[go: up one dir, main page]

CN1652507A - Method for providing self-service - Google Patents

Method for providing self-service Download PDF

Info

Publication number
CN1652507A
CN1652507A CN 200410000499 CN200410000499A CN1652507A CN 1652507 A CN1652507 A CN 1652507A CN 200410000499 CN200410000499 CN 200410000499 CN 200410000499 A CN200410000499 A CN 200410000499A CN 1652507 A CN1652507 A CN 1652507A
Authority
CN
China
Prior art keywords
self
client
service
server
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200410000499
Other languages
Chinese (zh)
Other versions
CN1652507B (en
Inventor
刘刀桂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 200410000499 priority Critical patent/CN1652507B/en
Publication of CN1652507A publication Critical patent/CN1652507A/en
Application granted granted Critical
Publication of CN1652507B publication Critical patent/CN1652507B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

本发明公开了一种自助服务的提供方法,包括将自主服务器的地址信息存储在存储单元中;当认证服务器对客户端的身份标识进行认证通过后,认证设备允许客户端访问网络资源时,将存储单元存储的自主服务器的地址信息发送给客户端;客户端利用接收的自主服务器的地址信息访问自主服务器提供的公共自助服务资源。本发明自助服务的提供方法使用户在不必记忆自主服务器的IP地址或URL信息的情况下,能够随时访问自主服务器提供的各种自助服务资源,使用户使用方便且有利于自助服务提供商对自主服务器的维护。

Figure 200410000499

The invention discloses a method for providing self-service, which includes storing the address information of the autonomous server in a storage unit; when the authentication server authenticates the identity of the client and the authentication device allows the client to access network resources, the stored The address information of the autonomous server stored in the unit is sent to the client; the client uses the received address information of the autonomous server to access the public self-service resources provided by the autonomous server. The self-service providing method of the present invention enables users to access various self-service resources provided by the self-service server at any time without having to memorize the IP address or URL information of the self-service server, which makes the user convenient to use and is beneficial to the self-service provider's self-service Server maintenance.

Figure 200410000499

Description

自助服务的提供方法How to Provide Self-Service

技术领域technical field

本发明涉及数据通信领域,特别涉及在Internet网络系统中自助服务的提供方法。The invention relates to the field of data communication, in particular to a method for providing self-service in an Internet network system.

背景技术Background technique

随着用户对自助服务需求的逐步增大,许多因特网服务提供商(ISP,Internet Service Provider)和因特网内容提供商(ICP,Internet Content Provider)都向用户提供了自助服务业务。目前,自助服务主要向用户提供下列业务:With the gradual increase of users' demand for self-service, many Internet Service Providers (ISP, Internet Service Provider) and Internet Content Providers (ICP, Internet Content Provider) have provided self-service services to users. Currently, self-service mainly provides users with the following services:

用户按照自己的方式设置访问自助服务网站的用户名和口令,并可以根据需要随时修改设置的用户名和口令,因此方便了用户对自己的用户名和口令信息的记忆;The user sets the user name and password for accessing the self-service website in his own way, and can modify the set user name and password at any time as needed, so it is convenient for the user to remember his user name and password information;

用户随时查询自己使用网络流量及使用网络时间的情况;Users can check their own network traffic and network time at any time;

用户设置自己使用网络的带宽,并选择访问网络资源的访问控制能力,及根据自己的情况定制一些如虚拟专用网(VPN,Virtual Private Network)业务、存储业务、组播业务、安全业务或资费业务等方面的应用业务。Users set the bandwidth of the network they use, and choose access control capabilities for accessing network resources, and customize some services such as virtual private network (VPN, Virtual Private Network) services, storage services, multicast services, security services or tariff services according to their own conditions and other aspects of application business.

目前,各个ISP或ICP向用户提供自助服务的主要方式是在自身网络系统中心设置一台专门的自主服务器,主要用于存储登记在此自主服务器上的用户的各种信息,如用户的用户名信息、用户口令信息及用户使用网络流量的信息及用户使用网络时间的信息等。该自主服务器能够根据用户发来的各种查询信息的请求,查找对应该用户的数据库,并将查找到的对应信息反馈给用户;同时能够根据用户发来的各种设置信息(如用户名、用户口令等)和定制业务(如VPN业务、存储业务或组播业务等),将相应设置信息和定制业务存储到对应该用户的数据库中。At present, the main way for each ISP or ICP to provide users with self-service is to set up a dedicated autonomous server in the center of its own network system, which is mainly used to store various information of users registered on this autonomous server, such as the user's username information, user password information, information on network traffic used by users, and information on network time used by users, etc. The autonomous server can search for the database corresponding to the user according to various query information requests sent by the user, and feed back the corresponding information found to the user; User password, etc.) and customized services (such as VPN service, storage service or multicast service, etc.), and store the corresponding setting information and customized services in the database corresponding to the user.

但是各个ISP或ICP采用上述自助服务的提供方式,用户访问自主服务器时,需要通过在自己的客户端上使用IE(Internet Explorer)来键入自主服务器的IP地址或通用资源定位符(URL,Uniform Resource Locator),然后通过自主服务器的IP地址或URL信息登录到自主服务器,访问自主服务器提供的各种自助服务资源;用户再进一步通过在自主服务器上输入自己的用户名和口令,来进一步访问和查询对应自己的自助服务资源。因此,这种自助服务提供方式也就要求用户要记住自主服务器的IP地址或URL信息,才能登陆自主服务器,来访问自主服务器提供的各种自助服务资源;同时要求用户在记住自主服务器的IP地址或URL信息时,还要进一步记住自己访问自助服务资源的用户名和口令,才能进而访问到对应自己的自助服务资源。However, each ISP or ICP adopts the above-mentioned self-service provision method. When a user accesses the autonomous server, he needs to use IE (Internet Explorer) on his own client to key in the IP address or Universal Resource Locator (URL, Uniform Resource) of the autonomous server. Locator), and then log in to the autonomous server through the IP address or URL information of the autonomous server to access various self-service resources provided by the autonomous server; the user can further access and query the corresponding resources by entering their own user name and password on the autonomous server. Your own self-service resources. Therefore, this self-service provision method also requires users to remember the IP address or URL information of the autonomous server in order to log in to the autonomous server to access various self-service resources provided by the autonomous server; For IP address or URL information, you need to further remember your user name and password for accessing self-service resources, so as to access the corresponding self-service resources.

综上,现有自助服务的提供方式主要存在以下不足:To sum up, the existing self-service provision methods mainly have the following deficiencies:

要求用户必须记住自主服务器的IP地址或URL信息,才能访问自主服务器提供的各种自助服务资源,用户使用起来十分不便;Users are required to remember the IP address or URL information of the autonomous server in order to access various self-service resources provided by the autonomous server, which is very inconvenient for users to use;

同理,要求用户必须记住自己的用户名和口令信息,才能在自主服务器上访问到对应自己的自助服务资源,用户使用起来同样十分不便;Similarly, users are required to remember their username and password information in order to access their own self-service resources on the autonomous server, which is also very inconvenient for users to use;

如果由于网络升级或自助服务提供商发生变化等原因而引起的自主服务器发生变化,则需要自助服务提供商通知所有用户,其自主服务器发生变化后的IP地址或URL信息,才能使网络系统的自主服务器被正常访问,因此可维护性较差。If the autonomous server changes due to network upgrades or changes in the self-service provider, the self-service provider needs to notify all users of the IP address or URL information after the change in the autonomous server in order to make the network system autonomous The server is accessed normally, so it is less maintainable.

