[go: up one dir, main page]

CN119814404A - All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product - Google Patents

All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product Download PDF

Info

Publication number
CN119814404A
CN119814404A CN202411870268.0A CN202411870268A CN119814404A CN 119814404 A CN119814404 A CN 119814404A CN 202411870268 A CN202411870268 A CN 202411870268A CN 119814404 A CN119814404 A CN 119814404A
Authority
CN
China
Prior art keywords
authentication
slave device
slave
optical
control platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411870268.0A
Other languages
Chinese (zh)
Inventor
曾涛
朱峰
汤健
支金龙
胡杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Original Assignee
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Technology Innovation Center, China Telecom Corp Ltd filed Critical China Telecom Technology Innovation Center
Priority to CN202411870268.0A priority Critical patent/CN119814404A/en
Publication of CN119814404A publication Critical patent/CN119814404A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请涉及一种全光组网的设备认证处理方法、装置、系统、网络设备、计算机可读存储介质和计算机程序产品,涉及光接入网技术领域。本申请能够提高全光组网的从设备的认证处理效率及网络安全性。方法包括:响应于从设备的认证请求,基于与从设备的身份信息对应的认证模式对从设备进行认证;若认证通过,则发送从设备的认证标识至认证采集管控平台;认证采集管控平台用于校验认证标识的合法性;根据合法性校验结果,对从设备进行相应的业务转发处理。

The present application relates to a method, apparatus, system, network equipment, computer-readable storage medium and computer program product for device authentication processing in all-optical networking, and relates to the technical field of optical access networks. The present application can improve the authentication processing efficiency and network security of slave devices in all-optical networking. The method includes: responding to an authentication request from a slave device, authenticating the slave device based on an authentication mode corresponding to the identity information of the slave device; if the authentication is successful, sending the authentication identifier of the slave device to an authentication collection and control platform; the authentication collection and control platform is used to verify the legitimacy of the authentication identifier; and performing corresponding service forwarding processing on the slave device according to the legitimacy verification result.

