service acquisition and invocation method, device, client-side and server | |
| CN102195930A (en) | Security access method among equipment and communication equipment | |
| CN112583887A (en) | Data credible sharing method based on block chain | |
| CN104991831A (en) | SSO system integration method based on server | |
| CN104484620A (en) | Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system | |
| CN107241361A (en) | A kind of unified identity authentication method based on cloud environment | |
| CN110661782A (en) | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof | |
| CN108092983A (en) | Unified internal control method for managing security and system | |
| CN111586054A (en) | Single sign-on implementation method based on Internet architecture | |
| CN113992408A (en) | Multi-system unified login information processing method and system | |
| CN109688162B (en) | Multi-tenant database implementation method and system | |
| CN109165483A (en) | A method of it prevents around cloud platform licensing term | |
| CN104092737B (en) | Location-based service middleware method based on cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENGQU INFORMATION TECH (SHANGHAI) CO., LTD. Free format text: FORMER OWNER: SHANDA NETWORKING CO., LTD. Effective date: 20130910 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 201203 PUDONG NEW AREA, SHANGHAI TO: 201203 MINHANG, SHANGHAI |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130910 Address after: 201203 No. 1, building 690, blue wave road, Zhangjiang hi tech park, Shanghai Patentee after: Shengqu Information Technology (Shanghai) Co., Ltd. Address before: Shanghai city Pudong New Area 201203 GuoShouJing Road No. 356 Patentee before: Shanda computer (Shanghai) Co., Ltd. |