CN113556349A - Gateway authentication method and device and electronic equipment - Google Patents
Gateway authentication method and device and electronic equipment Download PDFInfo
- Publication number
- CN113556349A CN113556349A CN202110836790.7A CN202110836790A CN113556349A CN 113556349 A CN113556349 A CN 113556349A CN 202110836790 A CN202110836790 A CN 202110836790A CN 113556349 A CN113556349 A CN 113556349A
- Authority
- CN
- China
- Prior art keywords
- authentication information
- authentication
- real
- cache
- authorization server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000013475 authorization Methods 0.000 claims abstract description 108
- 230000001960 triggered effect Effects 0.000 claims abstract description 8
- 238000004590 computer program Methods 0.000 claims description 10
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a gateway authentication method, a gateway authentication device and electronic equipment, wherein the method comprises the following steps: receiving an authentication request; determining whether the authentication information in the real-time cache is valid, wherein the starting timing is triggered when the new authentication information is cached to the real-time cache, and the authentication information is valid before the timing is overtime; when the authentication information in the real-time cache is invalid and the authorization server goes down, restarting the timing to update the invalid authentication information in the real-time cache to be valid; and when the authentication information in the real-time cache is valid, reading the authentication information from the real-time cache for authentication. The method and the device realize that the timeliness and the reliability of the authentication information are met under the condition of not sacrificing the performance in the gateway authentication process.
Description
Technical Field
The present invention relates to the field of gateway authentication technologies, and in particular, to a gateway authentication method and apparatus, and an electronic device.
Background
In the gateway authentication in the prior art, after a user sends an authentication request to a gateway, an authorization server at the back end of the gateway compares authentication information sent by the user with authentication information in a database, and then returns a result of whether authentication passes or not to the user.
The method comprises the steps that a permanent cache is arranged in a gateway at present, the expiration time of authentication information is set to be 0 by the permanent cache, namely the authentication information is permanently effective in the permanent cache, after a user passes the first authentication, an authorization server updates the passed authentication information into the permanent cache, so that the user does not need to go to the authorization server again to request to acquire the authentication information for authentication, the authentication is completed in the permanent cache, and the user authentication cannot be influenced even if the authorization server is down.
Disclosure of Invention
The application aims to provide a gateway authentication method and device and electronic equipment. The method is used for solving the problem that the existing scene of the application gateway is unfavorable due to the fact that reliability is simply met and timeliness is lost.
In a first aspect, an embodiment of the present application provides a gateway authentication method, where the method includes:
receiving an authentication request;
determining whether the authentication information in the real-time cache is valid, wherein the starting timing is triggered when the new authentication information is cached to the real-time cache, and the authentication information is valid before the timing is overtime;
when the authentication information in the real-time cache is invalid and the authorization server goes down, restarting the timing to update the invalid authentication information in the real-time cache to be valid;
and when the authentication information in the real-time cache is valid, reading the authentication information from the real-time cache for authentication.
In some possible embodiments, when the authentication information in the real-time cache is invalid and the authorization server goes down, restarting the timer includes:
and when the authentication information in the real-time cache is invalid and the authorization server goes down, reading the authentication information from the standby cache as new authentication information to cache in the real-time cache, and triggering to restart timing.
In some possible embodiments, the method further comprises: when the authentication information in the real-time cache is invalid and the authorization server is not down, sending the authentication request to the authorization server, and authenticating by the authorization server;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
In some possible embodiments, the method further comprises: when the real-time cache and the standby cache are determined not to store authentication information, the authentication request is sent to an authorization server, and the authorization server performs authentication by using the authentication information;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
In a second aspect, an embodiment of the present application provides a gateway authentication apparatus, where the apparatus includes:
a receiving request module for receiving an authentication request;
the authentication information validity judging module is used for determining whether the authentication information in the real-time cache is valid or not, wherein the starting timing is triggered when the new authentication information is cached to the real-time cache, and the authentication information is valid before the timing is overtime;
the restarting timing module is used for restarting the timing when the authentication information in the real-time cache is invalid and the authorization server goes down so as to update the invalid authentication information in the cache to be valid;
and the reading module is used for reading the authentication information from the real-time cache for authentication when the authentication information in the real-time cache is valid.