发明内容Contents of the invention

本发明要解决的技术问题是提出一种自助服务的提供方法,以使用户在不必记忆自主服务器的IP地址或URL信息的情况下,也能随时访问自主服务器提供的各种自助服务资源,使用户使用方便且有利于自助服务提供商对自主服务器的维护。The technical problem to be solved by the present invention is to propose a method for providing self-service, so that users can access various self-service resources provided by the self-service server at any time without memorizing the IP address or URL information of the self-service server. It is convenient for users and beneficial for self-service providers to maintain their own servers.

为解决上述问题,本发明提出了一种自助服务的提供方法,用于为网络系统提供自助服务,所述网络系统包括客户端、认证设备、认证服务器、自主服务器和存储单元,所述客户端通过自身的身份标识来表明自己的身份,包括:In order to solve the above problems, the present invention proposes a method for providing self-service, which is used to provide self-service for a network system. The network system includes a client, an authentication device, an authentication server, an autonomous server, and a storage unit. The client Identify yourself by identifying yourself, including:

(1)将自主服务器的地址信息存储在存储单元中;(1) storing the address information of the autonomous server in the storage unit;

(2)当认证服务器对客户端的身份标识进行认证通过后,认证设备允许客户端访问网络资源时,将存储单元存储的自主服务器的地址信息发送给客户端;(2) After the authentication server authenticates the identity of the client, and the authentication device allows the client to access network resources, the address information of the autonomous server stored in the storage unit is sent to the client;

(3)客户端利用接收的自主服务器的地址信息访问自主服务器提供的公共自助服务资源。(3) The client uses the received address information of the autonomous server to access the public self-service resources provided by the autonomous server.

其中步骤(1)中还包括:当自主服务器的地址信息发生变化时,及时更新存储在存储单元中的自主服务器的地址信息;并将变化后的自主服务器的地址信息发送给客户端。The step (1) further includes: when the address information of the autonomous server changes, updating the address information of the autonomous server stored in the storage unit in time; and sending the changed address information of the autonomous server to the client.

所述地址信息为自主服务器的IP地址或自主服务器的通用资源定位符。The address information is the IP address of the autonomous server or the universal resource locator of the autonomous server.

其中用户使用对应自己的用户自助服务请求身份标识作为访问对应自己的自助服务资源的合法密钥。The user uses the corresponding user self-service request identity as the legal key to access the corresponding self-service resource.

步骤(1)中还包括:建立客户端的身份标识和用户自助服务请求身份标识之间的映射关系,并将所述映射关系存储在存储单元中;Step (1) also includes: establishing a mapping relationship between the identity of the client and the identity of the user's self-service request, and storing the mapping in a storage unit;

步骤(2)中所述在客户端的身份标识通过认证后还包括:存储单元根据客户端的身份标识在所述映射关系中查找对应的用户自助服务请求身份标识,并将查找到的用户自助服务请求身份标识发送给客户端;In the step (2), after the identity of the client is authenticated, it also includes: the storage unit searches for the corresponding user self-service request identity in the mapping relationship according to the identity of the client, and sends the found user self-service request The identity is sent to the client;

步骤(3)之后还包括:客户端将接收的自主服务器的通用资源定位符和用户自助服务请求身份标识组合成新的通用资源定位符,并利用所述新的通用资源定位符进而在自主服务器提供的公共自助服务资源上访问对应该用户的自助服务资源。After step (3), it also includes: the client combines the received universal resource locator of the autonomous server and the identity of the user self-service request into a new universal resource locator, and uses the new universal resource locator to send the URL to the autonomous server. Access the self-service resources corresponding to the user on the provided public self-service resources.

本发明能够达到的有益效果如下:The beneficial effect that the present invention can reach is as follows:

本发明自助服务的提供方法通过将自主服务器的地址信息进行预先存储,在客户端的身份标识通过认证后,将存储的自主服务器的地址信息发送给客户端,客户端再通过接收的自主服务器的地址信息访问自主服务器提供的自助服务资源,所以不要求用户记忆自主服务器的地址信息;同时当自主服务器的地址信息发生变化时,自助服务提供商无需通知每一用户变化后的自主服务器的地址信息,从而使用户能够较为方便的使用自助服务,且便于自助服务提供商的维护。The self-service providing method of the present invention stores the address information of the autonomous server in advance, and after the identity of the client is authenticated, sends the stored address information of the autonomous server to the client, and the client receives the address of the autonomous server Information accesses the self-service resources provided by the autonomous server, so users are not required to memorize the address information of the autonomous server; at the same time, when the address information of the autonomous server changes, the self-service provider does not need to notify each user of the changed address information of the autonomous server. Therefore, the user can use the self-service more conveniently, and it is convenient for the maintenance of the self-service provider.

本发明自助服务的提供方法还将客户端的身份标识和用户自助服务请求身份标识的映射关系存储,使客户端在接收到自主服务器的通用资源定位符和用户自助服务请求身份标识后,组合成新的通用资源定位符去访问自主服务器中对应该用户的自助服务资源,所以也不要求用户记忆自己的用户自助服务请求身份标识,也为用户使用自助服务提供了方便。The self-service providing method of the present invention also stores the mapping relationship between the identity of the client and the identity of the user's self-service request, so that the client can combine it into a new The universal resource locator to access the self-service resources corresponding to the user in the autonomous server, so the user is not required to remember his own user self-service request identity, which also provides convenience for users to use self-service.

附图说明Description of drawings

图1是利用本发明自助服务的提供方法访问公共自助服务资源的流程图;Fig. 1 is a flow chart of accessing public self-service resources using the self-service providing method of the present invention;

图2是利用本发明自助服务的提供方法访问对应用户的自助服务资源的流程图;Fig. 2 is a flowchart of accessing self-service resources of corresponding users by using the self-service providing method of the present invention;

图3是在本发明自助服务的提供方法中客户端的ID和用户自助服务请求的ID之间的映射关系示意图;3 is a schematic diagram of the mapping relationship between the ID of the client and the ID of the user's self-service request in the self-service providing method of the present invention;

图4是本发明自助服务的提供方法采用动态时间间隔的发送规律示意图;Fig. 4 is a schematic diagram of a sending rule using a dynamic time interval in the self-service providing method of the present invention;

图5是现有技术局域网系统中802.1X认证网络系统的结构原理图;Fig. 5 is a structural principle diagram of the 802.1X authentication network system in the prior art LAN system;

图6是现有技术可扩展认证协议报文的标准格式;FIG. 6 is a standard format of an extensible authentication protocol message in the prior art;

图7是现有技术中主要四种EAP报文类型;Figure 7 shows the main four EAP packet types in the prior art;

图8是在本发明自助服务的提供方法中扩展的一种报文类型;Fig. 8 is a message type extended in the self-service providing method of the present invention;

图9是本发明自助服务的提供方法在802.1X认证网络系统中,传输自主服务器的地址信息的过程图;Fig. 9 is a process diagram of transmitting the address information of the autonomous server in the self-service providing method of the present invention in the 802.1X authentication network system;

图10是本发明自助服务的提供方法在802.1X认证网络系统中,传输自主服务器的地址信息和用户自助服务请求的ID信息的过程图。FIG. 10 is a process diagram of transmitting the address information of the autonomous server and the ID information requested by the user for self-service in the 802.1X authentication network system of the self-service providing method of the present invention.