Description

Device authentication processing method, device, system, network device, storage medium and program product for all-optical networking
Technical Field
The present application relates to the field of optical access network technologies, and in particular, to a device authentication processing method, apparatus, system, network device, computer readable storage medium and computer program product for an all-optical networking.
Background
The optical fiber broadband is an important part of the communication network, and the optical fiber network is further extended to users under the promotion of innovative service and application requirements, so that the full coverage of the optical fiber network is realized.
The all-optical networking scheme is based on optical fiber medium networking, all-optical main equipment is deployed at the position of a user information network access point, the all-optical main equipment is used as a center, an all-optical network is constructed, and the slave equipment can be extended to each area required to be deployed by a user according to the internal structure of a main body such as an enterprise and the like, and is used for realizing comprehensive service bearing of related users and realizing high-quality broadband.
In the current network environment, the demand of users for all-optical networking is increasing. All-optical networking can provide higher bandwidth, lower latency, and more stable network performance. As the number of devices increases and the network architecture becomes complex, there is a need for efficient authentication processing of slave devices accessing an all-optical network.
In contrast, the current technology requires a complicated equipment authentication process to authenticate the slave equipment accessed to the all-optical network, and has the technical problems of low authentication processing efficiency and low network security.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an apparatus, a device, a system, a network device, a computer readable storage medium, and a computer program product for device authentication processing in an all-optical networking.
In a first aspect, the present application provides a device authentication processing method for an all-optical networking, including:
in response to an authentication request of a slave device, authenticating the slave device based on an authentication mode corresponding to identity information of the slave device;
If the authentication is passed, the authentication identification of the slave equipment is sent to an authentication acquisition management and control platform which is used for checking the validity of the authentication identification;
And carrying out corresponding service forwarding processing on the slave equipment according to the validity checking result.
In one embodiment, before the authentication of the slave device based on the authentication mode corresponding to the identity information of the slave device, the method further comprises the steps of obtaining the identity information of the slave device, wherein the identity information comprises one or more of a device manufacturer, a device type and an operator version of the slave device, and the authentication mode is determined according to the identity information.
In one embodiment, before the authentication identification of the slave device is sent to the authentication collection management platform, the method further comprises the steps of obtaining one or more of an organization unique identifier, a serial number, a region code and a device type of the slave device, and obtaining the authentication identification of the slave device according to the one or more of the organization unique identifier, the serial number, the region code and the device type.
In one embodiment, the authentication collection management platform is configured to determine whether the organization unique identifier in the authentication identity exists in a registration database, and/or the authentication collection management platform is configured to confirm whether the serial number is unique, and/or the authentication collection management platform is configured to verify whether the combination of the area code and the device type matches.
In one embodiment, the processing of forwarding the service to the slave device according to the validity check result includes opening a service forwarding channel in the north-south direction and in the east-west direction of the slave device if the validity check result is passed, and opening a service forwarding channel in the east-west direction of the slave device if the validity check result is not passed.
In one embodiment, the authentication identifier includes an organization unique identifier, a serial number, a region code and a device type of the slave device, the authentication collection management platform is used for returning the passed validity check result when the validity check of the organization unique identifier, the serial number, the region code and the device type is passed, and the authentication collection management platform is used for returning the failed validity check result when the validity check of the organization unique identifier, the serial number, the region code and the device type is not passed.
In a second aspect, the present application further provides an apparatus authentication processing device for an all-optical networking, including:
an authentication module, configured to authenticate a slave device based on an authentication mode corresponding to identity information of the slave device in response to an authentication request of the slave device;
The system comprises a sending module, a verification collecting and managing platform and a verification module, wherein the sending module is used for sending the verification identification of the slave equipment to the verification collecting and managing platform if the verification passes;
and the processing module is used for carrying out corresponding service forwarding processing on the slave equipment according to the validity checking result.
In a third aspect, the application also provides a device authentication processing system of the all-optical networking, which comprises an all-optical main device and an authentication acquisition management platform, wherein,
The all-optical master device is used for responding to an authentication request of the slave device and authenticating the slave device based on an authentication mode corresponding to the identity information of the slave device;
The all-optical master device is further configured to send an authentication identifier of the slave device to the authentication collection management platform if authentication passes;
the authentication collection management platform is used for verifying the validity of the authentication mark and feeding back a validity verification result to the all-optical main equipment;
the all-optical master device is further configured to perform corresponding service forwarding processing on the slave device according to the validity check result.
In a fourth aspect, the present application also provides a network device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
the method comprises the steps of responding to an authentication request of a slave device, authenticating the slave device based on an authentication mode corresponding to identity information of the slave device, if authentication is passed, sending an authentication identification of the slave device to an authentication acquisition management and control platform, wherein the authentication acquisition management and control platform is used for verifying the validity of the authentication identification, and carrying out corresponding service forwarding processing on the slave device according to a validity verification result.
In a fifth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