In some possible embodiments, the restart timing module is specifically configured to, when the authentication information in the real-time cache is invalid and the authorization server goes down, read the authentication information from the standby cache as new authentication information to cache in the real-time cache, and trigger restart timing.
In some possible embodiments, the apparatus further includes an authentication request sending module, configured to send the authentication request to an authorization server for authentication by the authorization server when the authentication information in the real-time cache is invalid and the authorization server is not down;
and the first receiving synchronous authentication information module is used for receiving the authentication information which is sent by the authorization server authentication and synchronously caching the received authentication information to the real-time cache and the standby cache.
In some possible embodiments, the apparatus further includes an authentication module, configured to send the authentication request to an authorization server when it is determined that the real-time cache and the standby cache do not store authentication information, and perform authentication by using the authentication information by the authorization server;
and the second synchronous authentication information receiving module is used for receiving the authentication information which is sent by the authentication passing of the authorization server and synchronously caching the received authentication information to the real-time cache and the standby cache.
In a third aspect, an embodiment of the present application provides an electronic device, including at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of gateway authentication provided in the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer storage medium, where a computer program is stored, where the computer program is used to enable a computer to execute the method for gateway authentication provided in the first aspect.
In the embodiment of the application, in order to solve the problem that the situation that the reliability is simply met and the timeliness is lost brings disadvantages to an application gateway in the prior art, a standby cache and a real-time cache are arranged in the gateway, the real-time cache is provided with the expiration time larger than 0, the timing is overtime, and the authentication information can be invalid. When the user passes the first authentication, the authorization server synchronously caches the passed authentication information into the standby cache and the real-time cache, if the expiration time is not exceeded in the real-time cache, the user does not need to request authentication from the authorization server, but when the expiration time is exceeded in the real-time cache, the user still needs to request authentication from the authorization server, and the authentication information can timely update the real-time cache and the standby cache along with each request to the authorization server according to the change of the authentication information in the authorization server. And when the authorization server is down, the user cannot obtain authentication from the authorization server and the authentication information in the real-time cache is invalid, reading the authentication information from the standby cache as new authentication information to be cached in the real-time cache, restarting timing to update the authentication information in the real-time cache to be valid, and performing authentication by using the valid authentication information. The coexistence of real-time performance and reliability of the authentication information is realized.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic illustration of an application environment according to one embodiment of the present application;
fig. 2 is a flowchart illustrating a gateway authentication method according to an embodiment of the present application;
fig. 3 is a detailed flowchart of a gateway authentication method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a gateway authentication apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described in detail and clearly with reference to the accompanying drawings. In the description of the embodiments of the present application, "/" means "or" unless otherwise specified, for example, a/B may mean a or B; "and/or" in the text is only an association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: three cases of a alone, a and B both, and B alone exist, and in addition, "a plurality" means two or more than two in the description of the embodiments of the present application.
In the description of the embodiments of the present application, the term "plurality" means two or more unless otherwise specified, and other terms and the like should be understood similarly, and the preferred embodiments described herein are only for the purpose of illustrating and explaining the present application, and are not intended to limit the present application, and features in the embodiments and examples of the present application may be combined with each other without conflict.
To further illustrate the technical solutions provided by the embodiments of the present application, the following detailed description is made with reference to the accompanying drawings and the detailed description. Although the embodiments of the present application provide method steps as shown in the following embodiments or figures, more or fewer steps may be included in the method based on conventional or non-inventive efforts. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by the embodiments of the present application. The method can be executed in the order of the embodiments or the method shown in the drawings or in parallel in the actual process or the control device.