具体实施方式Detailed ways

本发明自助服务的提供方法设计宗旨是:在提供自助服务的网络系统中,将自主服务器的地址信息(可以为自主服务器的IP地址,也可以为自主服务器的通用资源定位符URL)预先进行存储,在后续客户端有上网需求时,待客户端的身份标识(即要求上网客户端的ID信息,一般包括用户的用户名和口令信息等)通过认证后,再将预先存储的自主服务器的地址信息发送到客户端,客户端根据接收的自助服务器的地址信息访问自主服务器提供的公共自助服务资源。The design purpose of the self-service providing method of the present invention is: in the network system providing self-service, the address information of the autonomous server (which can be the IP address of the autonomous server, or the universal resource locator URL of the autonomous server) is stored in advance , when the subsequent client has a need to access the Internet, after the identity of the client (that is, the ID information of the client required to access the Internet, generally including the user's username and password information, etc.) Client, the client accesses the public self-service resources provided by the self-service server according to the received address information of the self-service server.

更进一步,在存储的自主服务器的地址信息为通用资源定位符URL时,还可以将客户端的ID和用户自助服务请求身份标识(即用户自助服务请求的ID)建立成映射关系,在客户端的ID通过认证,可以访问网络资源时,进而根据客户端的ID在所形成的映射关系中查找对应的用户自助服务请求的ID;然后将存储的自主服务器的URL和查找到的用户自助服务请求的ID信息分别发送到客户端,客户端将自主服务器的URL和用户自助服务请求的ID信息组合成新的URL作为在自主服务器提供的公共自助服务资源上进而访问对应该用户的自助服务资源的访问参数,来实现访问对应用户的自助服务资源的目的。Furthermore, when the stored address information of the autonomous server is a URL, the ID of the client and the identity of the user self-service request (that is, the ID of the user self-service request) can also be established as a mapping relationship. When the network resources can be accessed through authentication, the ID of the corresponding user self-service request is searched in the mapping relationship formed according to the client ID; Send them to the client respectively, and the client will combine the URL of the autonomous server and the ID information of the user's self-service request into a new URL as the access parameters for accessing the self-service resources corresponding to the user on the public self-service resources provided by the autonomous server. To achieve the purpose of accessing the self-service resources of the corresponding user.

综上,从而可以实现用户不用记忆自主服务器的地址信息和自身的用户自助服务请求的ID信息,就可以直接访问自助服务资源,为用户提供了很大的方便。下面结合实施例详细说明本发明自助服务的提供方法的具体实现:To sum up, the user can directly access the self-service resource without memorizing the address information of the autonomous server and the ID information of the user self-service request, which provides great convenience for the user. The specific implementation of the self-service providing method of the present invention will be described in detail below in conjunction with the embodiments:

其中在提供自助服务功能的网络系统中,一般包括自主服务器,用于为用户提供各种自助服务资源;还包括客户端,即为用户浏览网页,访问自主服务器的终端计算机设备等;还包括有存储单元,用于存储自主服务器的地址信息和其他相关信息等。参照图1,该图是利用本发明自助服务的提供方法访问公共自助服务资源的流程图,其具体的实现过程如下:Among them, in the network system that provides self-service functions, it generally includes an autonomous server, which is used to provide users with various self-service resources; it also includes a client, that is, a terminal computer device that browses web pages for users and accesses the autonomous server; it also includes The storage unit is used to store the address information of the autonomous server and other relevant information, etc. With reference to Fig. 1, this figure is the flow chart of utilizing the self-service providing method of the present invention to access public self-service resources, and its specific implementation process is as follows:

步骤10,首先由网管人员通过人机接口将自主服务器的地址信息(即自主服务器的URL信息或自主服务器的IP地址信息)存储在存储单元中,如在提供自助服务功能的网络系统中,自主服务器的地址信息为192.168.0.1或www.Selfservice.com时,就将IP地址192.168.0.1存储在存储单元中或将URL信息www.Selfservice.com存储在存储单元中;并后续由于网络升级等原因而导致自主服务器的地址信息发生变化时,网管人员要及时通过人机接口将存储的自主服务器的地址信息更新为变化后新的自主服务器的地址信息。Step 10, first store the address information of the autonomous server (that is, the URL information of the autonomous server or the IP address information of the autonomous server) in the storage unit by the network administrator through the man-machine interface, such as in a network system that provides self-service functions, the autonomous server When the address information of the server is 192.168.0.1 or www.Selfservice.com, the IP address 192.168.0.1 is stored in the storage unit or the URL information www.Selfservice.com is stored in the storage unit; and subsequent network upgrades and other reasons When the address information of the autonomous server changes, the network management personnel should update the stored address information of the autonomous server to the new address information of the autonomous server through the man-machine interface in time.

步骤20,当用户准备通过客户端进行浏览互联网资源时,要首先对客户端的身份标识ID(包括用户名和口令)进行认证,并判断认证是否能够通过,如果是,则转至步骤30;如果否,则转至步骤50。Step 20, when the user is going to browse Internet resources through the client, at first the identity ID (comprising user name and password) of the client is authenticated, and judges whether authentication can pass, if yes, then go to step 30; If not , go to step 50.

步骤30,认证通过,即客户端的ID是合法的,允许该客户端接入到互联网系统中,进行浏览互联网资源,这时存储单元就将预先存储的自主服务器的地址信息发送给客户端。Step 30, if the authentication is passed, that is, the ID of the client is legal, the client is allowed to access the Internet system and browse Internet resources, and then the storage unit sends the pre-stored address information of the autonomous server to the client.

步骤40,客户端接收到自主服务器的地址信息后,在判断出该地址信息为有效的情况下,就会以该自主服务器的地址信息作为访问自主服务器的参数,通过将该地址信息输入到客户端自身具有的浏览器IE中,作为Web访问参数向自主服务器发起HTTP连接请求,这样,用户就可以通过客户端登陆自主服务器,访问自主服务器的公共自助服务资源,并在公共自助服务资源网页上进行操作了。Step 40, after the client receives the address information of the autonomous server, if it judges that the address information is valid, it will use the address information of the autonomous server as a parameter for accessing the autonomous server, and input the address information to the client In the browser IE owned by the terminal itself, an HTTP connection request is initiated to the autonomous server as a Web access parameter. In this way, the user can log in to the autonomous server through the client, access the public self-service resources of the autonomous server, and access the public self-service resources on the public self-service resource webpage. It's done.

步骤50,认证失败,即客户端的ID是非法的,网络系统将不允许该客户端接入到互联网系统中,所以过程宣告结束。Step 50, the authentication fails, that is, the ID of the client is illegal, and the network system will not allow the client to access the Internet system, so the process ends.