the method comprises the steps of responding to an authentication request of a slave device, authenticating the slave device based on an authentication mode corresponding to identity information of the slave device, if authentication is passed, sending an authentication identification of the slave device to an authentication acquisition management and control platform, wherein the authentication acquisition management and control platform is used for verifying the validity of the authentication identification, and carrying out corresponding service forwarding processing on the slave device according to a validity verification result.
In a sixth aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of:
the method comprises the steps of responding to an authentication request of a slave device, authenticating the slave device based on an authentication mode corresponding to identity information of the slave device, if authentication is passed, sending an authentication identification of the slave device to an authentication acquisition management and control platform, wherein the authentication acquisition management and control platform is used for verifying the validity of the authentication identification, and carrying out corresponding service forwarding processing on the slave device according to a validity verification result.
The equipment authentication processing method, the equipment authentication processing device, the equipment authentication processing system, the network equipment, the computer readable storage medium and the computer program product of the all-optical networking respond to an authentication request of the slave equipment, authenticate the slave equipment based on an authentication mode corresponding to identity information of the slave equipment, send an authentication identification of the slave equipment to an authentication acquisition management platform if the authentication is passed, and the authentication acquisition management platform is used for checking the validity of the authentication identification and carrying out corresponding service forwarding processing on the slave equipment according to a validity check result. According to the scheme, the slave equipment can be authenticated based on the authentication mode corresponding to the identity information of the slave equipment, the authentication identification of the slave equipment is sent to the authentication collection management and control platform after the authentication is passed so as to verify the validity of the authentication identification, and finally, the corresponding service forwarding processing is carried out on the slave equipment according to the validity verification result, so that the slave equipment accessing the all-optical network is efficiently and uniformly authenticated, the flexibility and compatibility of the all-optical network can be improved, and the authentication processing efficiency and the network security of the slave equipment of the all-optical network are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are needed in the description of the embodiments of the present application or the related technologies will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other related drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is an application environment diagram of a device authentication processing method of an all-optical networking in one embodiment;
fig. 2 is a flow chart of a device authentication processing method of an all-optical networking in an embodiment;
FIG. 3 is a flow diagram of an authentication flow mechanism of a master device in one embodiment;
FIG. 4 is a block diagram illustrating a device authentication processing apparatus for an all-optical networking in one embodiment;
Fig. 5 is an internal block diagram of a network device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Because the users of the main bodies such as institutions and enterprises are rich in types, service scenes and service demands are wider, according to the properties and service demands of the industry, in practical deployment application, the number of access points of the all-optical networking is generally more than 4 according to the properties and the scale of the users, the networking and authentication of the slave devices with larger base numbers are required to be completed by an authentication collection management and control platform and a master device, and the current slave devices have the conditions of more factories, more types, more versions and the like, so that the current technology of authentication processing of the slave devices accessed to the all-optical network by the complicated device authentication flow has the technical problems of lower authentication processing efficiency and network security, and can influence the device management and control, service opening and operation and maintenance efficiency of the all-optical networking FTTR-B of a business and has certain access security risks.
In this regard, the embodiment of the present application provides an equipment authentication processing method for an all-optical networking, where the method may be applied to an application environment as shown in fig. 1, and may implement efficient and unified authentication processing for a slave device accessing an all-optical network, so as to improve flexibility and compatibility of the all-optical networking, and improve authentication processing efficiency and network security of the slave device for the all-optical networking.
The device authentication processing method of the all-optical networking of the present application will be described below based on the application environment shown in fig. 1 in combination with the embodiments and the corresponding drawings.
In an exemplary embodiment, as shown in fig. 2, there is provided a device authentication processing method of an all-optical networking, which may be applied to an all-optical master device in fig. 1, and the method may include the steps of:
step S201, in response to the authentication request of the slave device, authenticates the slave device based on the authentication mode corresponding to the identity information of the slave device.
In this step, the slave device may send an authentication request to the all-optical master device when accessing the all-optical network, the all-optical master device receives the authentication request sent by the slave device, and the all-optical master device responds to the authentication request, and may authenticate the slave device based on an authentication mode corresponding to the identity information of the slave device. The identity information of the slave device may include related information for indicating the identity of the slave device, and the identity information of the slave device may include, but is not limited to, a model number of the slave device, a unique identifier (such as a MAC address, i.e., a media control access address), a device manufacturer, a device type, and an operator version, as examples. The all-optical master device may be preset with a plurality of authentication modes, which may include a plurality of combinations, and may correspond to the identity information of the slave device, so as to ensure that different security requirements and network environments can be adapted. Therefore, the all-optical master device can authenticate the slave device based on the authentication mode corresponding to the identity information of the slave device, so as to flexibly adapt to different slave devices, security requirements and network environments. The specific authentication process is not limited herein, and flexibility and high efficiency of the authentication process are ensured, and as an example, in the authentication process, the all-optical master device may negotiate with the slave device, and the all-optical master device may automatically acquire attribute field information (such as a device type, a supported protocol version, etc.) required for authentication to perform authentication processing.
Step S202, if the authentication is passed, the authentication identification of the slave device is sent to the authentication collection management platform. The authentication collection management platform is used for checking the validity of the authentication mark.