In view of the problem that the existing technology simply satisfies reliability and loses timeliness to bring disadvantages to the application gateway. The application provides a gateway authentication method and device and electronic equipment, which can meet the timeliness and reliability of authentication information under the condition of not sacrificing performance.
In view of the above, the inventive concept of the present application is: a standby cache and a real-time cache are arranged in the gateway, the expiration time of the real-time cache is greater than 0, the timing is overtime, and the authentication information can be invalid. When the user passes the first authentication, the authorization server synchronously caches the passed authentication information into the standby cache and the real-time cache, if the expiration time is not exceeded in the real-time cache, the user does not need to request authentication from the authorization server, but when the expiration time is exceeded in the real-time cache, the user still needs to request authentication from the authorization server, and the authentication information can timely update the real-time cache and the standby cache along with each request to the authorization server according to the change of the authentication information in the authorization server. And when the authorization server is down, the user cannot obtain authentication from the authorization server and the authentication information in the real-time cache is invalid, reading the authentication information from the standby cache as new authentication information to be cached in the real-time cache, restarting timing to update the authentication information in the real-time cache to be valid, and performing authentication by using the valid authentication information.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The following describes in detail a gateway authentication method in an embodiment of the present application with reference to the drawings.
Referring to fig. 1, a schematic diagram of an application environment according to an embodiment of the present application is shown.
As shown in fig. 1, the application environment may include, for example, a user terminal 101, a gateway 102, and an authorization server 103 at the back end of the gateway, where the gateway 102 and the authorization server 103 may be integrated into a whole or separated, and a user sends an authentication request to the authorization server 103 at the back end through the gateway 102, and the authorization server 103 returns an authentication result to the user.
In this application environment, the gateway 102 is provided with a cache, which is specifically used for storing the authentication information updated to the authorization server 103 after each successful authentication, and the user terminal 101 can perform the first authentication through the authorization server 103, and the subsequent authentication does not need to repeatedly request the authorization server 103, and the authentication information is directly obtained from the cache for authentication. However, in the prior art, the authentication information in the cache is permanently valid after being updated from the authorization server 103, and when the authorization policy is changed, the authentication information in the cache cannot be updated in real time, so that the terminal still continues to use the authentication information before the change to pass the authentication, and the security of the authentication is reduced.
In view of this, referring to fig. 2, an embodiment of the present invention provides a gateway authentication method, where a real-time cache and a standby cache of the gateway are used to synchronize and cache authentication information that an authorization server passes authentication, and the method includes:
The authentication request in the present application includes receiving a first authentication request of the terminal and receiving a second authentication request after the first authentication of the terminal is successfully completed.
When receiving a first authentication request of the terminal, the processor calls the authorization server to authenticate the authentication information of the terminal, specifically, the authentication information of the terminal is compared with the authentication information prestored in the database of the authorization server, the authentication information is determined to exist and is the same, namely, the authentication succeeds, the processor synchronously updates the authentication information authenticated by the authorization server into the real-time cache and the standby cache, and finally, the processor returns the result of the successful authentication to the terminal.
When a re-request after the terminal completes the first authentication is received, the processor does not call the authorization server any more, and the terminal performs authentication through the real-time cache and the standby cache, which is described in detail in the following steps.
The real-time cache in the application refers to effective cache of the authentication information in the preset time length of timing, and the real-time cache of the new authentication information comprises two forms:
in the first form, the authorization server updates the authentication information successfully authenticated to the real-time cache.
After the real-time cache receives the authentication information which is passed by the latest authentication of the authorization server, the real-time cache starts to trigger and start timing, and the authentication information in the real-time cache is valid within the preset time length of timing, namely, the terminal can perform authentication again through the valid authentication information in the real-time cache before the timing is overtime.
And in the second mode, the standby cache updates the authentication information to the real-time cache.