但是,通过上述流程处理后,用户通过客户端只能访问自主服务器提供的公共自助服务资源,而不能进入到对应自己的自助服务资源网页中,因此本发明自助服务的提供方法又继而将用户自助服务请求身份标识和客户端的ID之间建立映射关系并将该映射关系存储,以使在客户端的ID通过认证后,同时将自主服务器的URL和对应的用户自助服务请求身份标识发送给客户端,以使客户端使用这两个信息作为访问自主服务器的参数,在自主服务器提供的公共自助服务资源上进而能进入到对应该用户的自助服务资源网页中。参照图2,该图是利用本发明自助服务的提供方法访问对应用户的自助服务资源的流程图,其具体实现如下:However, after processing through the above process, the user can only access the public self-service resources provided by the autonomous server through the client, but cannot enter the corresponding self-service resource webpage. Establish a mapping relationship between the service request identity and the client ID and store the mapping relationship, so that after the client ID is authenticated, the URL of the main server and the corresponding user self-service request identity are sent to the client at the same time, The client uses these two pieces of information as parameters for accessing the self-service server, and then can enter the self-service resource webpage corresponding to the user on the public self-service resources provided by the self-service server. Referring to Fig. 2, this figure is a flow chart of using the self-service providing method of the present invention to access the self-service resources of corresponding users, and its specific implementation is as follows:

步骤100,首先将客户端的ID和对应使用该客户端的用户自助服务请求身份标识(主要包括用户访问对应自己的自助服务资源的用户名和口令,以下简称用户自助服务请求的ID)之间建立成映射关系,参照图3,该图是客户端的ID和用户自助服务请求的ID之间的映射关系示意图;图中表示:对应客户端的ID为A的用户自助服务请求的ID为a,对应客户端的ID为B的用户自助服务请求的ID为b,其中A、B主要包括客户端在要求上网时需要输入的用户名User和口令信息Key;a、b主要包括用户在要求访问对应自己的自助服务资源时需要输入的用户名User和口令信息Key。Step 100, first establish a mapping between the ID of the client and the identity of the user's self-service request corresponding to the client (mainly including the user name and password for the user to access the corresponding self-service resource, hereinafter referred to as the ID of the user's self-service request) Relationship, refer to Figure 3, which is a schematic diagram of the mapping relationship between the ID of the client and the ID of the user's self-service request; The ID of the user self-service request for B is b, where A and B mainly include the user name User and password information Key that the client needs to input when requesting to surf the Internet; a and b mainly include the user’s request to access the corresponding self-service resources The user name User and password information Key that need to be entered.

步骤200,分别将自主服务器的URL和步骤100中形成的各个映射关系存储到存储单元中。In step 200, respectively store the URL of the master server and each mapping relationship formed in step 100 into a storage unit.

步骤300,当用户准备通过客户端进行浏览互联网资源时,要首先对客户端的ID进行认证,并判断认证是否能够通过,如果是,则分别转至步骤400和500;如果否,则转至步骤900。Step 300, when the user intends to browse Internet resources through the client, firstly the ID of the client is authenticated, and it is judged whether the authentication can pass, if yes, then go to steps 400 and 500 respectively; if not, then go to step 900.

步骤400,存储单元将预先存储的自主服务器的URL发送给客户端;同时在步骤500中,存储单元根据客户端的ID在存储的映射关系中查找到对应的用户自助服务请求的ID,然后在步骤600中,存储单元将查找到的用户自助服务请求的ID也发送给客户端;In step 400, the storage unit sends the URL of the pre-stored autonomous server to the client; at the same time, in step 500, the storage unit finds the ID of the corresponding user self-service request in the stored mapping relationship according to the ID of the client, and then in step In 600, the storage unit also sends the found ID of the user self-service request to the client;

步骤700中,客户端先利用接收到的自主服务器的URL信息访问自主服务器的公共自助服务资源,再将接收到的自主服务器的URL和用户自助服务请求的ID组合成新的URL信息,这里对组合举个例子进行说明:例如自主服务器的URL为http://www.selfserver.com/service/self.htm时,客户端和自主服务器约定用户名“UserName”标识(此处用户名UserName和其对应的口令信息即为用户自助服务请求的ID)。现在有一个名为“zhangsan”的用户需要使用自助服务;则客户端会将自主服务器的URL:In step 700, the client first uses the received URL information of the autonomous server to access the public self-service resources of the autonomous server, and then combines the received URL of the autonomous server and the ID of the user's self-service request to form new URL information. The combination is illustrated with an example: for example, when the URL of the self-server is http://www.selfserver.com/service/self.htm, the client and the self-server agree on the user name "UserName" (here the user name UserName and its The corresponding password information is the ID of the user self-service request). Now there is a user named "zhangsan" who needs to use self-service; then the client will send the URL of the self-service server:

http://www.selfserver.com/service/self.htmhttp://www.selfserver.com/service/self.htm

和该用户的用户名zhangsan组合成新的URL:Combine with the user's username zhangsan to form a new URL:

http://www.selfserver.com/service/self.htm?UserName=zhangsan。http://www.selfserver.com/service/self.htm? UserName=zhangsan.

步骤800,客户端将组合后的新的URL作为在自主服务器提供的公共自助服务资源上进而访问对应该用户的自助服务资源的Web参数,向自主服务器发起HTTP连接请求,这样,用户就可以通过客户端到自主服务器上进而访问对应自己的自助服务资源网页了,并在对应自己的自助服务资源网页上进行相应查询操作和设置操作。In step 800, the client uses the combined new URL as a Web parameter to access the self-service resource corresponding to the user on the public self-service resource provided by the autonomous server, and initiates an HTTP connection request to the autonomous server, so that the user can pass The client goes to the autonomous server and then accesses the corresponding self-service resource webpage, and performs corresponding query operations and setting operations on the corresponding self-service resource webpage.

步骤900,认证失败,即客户端的ID是非法的,网络系统将不允许该客户端接入到互联网系统中,所以过程宣告结束。In step 900, the authentication fails, that is, the ID of the client is illegal, and the network system will not allow the client to access the Internet system, so the process ends.

为了保证用户在自己使用的客户端的ID通过认证后,在后续任何时候都能随时访问自助服务资源,同时为了降低设置有存储单元的设备的发送次数,本发明自助服务的提供方法采用下面的触发发送条件和发送时间间隔方式:In order to ensure that the user can access the self-service resources at any time after the ID of the client used by the user passes the authentication, and at the same time, in order to reduce the number of transmissions of the device with the storage unit, the self-service provision method of the present invention adopts the following triggers Sending conditions and sending interval mode:

触发发送条件:Trigger send condition:

(1)存储单元在客户端的ID通过认证后,及时发送存储的自主服务器的地址信息或用户自助服务请求的ID信息给客户端;(1) After the ID of the client is authenticated, the storage unit sends the address information of the stored autonomous server or the ID information of the user's self-service request to the client in time;

(2)存储单元在存储的自主服务器的地址信息发生变化后,及时将存储的变化后的自主服务器的地址信息发送给客户端;(2) After the stored address information of the autonomous server changes, the storage unit sends the changed stored address information of the autonomous server to the client in time;

(3)存储单元在客户端的ID通过认证后,在后续时间里,还以动态时间间隔发送存储的自主服务器的地址信息或用户自助服务请求的ID信息给客户端。(3) After the ID of the client is authenticated, the storage unit also sends the stored address information of the autonomous server or the ID information of the user's self-service request to the client at a dynamic time interval in the subsequent time.