The all-optical master device authenticates the slave device based on an authentication mode corresponding to the identity information of the slave device, and an authentication result can be obtained, wherein the authentication result can be an authentication result representing link layer authentication. In this step, if the authentication passes, the all-optical master device may send the authentication identifier of the slave device to the authentication acquisition management platform. Wherein the authentication identity may be generated according to a unified encoding rule, which may be a predefined encoding rule, which is a rule for specifying which code or codes, fields or combinations thereof to employ to form the authentication identity. The authentication collection management platform can be used as a data processing and management center of an equipment authentication processing system of the all-optical networking and can be responsible for receiving, checking and feeding back check results. The authentication collection management platform can be used for checking the validity of the authentication mark.
In this step, after the all-optical master device sends the authentication identifier of the slave device to the authentication collection management platform, the authentication collection management platform can verify the validity of the authentication identifier, specifically can verify the validity of each code or field included in the authentication identifier, and obtain a validity verification result and feed back the validity verification result to the all-optical master device. The validity check may be used to check whether the slave device is a legal slave device, and the specific check form is not limited herein, and as an example, the serial number of the slave device may be carried in the authentication identifier, so that the authentication collection management platform may perform validity check on the serial number, and obtain a validity check result and feed back the validity check result to the all-optical master device.
Step S203, according to the validity check result, corresponding service forwarding processing is carried out on the slave device.
In this step, the all-optical master device may perform corresponding service forwarding processing on the slave device according to the validity check result fed back by the authentication collection management and control platform, for example, may open or limit a service forwarding channel in a corresponding direction of the slave device according to the validity check result, so as to safely control the flow of the slave device.
The equipment authentication processing method of the all-optical networking responds to an authentication request of the slave equipment, authenticates the slave equipment based on an authentication mode corresponding to identity information of the slave equipment, if the authentication is passed, sends an authentication identifier of the slave equipment to an authentication acquisition management and control platform, and the authentication acquisition management and control platform is used for checking the validity of the authentication identifier and carrying out corresponding service forwarding processing on the slave equipment according to a validity check result. According to the scheme, the slave equipment can be authenticated based on the authentication mode corresponding to the identity information of the slave equipment, the authentication identification of the slave equipment is sent to the authentication collection management and control platform after the authentication is passed so as to verify the validity of the authentication identification, and finally, the corresponding service forwarding processing is carried out on the slave equipment according to the validity verification result, so that the slave equipment accessing the all-optical network is efficiently and uniformly authenticated, the flexibility and compatibility of the all-optical network can be improved, and the authentication processing efficiency and the network security of the slave equipment of the all-optical network are improved.
In an exemplary embodiment, before the slave device is authenticated based on the authentication mode corresponding to the identity information of the slave device in step S201, the following steps may be further included:
The method comprises the steps of obtaining identity information of the slave device, wherein the identity information can comprise one or more of a device manufacturer, a device type and an operator version of the slave device, and determining an authentication mode according to the identity information.
As shown in fig. 1, the slaves accessing the network may have different device manufacturers, device types, and operator versions. In this embodiment, the all-optical master device may obtain the identity information of the slave device according to the authentication request, where the obtained identity information of the slave device may include one or more of a device manufacturer, a device type, and an operator version of the slave device, so that the corresponding authentication mode may be determined by combining one or more of the device manufacturer, the device type, and the operator version, so as to adapt to access requirements and security requirements of different slave devices, and improve flexibility and compatibility of an equipment authentication processing system of an all-optical networking.
In an exemplary embodiment, before sending the authentication identifier of the slave device to the authentication collection management platform in step S202, the method may further include the following steps:
Obtaining an authentication identification of the slave device according to one or more of the organization unique identifier, the serial number, the area code and the device type.
The organization unique identifier may be denoted as OUI, the Serial Number may be denoted as Serial Number, the area code may be denoted as Province Code, and the device type may be denoted as DEVICE TYPE.
In this embodiment, the all-optical master device may obtain one or more of an organization unique identifier, a serial number, a region code and a device type of the slave device, and the all-optical master device may generate, according to a unified coding rule, an authentication identifier of the slave device according to one or more of the organization unique identifier, the serial number, the region code and the device type, for authenticating the collection management platform to perform validity verification.
Further, in one exemplary embodiment, the authentication acquisition management platform may be used to determine whether an organization unique identifier in the authentication identity exists in the registration database, and/or the authentication acquisition management platform may be used to confirm whether the serial number is unique, and/or the authentication acquisition management platform may be used to verify whether a combination of the area code and the device type matches.
In this embodiment, the authentication identifier may include one or more of an organization unique identifier, a serial number, a region code, and a device type of the slave device, so that the authentication collection management platform may verify one or more of the organization unique identifier, the serial number, the region code, and the device type of the slave device according to the authentication identifier. The authentication collection management platform can determine whether the organization unique identifier in the authentication identifier exists in a registration database or not, so that a validity check result aiming at the organization unique identifier is obtained, wherein the registration database can be used for recording the organization unique identifiers of various network devices. The authentication collection management and control platform can confirm whether the serial number is unique or not, so that a validity check result aiming at the serial number is obtained. The authentication collection management and control platform can check whether the combination of the area code and the equipment type is matched, so that a validity check result aiming at the area code and the equipment type is obtained. Therefore, the authentication collection management platform can complete the validity verification of the authentication mark.