When the authentication information updated by the authorization server cached in the real-time cache fails, and the authorization server is down, namely the terminal cannot authenticate from the real-time cache and cannot request the authorization server to authenticate, the real-time cache starts to trigger starting timing after receiving the authentication information updated by the standby cache, the authentication information in the real-time cache fails for a preset time length exceeding the timing, the authentication information in the real-time cache is valid within the preset time length of the timing, namely the terminal can authenticate through the valid authentication information in the real-time cache again before the timing is overtime.
The standby cache is used for receiving the authentication information updated by the authorization server synchronously with the real-time cache, but the standby cache is not provided with timing, and the authentication information in the standby cache is always valid.
Specifically, when the authentication information in the real-time cache is invalid and the authorization server is down, the terminal cannot acquire the verification information from the authorization server, and when the processor detects that the condition is met, the processor of the embodiment of the application restarts the timer, so that the invalid authentication information in the real-time cache is updated to be valid.
As an optional implementation manner, the authentication information is read from the standby cache and cached to the real-time cache as new authentication information, restart timing is triggered, the standby cache updates the authentication information to the real-time cache in time, so that the timeliness and effectiveness of authentication operation are guaranteed, the authentication efficiency is improved, the experience of user authentication is improved, when the authentication information updated by the standby cache is acquired from the real-time cache, the start timing is restarted, the timing time exceeds the preset timing duration, and the authentication information updated by the standby cache acquired from the real-time cache is invalidated again.
And step 204, when the authentication information in the real-time cache is valid, reading the authentication information from the real-time cache for authentication.
Generally speaking, when the authentication information in the real-time cache is overtime due to timing and the authorization server is down, the authentication information is automatically updated to the real-time cache through the standby cache, so that the authentication operation can be finished in the real-time cache all the time, the authorization server does not need to wait for recovery, and the conversion between the real-time cache and the standby cache is not needed, the working efficiency of the processor is improved, under the condition of not sacrificing performance, the timeliness and the reliability of the authentication information are met, the authentication efficiency is improved, the experience of a user is also improved, and the user can finish the authentication in time no matter any fault occurs.
As an optional implementation, the method further comprises:
when the authentication information in the real-time cache is invalid and the authorization server is not down, sending the authentication request to the authorization server, and authenticating by the authorization server;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
Specifically, when the authentication information in the real-time cache is invalid, the terminal sends an authentication request, if the authorization server is not down, the standby cache does not need to update the authentication information in the real-time cache, the processor calls the authorization server to perform authentication, and after the authorization server passes the authentication, the authentication information passing the authentication is synchronously cached in the real-time cache and the standby cache so as to be ready for the next time, and the terminal directly obtains the latest updated authentication information from the real-time cache.
As an optional implementation, the method further comprises:
when the real-time cache and the standby cache are determined not to store authentication information, the authentication request is sent to an authorization server, and the authorization server performs authentication by using the authentication information;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
Specifically, in the initial state, after the terminal passes the first authentication after requesting the authorization server, the authorization server synchronously caches the authentication information after the first authentication in the real-time cache and the standby cache.
Referring to the gateway authentication flow chart shown in fig. 3, a detailed authentication process is given, which includes:
and step 310, determining that the authorization server is not down, finishing authentication through the authorization server, and synchronously updating the real-time cache and the standby cache.
Example 2
Based on the same inventive concept, the present application further provides a gateway authentication apparatus, as shown in fig. 4, the apparatus includes:
a receive request module 401, configured to receive an authentication request;
an authentication information validity judging module 402, configured to determine whether the authentication information in the real-time cache is valid, where a start timing is triggered when the new authentication information is cached in the real-time cache, and the authentication information is valid before the timing is overtime;
a restart timing module 403, configured to restart the timing when the authentication information in the real-time cache is invalid and the authorization server goes down, so as to update the invalid authentication information in the cache to be valid;
a reading module 404, configured to read the authentication information from the real-time cache for authentication when the authentication information in the real-time cache is valid.