其中动态时间间隔按照如下方式设置:The dynamic time interval is set as follows:

分别设定起始周期值t,最大周期值T和周期步长值Δt;Set the initial period value t, the maximum period value T and the period step value Δt respectively;

存储单元假设在第n次至第n+1次之间的发送周期值=t+(n-1)Δt;The storage unit assumes that the sending cycle value=t+(n-1)Δt between the nth time and the n+1th time;

判断发送周期值=t+(n-1)Δt是否大于等于最大周期值T,如果是,后续每两次发送之间都采用该最大周期值T作为发送周期值;如果否,则使用t+(n-1)Δt作为第n次至第n+1次之间的发送周期值;Determine whether the sending period value=t+(n-1)Δt is greater than or equal to the maximum period value T, if yes, the maximum period value T is used as the sending period value between every two subsequent transmissions; if not, use t+(n -1) Δt is used as the sending cycle value between the nth and n+1th times;

其中n为自然数。where n is a natural number.

上述动态时间间隔的发送规律参照图4,该图是本发明自助服务的提供方法采用动态时间间隔的发送规律示意图,存储单元在第一次发送存储的自主服务器的地址信息或用户自助服务请求的ID信息给客户端后,在时间t后,进行第二次发送了;在时间t+Δt后,进行第三次发送;在时间t+2Δt后,进行第四次发送;.......在时间t+(n-2)Δt后,进行第n次发送;直到某两次发送之间的时间间隔t+XΔt≥T时,则后续每两次发送之间的时间间隔都采取该最大周期值T作为发送周期值。由此,可见这种动态时间间隔的发送方式其发送周期是按设定步长值逐步增加的,直到增大到一定程度,使用一个最大的固定发送周期进行发送,因此可以减少设置有存储单元的设备的发送次数,相应也就降低了其工作负荷。Referring to Fig. 4 for the sending rule of the above-mentioned dynamic time interval, this figure is a schematic diagram of the sending rule using the dynamic time interval in the self-service providing method of the present invention. After the ID information is sent to the client, after time t, send it for the second time; after time t+Δt, send it for the third time; after time t+2Δt, send it for the fourth time;..... ..After the time t+(n-2)Δt, send the nth time; until the time interval between two transmissions is t+XΔt≥T, then the time interval between each subsequent two transmissions will take this The maximum period value T is used as the sending period value. From this, it can be seen that the transmission period of this dynamic time interval transmission method is gradually increased according to the set step value until it increases to a certain extent, and a maximum fixed transmission period is used for transmission, so it can reduce the number of storage units provided. The number of transmissions of the device, correspondingly reduces its workload.

同时,在提供有自助服务功能的网络系统中,还进而包括认证服务器,主要用于对客户端的ID进行认证,判断其是否为合法的用户客户端;还包括有认证设备,主要用于根据认证服务器对客户端的ID进行认证的认证结果,来得出是否允许该客户端访问网络资源,如果认证通过,则允许客户端访问网络资源;如果认证不通过,则会拒绝客户端访问网络资源,其中认证设备主要是通信网络系统中的交换机、路由器和接入点等设备。其中本发明自助服务的提供方法可以将所述的存储单元设置在认证设备中,也可以设置在认证服务器中。At the same time, in the network system that provides self-service functions, it further includes an authentication server, which is mainly used to authenticate the ID of the client to determine whether it is a legal user client; it also includes an authentication device, which is mainly used to The server authenticates the client's ID to determine whether the client is allowed to access network resources. If the authentication is passed, the client is allowed to access the network resource; if the authentication fails, the client is denied access to the network resource. The equipment is mainly switches, routers, access points and other equipment in the communication network system. In the self-service providing method of the present invention, the storage unit may be set in the authentication device, or in the authentication server.

下面以局域网中802.1X认证网络系统为例,进行详细说明本发明自助服务的提供方法,当然本发明自助服务的提供方法也不仅仅局限于用在802.1X认证方式的局域网系统中,也可以用于采用其他认证方式的其他网络系统,这里只是举例进行说明而已。Taking the 802.1X authentication network system in the local area network as an example below, the method for providing self-service of the present invention is described in detail. Of course, the method for providing self-service of the present invention is not only limited to being used in the local area network system of 802.1X authentication mode, but also can be used For other network systems using other authentication methods, this is just an example for illustration.

参照图5,该图是现有技术局域网系统中802.1X认证网络系统的结构原理图;图中各实体的工作原理如下:With reference to Fig. 5, this figure is the structural principle diagram of 802.1X authentication network system in the prior art local area network system; The operating principle of each entity in the figure is as follows:

当客户端1有上网需求时,首先将自身的ID信息通过网络系统3经由认证设备2中的认证端口5传给认证服务器6,认证服务器6对该客户端的ID信息进行认证操作,如果认证通过,则认证服务器6向认证设备2发送认证成功报文,认证设备2接收到认证服务器6的认证成功报文后,使自身中的提供服务端口4的端口处于打开状态,以使客户端1通过该打开的端口访问网络资源;如果认证不通过,则认证服务器6向认证设备2发送认证失败报文,认证设备2接收到认证服务器6的认证失败报文后,使自身中的提供服务端口4的端口处于关闭状态,以拒绝客户端1通过该端口访问网络资源。When the client 1 has a need to access the Internet, it first transmits its own ID information to the authentication server 6 through the network system 3 via the authentication port 5 in the authentication device 2, and the authentication server 6 performs an authentication operation on the ID information of the client. If the authentication passes , then the authentication server 6 sends an authentication success message to the authentication device 2, and after receiving the authentication success message from the authentication server 6, the authentication device 2 makes the port providing service port 4 in itself open, so that the client 1 can pass through The opened port accesses network resources; if the authentication fails, the authentication server 6 sends an authentication failure message to the authentication device 2, and after the authentication device 2 receives the authentication failure message from the authentication server 6, it makes the service port 4 in itself The port of is closed to deny Client 1 from accessing network resources through this port.

其中上述802.1X认证流程中,各个实体间传送的报文为可扩展认证协议(EAP)报文,参照图6,该图是现有EAP报文的标准格式,传输时各域从左至右依次传输,其中Code域占用一个字节,用于标识EAP报文的类型,如图7所示,该图是现有技术中主要四种EAP报文类型。图中显示,当Code域中的报文类型编码为1时,代表传输的EAP报文为认证请求报文(Request);当Code域中的报文类型编码为2时,代表传输的EAP报文为认证应答报文(Response);当Code域中的报文类型编码为3时,代表传输的EAP报文为认证成功报文(Success);当Code域中的报文类型编码为4时,代表传输的EAP报文为认证失败报文(Failure)。In the above-mentioned 802.1X authentication process, the message transmitted between each entity is an Extensible Authentication Protocol (EAP) message. Referring to Figure 6, this figure is the standard format of the existing EAP message, and the fields are from left to right during transmission. Transmitted sequentially, wherein the Code field occupies one byte and is used to identify the type of the EAP message, as shown in FIG. 7 , which shows the main four types of EAP messages in the prior art. The figure shows that when the message type code in the Code field is 1, it means that the transmitted EAP message is an authentication request message (Request); when the message type code in the Code field is 2, it means that the transmitted EAP message is The message is an authentication response message (Response); when the message type code in the Code field is 3, it means that the transmitted EAP message is an authentication success message (Success); when the message type code in the Code field is 4 , indicating that the transmitted EAP packet is an authentication failure packet (Failure).