In an exemplary embodiment, the performing, in step S203, the corresponding service forwarding process on the slave device according to the validity check result may include the following steps:
And if the validity check result is not passed, opening the business forwarding channels in the northeast and west directions of the slave equipment.
In this embodiment, if the validity check result fed back by the authentication collection management platform is passed, the all-optical master device may determine that the slave device belongs to a legal slave device, and the all-optical master device may open a service forwarding channel in north-south direction and east-west direction of the slave device, so as to ensure that the slave device can perform network communication normally. If the validity check result fed back by the authentication collection management and control platform is not passed, the all-optical master device can determine that the slave device belongs to an illegal slave device, and the all-optical master device can close a business forwarding channel in the north-south direction of the slave device and reserve the business forwarding channel in the east-west direction of the slave device so as to ensure the basic local area network communication capability of the slave device. In some embodiments, the all-optical master may also initiate an authentication polling mechanism for the illegitimate slave to further monitor and process the illegitimate slave. In some embodiments, if the legal status of the slave device changes, the all-optical master device may automatically update to a device database, where the device database may be used to record relevant data of the slave device, such as legal status data, to maintain consistency and accuracy of system data.
Further, in an exemplary embodiment, the authentication identifier may include an organization unique identifier, a serial number, a region code, and a device type of the slave device, the authentication collection management platform is configured to return a passing validity check result when validity checks on the organization unique identifier, the serial number, the region code, and the device type are all passed, and the authentication collection management platform is configured to return an failing validity check result when validity checks on the organization unique identifier, the serial number, the region code, and the device type are not all passed.
In this embodiment, the all-optical host device may form the authentication identifier according to the following unified encoding rule, [ OUI ] - [ Serial Number ] - [ Province Code ] - [ DEVICE TYPE ]. Where OUI denotes an organization unique identifier, serial Number denotes a Serial Number, province Code denotes a region code, and DEVICE TYPE denotes a device type. Therefore, the authentication collection management platform can perform validity check on the organization unique identifier, the serial number, the area code and the equipment type, and returns a passing validity check result to the all-optical main equipment when the validity check of the organization unique identifier, the serial number, the area code and the equipment type is passed, and returns an failing validity check result to the all-optical main equipment when the validity check of one or more of the organization unique identifier, the serial number, the area code and the equipment type is not passed.
In one embodiment, there is also provided an all-optical networking device authentication processing system, as shown in fig. 1, where the system may include an all-optical master device and an authentication acquisition management platform, where:
The all-optical master device may be configured to authenticate the slave device based on an authentication mode corresponding to identity information of the slave device in response to an authentication request of the slave device.
The all-optical master device can also be used for sending the authentication identification of the slave device to the authentication collection management and control platform if the authentication passes.
The authentication collection management platform can be used for verifying the validity of the authentication identification and feeding back the validity verification result to the all-optical master device.
The all-optical master device may be further configured to perform corresponding service forwarding processing on the slave device according to the validity check result.
In this embodiment, according to the device authentication processing method of the all-optical networking described in any one of the embodiments, the all-optical master device performs authentication processing on the slave device accessing the all-optical network by using the authentication collection management platform.
As a specific example, when a slave device accesses the network, the slave device may send an authentication request to the all-optical master device, and the all-optical master device may obtain identity information of the slave device, where the identity information may include a device manufacturer, a device type, an operator version, a unique identifier (such as a MAC address), a model number, and the like of the slave device. The all-optical master device can dynamically select corresponding authentication modes according to device types and operator versions, and the authentication modes can comprise various combinations so as to ensure that the all-optical master device can adapt to different security requirements and network environments. As an authentication example, as shown in fig. 3, in the authentication process, the all-optical master device negotiates with the slave device, automatically obtains required attribute field information, such as a device type, a supported protocol version, and the like, and the process can be adaptively performed in combination with the device type and an operator version, so as to ensure flexibility, compatibility, efficiency, and accuracy of the authentication process.
After the link layer authentication is completed, the all-optical master device can integrate the authentication mode and the authentication identifier according to the link layer authentication state (which can be used for representing the authentication result) of the slave device to form a unified authentication information record so as to ensure the integrity and traceability of the information. The all-optical master device may generate an authentication identifier of each slave device according to a predefined encoding rule. The all-optical master device can combine the unique identifier of the organization of the slave device, the serial number, the region code and the device type into an authentication identifier, and report the authentication identifier to an authentication acquisition management platform, so that standardized management of the authentication identifier of the slave device is realized, and uniqueness and identifiability are ensured.
The authentication acquisition management platform receives the authentication identifier sent by the all-optical master device, and can compare the authentication identifier with a predefined authentication identifier list to verify the legality of the authentication identifier. Verification may include determining whether an organization unique identifier in the authentication identity exists in the registration database, confirming whether the serial number is unique, verifying whether a combination of the area code and the device type matches. The authentication collection management platform can feed the validity check result back to the all-optical master device so that the all-optical master device can determine subsequent processing steps.