Optionally, the restart timing module 403 is specifically configured to, when the authentication information in the real-time cache is invalid and the authorization server goes down, read the authentication information from the standby cache as a new authentication information cache to the real-time cache, and trigger restarting timing.
Optionally, the apparatus further comprises:
an authentication request sending module 405, configured to send the authentication request to an authorization server when the authentication information in the real-time cache is invalid and the authorization server is not down, and perform authentication by the authorization server;
a first receiving synchronous authentication information module 406, configured to receive the authentication information sent by the authorization server, and synchronously cache the received authentication information in the real-time cache and the standby cache.
Optionally, the apparatus further comprises:
an authentication module 407, configured to send the authentication request to an authorization server when it is determined that the real-time cache and the standby cache do not store authentication information, where the authorization server performs authentication using the authentication information;
and a second receiving synchronous authentication information module 408, which receives the authentication information sent by the authorization server authentication pass and synchronously caches the received authentication information to the real-time cache and the standby cache.
Having described the gateway authentication method and apparatus according to an exemplary embodiment of the present application, an electronic device according to another exemplary embodiment of the present application is described next.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible implementations, an electronic device according to the present application may include at least one processor, and at least one memory. Wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the gateway authentication method according to various exemplary embodiments of the present application described above in the present specification.
The electronic device 130 according to this embodiment of the present application, i.e., the above-described gateway authentication device, is described below with reference to fig. 5. The electronic device 130 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 5, the electronic device 130 is represented in the form of a general electronic device. The components of the electronic device 130 may include, but are not limited to: the at least one processor 131, the at least one memory 132, and a bus 133 that connects the various system components (including the memory 132 and the processor 131).
Bus 133 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.
The memory 132 may include readable media in the form of volatile memory, such as Random Access Memory (RAM)1321 and/or cache memory 1322, and may further include Read Only Memory (ROM) 1323.
The electronic device 130 may also communicate with one or more external devices 134 (e.g., keyboard, pointing device, etc.), with one or more devices that enable a user to interact with the electronic device 130, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 130 to communicate with one or more other electronic devices. Such communication may occur via input/output (I/O) interfaces 135. Also, the electronic device 130 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 136. As shown, network adapter 136 communicates with other modules for electronic device 130 over bus 133. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with electronic device 130, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In some possible embodiments, aspects of a gateway authentication method provided herein may also be implemented in the form of a program product including program code for causing a computer device to perform the steps of a gateway authentication method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The program product for monitoring of the embodiments of the present application may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on an electronic device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the consumer electronic device, partly on the consumer electronic device, as a stand-alone software package, partly on the consumer electronic device and partly on a remote electronic device, or entirely on the remote electronic device or server. In the case of remote electronic devices, the remote electronic devices may be connected to the consumer electronic device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external electronic device (e.g., through the internet using an internet service provider).
It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and block diagrams, and combinations of flows and blocks in the flow diagrams and block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A gateway authentication method, the real-time cache and the standby cache of the gateway are used for synchronously caching authentication information which passes authentication of an authorization server, and the method is characterized by comprising the following steps;
receiving an authentication request;
determining whether the authentication information in the real-time cache is valid, wherein the starting timing is triggered when the new authentication information is cached to the real-time cache, and the authentication information is valid before the timing is overtime;
when the authentication information in the real-time cache is invalid and the authorization server goes down, restarting the timing to update the invalid authentication information in the real-time cache to be valid;
and when the authentication information in the real-time cache is valid, reading the authentication information from the real-time cache for authentication.
2. The method of claim 1, wherein restarting the timer when the authentication information in the real-time cache is invalid and an authorized server is down comprises:
and when the authentication information in the real-time cache is invalid and the authorization server goes down, reading the authentication information from the standby cache as new authentication information to cache in the real-time cache, and triggering to restart timing.