但是上述这四种类型的报文在现有技术802.1X认证过程中已经使用,所以需要在此基础上扩展另外一种报文,来携带自主服务器的地址信息或用户自助服务请求的ID信息;参照图8,该图是在本发明自助服务的提供方法中扩展的一种报文类型。其中在标准EAP报文格式的Code域中封装代表自助服务报文(Service)的编码,该编码可以采用除1~4以外的任何编码,如可以为10。然后在标准EAP报文格式的Type域中,将自主服务器的地址信息(Self-Service-Addressinfo)封装进去,当然也可进而将用户自助服务请求的ID封装进去。这样就可以保证扩展后的自助服务报文依然符合EAP报文格式,也可以携带自主服务器的地址信息或用户自助服务请求的ID信息,并在802.1X认证网络系统中按照标准传输协议进行传输。下面以将所述的存储单元设置在认证设备中,来说明本发明自助服务的提供方法在802.1X认证网络系统中的具体应用。However, the above four types of messages have been used in the prior art 802.1X authentication process, so it is necessary to expand another message on this basis to carry the address information of the master server or the ID information of the user's self-service request; Referring to FIG. 8 , this figure shows a message type extended in the self-service providing method of the present invention. A code representing the self-service message (Service) is encapsulated in the Code field of the standard EAP message format, and the code can be any code except 1-4, for example, 10. Then, in the Type field of the standard EAP message format, the address information (Self-Service-Addressinfo) of the autonomous server is encapsulated, and of course the ID of the user's self-service request can also be encapsulated. In this way, it can ensure that the extended self-service message still conforms to the EAP message format, and can also carry the address information of the autonomous server or the ID information of the user's self-service request, and transmit it according to the standard transmission protocol in the 802.1X authentication network system. The specific application of the self-service providing method of the present invention in the 802.1X authentication network system will be described below by setting the storage unit in the authentication device.

参照图9,该图是本发明自助服务的提供方法在802.1X认证网络系统中,传输自主服务器的地址信息的过程图;其具体的实现过程如下:With reference to Fig. 9, this figure is the self-service providing method of the present invention in the 802.1X authentication network system, the process diagram of transmitting the address information of the autonomous server; its specific implementation process is as follows:

步骤S1,客户端将自身的ID信息发送到认证设备,以请求浏览互联网资源。Step S1, the client sends its own ID information to the authentication device to request to browse Internet resources.

步骤S2,认证设备通过自身的认证端口将客户端的ID发送到认证服务器,由认证服务器对客户端的ID进行认证鉴权。In step S2, the authentication device sends the ID of the client to the authentication server through its own authentication port, and the authentication server authenticates the ID of the client.

步骤S3,认证服务器对客户端的ID信息进行认证,如果认证通过,则向认证设备发送认证成功报文;如果认证不通过,则向认证设备发送认证失败报文,在本发明中,只有认证服务器反馈认证成功报文后才执行步骤S4。Step S3, the authentication server authenticates the ID information of the client. If the authentication is passed, it sends an authentication success message to the authentication device; if the authentication fails, it sends an authentication failure message to the authentication device. In the present invention, only the authentication server Step S4 is executed only after the authentication success message is fed back.

步骤S4,认证设备根据接收的认证成功报文,将自身的提供服务端口设置为打开状态,允许客户端访问网络资源,相应也就为用户访问自助服务资源提供了基础。In step S4, the authentication device sets its own service-providing port to an open state according to the received authentication success message, allowing the client to access network resources, and correspondingly provides a basis for users to access self-service resources.

现有802.1X认证网络系统中认证服务器对客户端的认证过程大致如下:The authentication process of the authentication server to the client in the existing 802.1X authentication network system is roughly as follows:

客户端有上网需求时,分别输入ID信息中的用户名和口令;同时向认证设备发送认证请求报文;When the client needs to access the Internet, it enters the user name and password in the ID information respectively; at the same time, it sends an authentication request message to the authentication device;

认证设备收到认证请求报文后,指示客户端将用户名发过来;After receiving the authentication request message, the authentication device instructs the client to send the user name;

客户端发送用户名给认证设备,认证设备将接收的用户名转发给认证服务器;The client sends the username to the authentication device, and the authentication device forwards the received username to the authentication server;

认证服务器将接收的用户名和自身数据库中存储的用户名进行比对,找到对应该用户名的口令信息,并用随机生成的一个加密字对该口令信息进行加密处理,同时将该加密字通过认证设备传给客户端;The authentication server compares the received user name with the user name stored in its own database, finds the password information corresponding to the user name, and encrypts the password information with a randomly generated encrypted word, and at the same time passes the encrypted word through the authentication device. to the client;

客户端接收到该加密字后,用该加密字对口令进行加密处理后通过认证设备发送到认证服务器;After receiving the encrypted word, the client encrypts the password with the encrypted word and sends it to the authentication server through the authentication device;

认证服务器对接收的加密后的口令信息和其自己加密处理后的口令信息进行对比,如果相同,则认为该客户端是合法的,向认证设备发送认证成功报文;如果不相同,则认为该客户端是非法的,向认证设备发送认证失败报文;The authentication server compares the received encrypted password information with its own encrypted password information. If they are the same, the client is considered legitimate and sends an authentication success message to the authentication device; The client is illegal and sends an authentication failure message to the authentication device;

认证设备在接收到认证服务器发来的认证成功报文后,将提供服务端口设置为打开状态,允许客户端访问网络资源;否则,将提供服务端口设置为关闭状态,拒绝客户端访问网络资源。After receiving the successful authentication message from the authentication server, the authentication device sets the service port to open to allow the client to access network resources; otherwise, sets the service port to close to deny the client access to network resources.

步骤S5,认证设备在接收到认证服务器发来的认证成功报文后,将存储单元中存储的自主服务器的地址信息封装到扩展的自助服务报文中,然后将自助服务报文发送给客户端。Step S5: After receiving the authentication success message sent by the authentication server, the authentication device encapsulates the address information of the autonomous server stored in the storage unit into an extended self-service message, and then sends the self-service message to the client .

步骤S6,客户端在接收到认证设备发来的自助服务报文后,首先进行解包操作,将封装在其中的自主服务器的地址信息解析出来,如果解析出来的自主服务器的地址信息有效,则客户端就会激活自助服务功能;Step S6: After receiving the self-service message sent by the authentication device, the client first performs an unpacking operation to parse out the address information of the autonomous server encapsulated in it. If the resolved address information of the autonomous server is valid, then The client will activate the self-service function;

上述的激活可以理解为激活(Activate)一个进程,或者激活当前活动进程的一个功能选项。例如,菜单在收到自助服务报文前为不可用的“灰色”状态,解析该自助服务报文,取出自主服务器的地址信息后,如果有效,则使菜单处于可用状态;The above activation can be understood as activating (Activate) a process, or activating a function option of the currently active process. For example, the menu is in an unavailable "grey" state before receiving a self-service message, and after parsing the self-service message and extracting the address information of the autonomous server, if it is valid, the menu will be in an available state;

客户端将解析出的自主服务器的地址信息输入到自身的IE中,通过使用该自主服务器的地址信息作为访问自主服务器的Web访问参数,和自主服务器之间建立HTTP连接请求;The client inputs the resolved address information of the autonomous server into its own IE, and establishes an HTTP connection request with the autonomous server by using the address information of the autonomous server as the web access parameter for accessing the autonomous server;

登录到自主服务器后,用户就可以访问公共自助服务资源了。After logging in to the self-service server, the user can access public self-service resources.