The all-optical master device can carry out different service forwarding treatments on the slave device according to the validity check result fed back by the authentication acquisition management platform. For legal slave equipment, the all-optical master equipment can open a business forwarding channel in the north-south direction and the east-west direction, so that the equipment can normally perform network communication. For illegal slave equipment, the all-optical master equipment can close the business forwarding channels in the north-south direction, reserve the business forwarding channels in the east-west direction and ensure the basic local area network communication capability of the slave equipment. Thereby ensuring network security and flow control. Meanwhile, the all-optical master device can start an authentication polling mechanism to further monitor and process illegal slave devices so as to discover and process potential safety hazards in time and maintain the overall security of the network. When the legal state of the slave device changes, the all-optical master device can automatically update the legal state of the slave device into the device database so as to maintain the consistency and accuracy of system data. If the illegal slave device accords with the access condition (such as authentication through a corresponding authentication mode and validity check of an authentication identifier) in the subsequent authentication process, the illegal slave device can be dynamically adjusted according to the new validity check result to be re-allowed to access the network.
The scheme of the embodiment can realize the intensive and standardized management and control of the authentication collection management platform and the all-optical master equipment on the access point slave equipment, can realize link layer authentication by the all-optical master equipment with various authentication modes based on the adaptation of authentication modes for various slave equipment (different equipment manufacturers, equipment types and operator versions) on the basis of the existing networking architecture and scheme, improves the flexibility and compatibility of the system, can adapt to different slave equipment, can initiate service layer authentication to the authentication collection management platform according to uniform authentication identification, reduces authentication time and resource consumption, improves operation and maintenance efficiency, can make different service forwarding mechanisms for the slave equipment according to legitimacy check results, can ensure that the slave equipment meeting requirements can access a network, effectively prevents potential safety hazards, and also meets local area network communication requirements of related users, thereby realizing efficient and standardized authentication for the access slave equipment and improving the safety and management efficiency of the network.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides an all-optical networking device authentication processing device for realizing the above related all-optical networking device authentication processing method. The implementation scheme of the device for solving the problem is similar to that described in the above method, so the specific limitation in the embodiments of the device authentication processing device for all-optical networking provided below may refer to the limitation of the device authentication processing method for all-optical networking, which is not repeated herein.
In an exemplary embodiment, as shown in fig. 4, there is provided an apparatus for device authentication processing of an all-optical networking, the apparatus 400 may include:
An authentication module 401, configured to authenticate a slave device based on an authentication mode corresponding to identity information of the slave device in response to an authentication request of the slave device;
A sending module 402, configured to send, if authentication passes, an authentication identifier of the slave device to an authentication acquisition management platform;
And the processing module 403 is configured to perform corresponding service forwarding processing on the slave device according to the validity check result.
In one embodiment, the authentication module 401 is further configured to obtain identity information of the slave device, where the identity information includes one or more of a device manufacturer, a device type, and an operator version of the slave device, and determine the authentication mode according to the identity information.
In one embodiment, the sending module 402 is further configured to obtain one or more of an organization unique identifier, a serial number, a region code, and a device type of the slave device, and obtain the authentication identifier of the slave device according to the one or more of the organization unique identifier, the serial number, the region code, and the device type.
In one embodiment, the authentication collection management platform is configured to determine whether the organization unique identifier in the authentication identity exists in a registration database, and/or the authentication collection management platform is configured to confirm whether the serial number is unique, and/or the authentication collection management platform is configured to verify whether the combination of the area code and the device type matches.
In one embodiment, the processing module 403 is configured to open a northeast-west traffic forwarding channel of the slave device if the validity check result is passed, and open a northeast-west traffic forwarding channel of the slave device if the validity check result is not passed.
In one embodiment, the authentication identifier comprises an organization unique identifier, a serial number, a region code and a device type of the slave device, the authentication acquisition management platform is used for returning the passed validity check result when the validity check of the organization unique identifier, the serial number, the region code and the device type is passed, and the authentication acquisition management platform is used for returning the failed validity check result when the validity check of the organization unique identifier, the serial number, the region code and the device type is not passed.
All or part of the modules in the device authentication processing device of the all-optical networking can be realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or independent of a processor in the network device, or may be stored in software in a memory in the network device, so that the processor may call and execute operations corresponding to the above modules.
In an exemplary embodiment, a network device is provided, which may be an all-optical host device, and the internal structure of which may be as shown in fig. 5. The network device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the network device is configured to provide computing and control capabilities. The memory of the network device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the network device is used to exchange information between the processor and the external device. The Communication interface of the network device is used for performing wired or wireless Communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, near field Communication (NEAR FIELD Communication) or other technologies. The computer program, when executed by a processor, implements a device authentication processing method for an all-optical networking. The display unit of the network device may be used to form a visually viewable picture, and may be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the network equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the network equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the architecture shown in fig. 5 is merely a block diagram of a portion of the architecture associated with the inventive arrangements and is not limiting as to the network device to which the inventive arrangements are applied, and that a particular network device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, there is also provided a network device including a memory and a processor, the memory storing a computer program, the processor implementing the steps of the method embodiments described above when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile memory and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (RESISTIVE RANDOM ACCESS MEMORY, reRAM), magneto-resistive Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computation, an artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) processor, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the present application.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (11)