3. The method of claim 1, further comprising:
when the authentication information in the real-time cache is invalid and the authorization server is not down, sending the authentication request to the authorization server, and authenticating by the authorization server;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
4. The method of claim 1, further comprising:
when the real-time cache and the standby cache are determined not to store authentication information, the authentication request is sent to an authorization server, and the authorization server performs authentication by using the authentication information;
and receiving authentication information which is sent by the authentication of the authorization server, and synchronously caching the received authentication information to the real-time cache and the standby cache.
5. A gateway authentication apparatus, comprising:
a receiving request module for receiving an authentication request;
the authentication information validity judging module is used for determining whether the authentication information in the real-time cache is valid or not, wherein the starting timing is triggered when the new authentication information is cached to the real-time cache, and the authentication information is valid before the timing is overtime;
the restarting timing module is used for restarting the timing when the authentication information in the real-time cache is invalid and the authorization server goes down so as to update the invalid authentication information in the cache to be valid;
and the reading module is used for reading the authentication information from the real-time cache for authentication when the authentication information in the real-time cache is valid.
6. The apparatus according to claim 5, wherein the restart timing module is specifically configured to, when the authentication information in the real-time cache is invalid and the authorization server goes down, read the authentication information from the standby cache as new authentication information to cache in the real-time cache, and trigger restart timing.
7. The apparatus of claim 5, further comprising:
the authentication request sending module is used for sending the authentication request to an authorization server and carrying out authentication by the authorization server when the authentication information in the real-time cache is invalid and the authorization server is not down;
and the first receiving synchronous authentication information module is used for receiving the authentication information which is sent by the authorization server authentication and synchronously caching the received authentication information to the real-time cache and the standby cache.
8. The apparatus of claim 5, further comprising:
the authentication module is used for sending the authentication request to an authorization server when the real-time cache and the standby cache do not store authentication information, and the authorization server performs authentication by using the authentication information;
and the second synchronous authentication information receiving module is used for receiving the authentication information which is sent by the authentication passing of the authorization server and synchronously caching the received authentication information to the real-time cache and the standby cache.
9. An electronic device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-4.
10. A computer storage medium, characterized in that the computer storage medium stores a computer program for causing a computer to perform the method according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110836790.7A CN113556349A (en) | 2021-07-23 | 2021-07-23 | Gateway authentication method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110836790.7A CN113556349A (en) | 2021-07-23 | 2021-07-23 | Gateway authentication method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113556349A true CN113556349A (en) | 2021-10-26 |
Family
ID=78132615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110836790.7A Pending CN113556349A (en) | 2021-07-23 | 2021-07-23 | Gateway authentication method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113556349A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6070233A (en) * | 1996-01-26 | 2000-05-30 | Unisys Corporation | Processor bus traffic optimization system for multi-level cache utilizing reflection status bit to indicate data inclusion in higher level cache |
| CN1867025A (en) * | 2005-12-20 | 2006-11-22 | 华为技术有限公司 | Method for carrying out charging control on pre-payment user |
| CN101668224A (en) * | 2009-09-21 | 2010-03-10 | 中兴通讯股份有限公司 | Method and system for network television emergency |