参照图10,该图是本发明自助服务的提供方法在802.1X认证网络系统中,传输自主服务器的地址信息和用户自助服务请求的ID信息的过程图;其主要实现过程同图9的实现过程,其中步骤S50不同于步骤S5,步骤S50中,认证设备在接收到认证服务器发来的认证成功报文后,将存储单元中存储的自主服务器的URL和用户自助服务请求的ID信息一起封装到扩展的自助服务报文中,然后将自助服务报文发送给客户端;步骤S60也不同于步骤S6,步骤S60中,客户端在接收到认证设备发来的自助服务报文后,首先进行解包操作,将封装在其中的自主服务器的URL和用户自助服务请求的ID信息解析出来,如果解析出来的自主服务器的URL有效,则客户端就会激活自助服务功能;客户端首先通过解析出来的URL访问自主服务器的公共自助服务资源,登录到自主服务器后,然后客户端再将解析出的自主服务器的URL和用户自助服务请求的ID组合成新的URL,再将组合后的新的URL输入到自身的IE中,通过使用该组合后的URL作为访问对应自己的自助服务资源的Web访问参数,和自主服务器之间建立HTTP连接请求;用户就可以访问对应自己的自助服务资源了。其他步骤的实现同图9中相应步骤,这里不再赘述。Referring to Fig. 10, this figure is a process diagram of transmitting the address information of the autonomous server and the ID information requested by the user for self-service in the 802.1X authentication network system of the self-service providing method of the present invention; its main implementation process is the same as that in Fig. 9 , where step S50 is different from step S5. In step S50, after receiving the authentication success message sent by the authentication server, the authentication device encapsulates the URL of the autonomous server stored in the storage unit and the ID information of the user self-service request into the Extended self-service message, and then send the self-service message to the client; step S60 is also different from step S6, in step S60, after the client receives the self-service message sent by the authentication device, it first resolves Package operation, which parses the URL of the self-service server encapsulated in it and the ID information of the user's self-service request. If the parsed URL of the self-service server is valid, the client will activate the self-service function; the client first passes the parsed out The URL accesses the public self-service resources of the self-service server. After logging in to the self-service server, the client then combines the parsed URL of the self-service server and the ID of the user self-service request to form a new URL, and then enters the combined new URL In its own IE, by using the combined URL as the Web access parameter for accessing the corresponding self-service resources, an HTTP connection request is established between the autonomous server; the user can then access the corresponding self-service resources. The implementation of other steps is the same as that of the corresponding steps in Fig. 9 , and will not be repeated here.

同理,本发明自助服务的提供方法也可将所述的存储单元置于认证服务器中,在认证服务器对客户端的ID信息进行认证通过后,认证服务器在向认证设备发送认证成功报文,使认证设备允许客户端访问网络资源后,进而将存储单元中存储的自助服务报文通过认证设备发送给客户端,其实现原理同上述将存储单元置于认证设备中的实现过程,这里不再过多赘述。Similarly, the self-service providing method of the present invention may also place the storage unit in the authentication server. After the authentication server authenticates the ID information of the client, the authentication server sends an authentication success message to the authentication device, so that After the authentication device allows the client to access network resources, it then sends the self-service message stored in the storage unit to the client through the authentication device. More details.

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明技术原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is only a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the technical principle of the present invention, some improvements and modifications can also be made. It should be regarded as the protection scope of the present invention.

Claims (10)