1.一种全光组网的设备认证处理方法,其特征在于,所述方法包括:1. A device authentication processing method for all-optical networking, characterized in that the method comprises: 响应于从设备的认证请求,基于与所述从设备的身份信息对应的认证模式对所述从设备进行认证;In response to an authentication request from a slave device, authenticating the slave device based on an authentication mode corresponding to identity information of the slave device; 若认证通过,则发送所述从设备的认证标识至认证采集管控平台;所述认证采集管控平台用于校验所述认证标识的合法性;If the authentication is successful, the authentication identifier of the slave device is sent to the authentication collection and control platform; the authentication collection and control platform is used to verify the legitimacy of the authentication identifier; 根据合法性校验结果,对所述从设备进行相应的业务转发处理。According to the result of the legality check, corresponding service forwarding processing is performed on the slave device. 2.根据权利要求1所述的方法,其特征在于,所述基于与所述从设备的身份信息对应的认证模式对所述从设备进行认证之前,还包括:2. The method according to claim 1, characterized in that before authenticating the slave device based on the authentication mode corresponding to the identity information of the slave device, it also includes: 获取所述从设备的身份信息;所述身份信息包括所述从设备的设备厂家、设备类型和运营商版本中的一个或多个;Acquire the identity information of the slave device; the identity information includes one or more of the device manufacturer, device type and operator version of the slave device; 根据所述身份信息确定所述认证模式。The authentication mode is determined according to the identity information. 3.根据权利要求1所述的方法,其特征在于,所述发送所述从设备的认证标识至认证采集管控平台之前,还包括:3. The method according to claim 1, characterized in that before sending the authentication identification of the slave device to the authentication collection and control platform, it also includes: 获取所述从设备的组织唯一标识符、序列号、地区代码和设备类型中的一个或多个;Obtaining one or more of an organizational unique identifier, a serial number, a region code, and a device type of the slave device; 根据所述组织唯一标识符、序列号、地区代码和设备类型中的一个或多个得到所述从设备的认证标识。The authentication identification of the slave device is obtained according to one or more of the organization unique identifier, the serial number, the region code and the device type. 4.根据权利要求3所述的方法,其特征在于,所述认证采集管控平台,用于确定所述认证标识中的所述组织唯一标识符是否存在于注册数据库;和/或,所述认证采集管控平台,用于确认所述序列号是否唯一;和/或,所述认证采集管控平台,用于校验所述地区代码和设备类型的组合是否匹配。4. The method according to claim 3 is characterized in that the authentication collection management and control platform is used to determine whether the organization unique identifier in the authentication identification exists in the registration database; and/or the authentication collection management and control platform is used to confirm whether the serial number is unique; and/or the authentication collection management and control platform is used to verify whether the combination of the region code and the device type matches. 5.根据权利要求1至4中任一项所述的方法,其特征在于,所述根据合法性校验结果,对所述从设备进行相应的业务转发处理,包括:5. The method according to any one of claims 1 to 4, characterized in that the performing corresponding service forwarding processing on the slave device according to the legitimacy verification result comprises: 若所述合法性校验结果为通过,则开放所述从设备的南北向和东西向的业务转发通道;If the result of the legality check is passed, the north-south and east-west business forwarding channels of the slave device are opened; 若所述合法性校验结果为不通过,则开放所述从设备的东西向的业务转发通道。If the result of the legality check is failure, the east-west business forwarding channel of the slave device is opened. 6.根据权利要求5所述的方法,其特征在于,所述认证标识中包含有所述从设备的组织唯一标识符、序列号、地区代码和设备类型;所述认证采集管控平台,用于在对所述组织唯一标识符、序列号、地区代码和设备类型的合法性校验均通过的情况下,返回通过的所述合法性校验结果;所述认证采集管控平台,用于在对所述组织唯一标识符、序列号、地区代码和设备类型的合法性校验未均通过的情况下,返回不通过的所述合法性校验结果。6. The method according to claim 5 is characterized in that the authentication identifier includes the organization-unique identifier, serial number, region code and device type of the slave device; the authentication collection management and control platform is used to return the passed legitimacy verification result if the legitimacy verification of the organization-unique identifier, serial number, region code and device type are all passed; the authentication collection management and control platform is used to return the failed legitimacy verification result if the legitimacy verification of the organization-unique identifier, serial number, region code and device type are not all passed. 7.一种全光组网的设备认证处理装置,其特征在于,所述装置包括:7. A device authentication processing device for all-optical networking, characterized in that the device comprises: 认证模块,用于响应于从设备的认证请求,基于与所述从设备的身份信息对应的认证模式对所述从设备进行认证;an authentication module, configured to respond to an authentication request from a slave device and authenticate the slave device based on an authentication mode corresponding to the identity information of the slave device; 发送模块,用于若认证通过,则发送所述从设备的认证标识至认证采集管控平台;所述认证采集管控平台用于校验所述认证标识的合法性;A sending module, used for sending the authentication identification of the slave device to the authentication collection and control platform if the authentication is passed; the authentication collection and control platform is used to verify the legitimacy of the authentication identification; 处理模块,用于根据合法性校验结果,对所述从设备进行相应的业务转发处理。The processing module is used to perform corresponding business forwarding processing on the slave device according to the legitimacy verification result. 8.一种全光组网的设备认证处理系统,其特征在于,所述系统包括:全光主设备和认证采集管控平台;其中,8. An all-optical network device authentication processing system, characterized in that the system comprises: an all-optical master device and an authentication collection and control platform; wherein, 所述全光主设备,用于响应于从设备的认证请求,基于与所述从设备的身份信息对应的认证模式对所述从设备进行认证;The all-optical master device is used to respond to an authentication request from a slave device and authenticate the slave device based on an authentication mode corresponding to the identity information of the slave device; 所述全光主设备,还用于若认证通过,则发送所述从设备的认证标识至所述认证采集管控平台;The all-optical master device is further used to send the authentication identifier of the slave device to the authentication collection and control platform if the authentication is passed; 所述认证采集管控平台,用于校验所述认证标识的合法性,反馈合法性校验结果至所述全光主设备;The authentication collection and control platform is used to verify the legitimacy of the authentication identifier and feed back the legitimacy verification result to the all-optical main device; 所述全光主设备,还用于根据所述合法性校验结果,对所述从设备进行相应的业务转发处理。The all-optical master device is further used to perform corresponding service forwarding processing on the slave device according to the legitimacy verification result. 9.一种网络设备,包括存储器和处理器,所述存储器存储有计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至6中任一项所述的方法的步骤。9. A network device, comprising a memory and a processor, wherein the memory stores a computer program, wherein the processor implements the steps of the method according to any one of claims 1 to 6 when executing the computer program. 10.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的方法的步骤。10. A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 6 are implemented. 11.一种计算机程序产品,包括计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的方法的步骤。11. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 6 are implemented.
CN202411870268.0A 2024-12-18 2024-12-18 All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product Pending CN119814404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411870268.0A CN119814404A (en) 2024-12-18 2024-12-18 All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411870268.0A CN119814404A (en) 2024-12-18 2024-12-18 All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product