| CN103207841A (en) * | 2013-03-06 | 2013-07-17 | 青岛海信传媒网络技术有限公司 | Method and device for data reading and writing on basis of key-value buffer |
| CN105335512A (en) * | 2015-10-30 | 2016-02-17 | 小米科技有限责任公司 | Data inquiry method and device |
| CN108509562A (en) * | 2018-03-23 | 2018-09-07 | 聚好看科技股份有限公司 | Method for processing business, device, electronic equipment and storage medium |
| CN109617907A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | Authentication method, electronic device and computer readable storage medium |
| CN110300056A (en) * | 2019-06-28 | 2019-10-01 | 四川长虹电器股份有限公司 | A kind of real-time response formula API gateway and its request processing method |
| CN111901290A (en) * | 2020-06-03 | 2020-11-06 | 瑞数信息技术(上海)有限公司 | Identity authentication method and device |
| CN112579698A (en) * | 2020-12-02 | 2021-03-30 | 京东数字科技控股股份有限公司 | Data synchronization method, device, gateway equipment and storage medium |
-
2021
- 2021-07-23 CN CN202110836790.7A patent/CN113556349A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6070233A (en) * | 1996-01-26 | 2000-05-30 | Unisys Corporation | Processor bus traffic optimization system for multi-level cache utilizing reflection status bit to indicate data inclusion in higher level cache |
| CN1867025A (en) * | 2005-12-20 | 2006-11-22 | 华为技术有限公司 | Method for carrying out charging control on pre-payment user |
| CN101668224A (en) * | 2009-09-21 | 2010-03-10 | 中兴通讯股份有限公司 | Method and system for network television emergency |
| CN103207841A (en) * | 2013-03-06 | 2013-07-17 | 青岛海信传媒网络技术有限公司 | Method and device for data reading and writing on basis of key-value buffer |
| CN105335512A (en) * | 2015-10-30 | 2016-02-17 | 小米科技有限责任公司 | Data inquiry method and device |
| CN108509562A (en) * | 2018-03-23 | 2018-09-07 | 聚好看科技股份有限公司 | Method for processing business, device, electronic equipment and storage medium |
| CN109617907A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | Authentication method, electronic device and computer readable storage medium |
| CN110300056A (en) * | 2019-06-28 | 2019-10-01 | 四川长虹电器股份有限公司 | A kind of real-time response formula API gateway and its request processing method |
| CN111901290A (en) * | 2020-06-03 | 2020-11-06 | 瑞数信息技术(上海)有限公司 | Identity authentication method and device |
| CN112579698A (en) * | 2020-12-02 | 2021-03-30 | 京东数字科技控股股份有限公司 | Data synchronization method, device, gateway equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 富亚军等, 机械工业出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8601109B2 (en) | Incremental browser-based device fingerprinting | |
| US9350826B2 (en) | Pre-fetching data | |
| CN102934101A (en) | Transparent access mechanism for local and remote data | |
| CN109597719A (en) | A kind of monitoring method of multiple nucleus system, system, device and readable storage medium storing program for executing | |
| CN110221949A (en) | Automate operation management method, apparatus, equipment and readable storage medium storing program for executing | |
| CN109361542A (en) | The fault handling method of client, device, system, terminal and server | |
| CN111045797A (en) | Task scheduling execution method, related device and medium | |
| CN111404918A (en) | Cloud mobile phone distributed service emergency authentication method, device and system | |
| CN112527901A (en) | Data storage system, method, computing device and computer storage medium | |
| US8719622B2 (en) | Recording and preventing crash in an appliance | |
| CN111813518A (en) | Robot early warning method and device, computer equipment and storage medium | |
| CN110912990A (en) | Method and related equipment for updating consensus period | |
| CN108521342B (en) | Cluster management method and device | |
| CN104333588A (en) | Page timing method and device | |
| CN102622254B (en) | Television outage disposal route and system | |
| CN114090191A (en) | Method, device and equipment for scheduling storage resources and storage medium | |
| CN110427296A (en) | A kind of method being monitored based on hardware WDT, equipment and readable medium | |
| CN113556349A (en) | Gateway authentication method and device and electronic equipment | |
| WO2015117458A1 (en) | Fault information collection method, device and system | |
| CN114020313A (en) | Application updating method and related equipment | |
| CN111221556B (en) | Remote upgrade RSU mirror image method and system | |
| CN113377385A (en) | Client automatic deployment method and device | |
| CN114629694B (en) | Distributed denial of service (DDoS) detection method and related device | |
| US20240143302A1 (en) | Application downloading processing method, apparatus, and device, and storage medium | |
| CN109614255B (en) | Transaction request processing method, device, medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211026 |