1、一种自助服务的提供方法,用于为网络系统提供自助服务,所述网络系统包括客户端、认证设备、认证服务器、自主服务器和存储单元,所述客户端通过自身的身份标识来表明自己的身份,其特征在于,包括:1. A method for providing self-service, which is used to provide self-service for a network system. The network system includes a client, an authentication device, an authentication server, an autonomous server, and a storage unit. The client indicates through its own identity Own identity, characterized by, including: (1)将自主服务器的地址信息存储在存储单元中;(1) storing the address information of the autonomous server in the storage unit; (2)当认证服务器对客户端的身份标识进行认证通过后,认证设备允许客户端访问网络资源时,将存储单元存储的自主服务器的地址信息发送给客户端;(2) After the authentication server authenticates the identity of the client, and the authentication device allows the client to access network resources, the address information of the autonomous server stored in the storage unit is sent to the client; (3)客户端利用接收的自主服务器的地址信息访问自主服务器提供的公共自助服务资源。(3) The client uses the received address information of the autonomous server to access the public self-service resources provided by the autonomous server. 2、根据权利要求1所述的自助服务的提供方法,其特征在于,步骤(1)中还包括:当自主服务器的地址信息发生变化时,及时更新存储在存储单元中的自主服务器的地址信息;并将变化后的自主服务器的地址信息发送给客户端。2. The method for providing self-service according to claim 1, characterized in that step (1) further comprises: when the address information of the autonomous server changes, updating the address information of the autonomous server stored in the storage unit in time ; and send the changed address information of the autonomous server to the client. 3、根据权利要求1所述的自助服务的提供方法,其特征在于,所述地址信息为自主服务器的IP地址或自主服务器的通用资源定位符。3. The method for providing self-service according to claim 1, wherein the address information is the IP address of the autonomous server or the universal resource locator of the autonomous server. 4、根据权利要求3所述的自助服务的提供方法,其特征在于,用户使用对应自己的用户自助服务请求身份标识作为访问对应自己的自助服务资源的合法密钥。4. The method for providing self-service according to claim 3, wherein the user uses the user self-service request identity corresponding to the user as a legal key for accessing the self-service resource corresponding to the user. 5、根据权利要求4所述的自助服务的提供方法,其特征在于,5. The method for providing self-service according to claim 4, wherein: 步骤(1)中还包括:建立客户端的身份标识和用户自助服务请求身份标识之间的映射关系,并将所述映射关系存储在存储单元中;Step (1) also includes: establishing a mapping relationship between the identity of the client and the identity of the user's self-service request, and storing the mapping in a storage unit; 步骤(2)中所述在客户端的身份标识通过认证后还包括:存储单元根据客户端的身份标识在所述映射关系中查找对应的用户自助服务请求身份标识,并将查找到的用户自助服务请求身份标识发送给客户端;In the step (2), after the identity of the client is authenticated, it also includes: the storage unit searches for the corresponding user self-service request identity in the mapping relationship according to the identity of the client, and sends the found user self-service request The identity is sent to the client; 步骤(3)之后还包括:客户端将接收的自主服务器的通用资源定位符和用户自助服务请求身份标识组合成新的通用资源定位符,并利用所述新的通用资源定位符进而在自主服务器提供的公共自助服务资源上访问对应该用户的自助服务资源。After step (3), it also includes: the client combines the received universal resource locator of the autonomous server and the identity of the user self-service request into a new universal resource locator, and uses the new universal resource locator to send the URL to the autonomous server. Access the self-service resources corresponding to the user on the provided public self-service resources. 6、根据权利要求1或5所述的自助服务的提供方法,其特征在于,6. The method for providing self-service according to claim 1 or 5, characterized in that: 步骤(1)中进一步包括:将所述存储单元置于认证设备中;The step (1) further includes: placing the storage unit in the authentication device; 步骤(2)中进一步包括:Further include in step (2): (F1)当所述认证服务器对客户端的身份标识进行认证通过后,认证服务器向认证设备发送认证成功报文;(F1) After the authentication server authenticates the identity of the client, the authentication server sends an authentication success message to the authentication device; (F2)认证设备在接收到认证成功报文后,允许客户端访问网络资源,并将存储单元中存储的自主服务器的地址信息或用户自助服务请求身份标识发送给客户端。(F2) After receiving the authentication success message, the authentication device allows the client to access network resources, and sends the address information of the autonomous server or the user self-service request identity stored in the storage unit to the client. 7、根据权利要求1或5所述的自助服务的提供方法,其特征在于,7. The method for providing self-service according to claim 1 or 5, characterized in that: 步骤(1)中进一步包括:将所述存储单元置于认证服务器中;Step (1) further includes: placing the storage unit in an authentication server; 步骤(2)中进一步包括:Further include in step (2): (fl)当所述认证服务器对客户端的身份标识进行认证通过后,认证服务器向认证设备发送认证成功报文;(fl) After the authentication server authenticates the identity of the client, the authentication server sends an authentication success message to the authentication device; (f2)认证设备接收到认证成功报文后,允许客户端访问网络资源;(f2) After the authentication device receives the authentication success message, it allows the client to access network resources; (f3)认证服务器将存储单元中存储的自主服务器的地址信息或用户自助服务请求身份标识通过认证设备发送给客户端。(f3) The authentication server sends the address information of the autonomous server or the user self-service request identity stored in the storage unit to the client through the authentication device. 8、根据权利要求1或5所述的自助服务的提供方法,其特征在于,步骤(2)中存储单元同时将存储的自主服务器的地址信息或用户自助服务请求身份标识以动态时间间隔发送给客户端。8. The method for providing self-service according to claim 1 or 5, characterized in that in step (2), the storage unit simultaneously sends the stored address information of the autonomous server or user self-service request identity to the client. 9、根据权利要求8所述的自助服务的提供方法,其特征在于,所述动态时间间隔按如下方式设置:9. The method for providing self-service according to claim 8, wherein the dynamic time interval is set as follows: 分别设定起始周期值t,最大周期值T和周期步长值Δt;Set the initial period value t, the maximum period value T and the period step value Δt respectively; 存储单元假设在第n次至第n+1次之间的发送周期值=t+(n-1)Δt;The storage unit assumes that the sending cycle value=t+(n-1)Δt between the nth time and the n+1th time; 判断发送周期值=t+(n-1)Δt是否大于等于最大周期值T,如果是,后续每两次发送之间都采用该最大周期值T作为发送周期值;如果否,则使用t+(n-1)Δt作为第n次至第n+1次之间的发送周期值;所述n为自然数。Determine whether the sending period value=t+(n-1)Δt is greater than or equal to the maximum period value T, if yes, the maximum period value T is used as the sending period value between every two subsequent transmissions; if not, use t+(n -1) Δt is used as the sending cycle value between the nth time and the n+1th time; the n is a natural number. 10、根据权利要求1或5所述的自助服务的提供方法,其特征在于,客户端通过将接收的自主服务器的地址信息或组合后的新的通用资源定位符输入到自身的浏览器中来实现访问自主服务器提供的自助服务资源。10. The method for providing self-service according to claim 1 or 5, characterized in that the client enters the received address information of the autonomous server or the combined new Universal Resource Locator into its own browser. Enables access to self-service resources provided by autonomous servers.
CN 200410000499 2004-02-04 2004-02-04 How to Provide Self-Service Expired - Fee Related CN1652507B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200410000499 CN1652507B (en) 2004-02-04 2004-02-04 How to Provide Self-Service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200410000499 CN1652507B (en) 2004-02-04 2004-02-04 How to Provide Self-Service

Publications (2)

Publication Number Publication Date
CN1652507A true CN1652507A (en) 2005-08-10
CN1652507B CN1652507B (en) 2010-09-08

Family

ID=34866776

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200410000499 Expired - Fee Related CN1652507B (en) 2004-02-04 2004-02-04 How to Provide Self-Service

Country Status (1)

Country Link
CN (1) CN1652507B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104426980A (en) * 2013-09-05 2015-03-18 深圳市共进电子股份有限公司 Method for storing name and password of network user by router

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001282730A (en) * 2000-03-30 2001-10-12 Sony Corp Information processing apparatus, server connection method, program storage medium, and network connection system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104426980A (en) * 2013-09-05 2015-03-18 深圳市共进电子股份有限公司 Method for storing name and password of network user by router
CN104426980B (en) * 2013-09-05 2018-08-28 深圳市共进电子股份有限公司 A kind of method of router storage network user name password

Also Published As

Publication number Publication date
CN1652507B (en) 2010-09-08

Similar Documents

Publication Publication Date Title
CN1290014C (en) Method and apparatus for serving content from semi-trusted server
CN1222886C (en) System and method for globally and securely accessing unified information in a computer network
JP6263537B2 (en) LDAP-based multi-tenant in-cloud identity management system
US7665130B2 (en) System and method for double-capture/double-redirect to a different location
US7886061B1 (en) Virtual folders for tracking HTTP sessions
US9100365B2 (en) Web application process
US8555365B2 (en) Directory authentication method for policy driven web filtering
CN1152333C (en) Method for realizing portal authentication based on protocols of authentication, charging and authorization
US20100100950A1 (en) Context-based adaptive authentication for data and services access in a network
US9544290B2 (en) Device authentication using proxy automatic configuration script requests
CN108616490A (en) A kind of method for network access control, apparatus and system
CN107046544B (en) Method and device for identifying illegal access request to website
CN1726446A (en) Method and system for peer authorization
CN1795444A (en) Device authentication system
CN1756148A (en) Mobile authentication for web access
CN1506873A (en) Method and system for identifying & transmitting verifiable authorization among complete heteroyeneous network area
CN107210956A (en) Multiple tunnel Objunctive network adaptor
CN104780176A (en) Method and system for safely invoking a representational state transfer application programming interface
CN1142662C (en) Authentication method for supporting network switching in based on different devices at same time
JP2019537176A (en) Portal aggregation service that maps a subscriber device identifier to a portal address to which connection and authentication requests are redirected and facilitates configuration of a large number of subscriber devices
WO2010017737A1 (en) Report form normalization processing method, apparatus and system
CN102710559A (en) A Method of Reverse Proxy Technology Realizing Digital Document Resource Gateway
CN1309213C (en) Network access anthentication method for improving network management performance
CN1874226A (en) Terminal access method and system
CN105119916B (en) A kind of authentication method and system based on http

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100908