Publications (1)

Publication Number Publication Date
CN119814404A true CN119814404A (en) 2025-04-11

Family

ID=95267108

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411870268.0A Pending CN119814404A (en) 2024-12-18 2024-12-18 All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product

Country Status (1)

Country Link
CN (1) CN119814404A (en)

Similar Documents

Publication Publication Date Title
US10735428B2 (en) Data access and ownership management
CN110019516B (en) An information management method, device and system
CN108810006B (en) Resource access method, device, equipment and storage medium
CN107579958A (en) Data management method, device and system
CN115396113B (en) Medical data processing method, device, and computer equipment based on blockchain
CN108769186A (en) service authority control method and device
CN111489156A (en) Blockchain-based transaction method, electronic device and readable storage medium
CN115664772B (en) Access request processing method, device, computer equipment and storage medium
CN114745178A (en) Identity authentication method, apparatus, computer equipment, storage medium and program product
CN115694847A (en) A device management method, system and device
US8234714B2 (en) Method and system for registering domain
CN119814404A (en) All-optical networking equipment authentication processing method, device, system, network equipment, storage medium and program product
CN114650182B (en) Identity authentication method, system, device, gateway equipment, equipment and terminal
CN105871851A (en) SaaS-based identity authentication method
CN116055186A (en) Access authentication method, device, computer equipment and storage medium
CN115270195A (en) Blockchain-based securities information deposit management method, system and device
CN114785677A (en) Log management method, apparatus, computer device, storage medium, and program product
CN114528532A (en) Supply chain data evidence storing method and device, computer equipment and storage medium
CN115514576B (en) Access identity authentication method, device, equipment and medium of power monitoring system
CN111163088B (en) Message processing method, system and device and electronic equipment
CN115550018B (en) Access authority authentication method, device, unified authentication system and program product
CN119652651A (en) Method, system, device, electronic device, readable storage medium and program product for processing access request of security element
CN117938346A (en) A method, device and equipment for access control based on blockchain
CN118433257A (en) Node resource processing method, device, equipment and storage medium based on block chain
CN119670145A (en) Rights management method, device, equipment, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination