An authentication method and apparatus
By obtaining SMS platform and configuration parameters from the cloud platform through the gateway, the high maintenance cost of SSLVPN gateways when adapting to multiple SMS platforms is solved, and the stability and efficiency of the service are achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- NEW H3C SECURITY TECH CO LTD
- Filing Date
- 2022-11-28
- Publication Date
- 2026-06-05
AI Technical Summary
Existing SSLVPN gateways, when adapted to various SMS platforms, have high maintenance costs and affect service stability, requiring frequent development and testing.
The gateway obtains the supported SMS platforms from the cloud platform, determines the target SMS platform and loads the configuration parameters, and sends SMS verification codes through the cloud platform, reducing local maintenance work.
This reduces the maintenance costs of gateways that adapt to multiple SMS platforms, while ensuring service stability and efficiency.
Smart Images

Figure CN116112920B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network security technology, and in particular to an authentication method and apparatus. Background Technology
[0002] There are multiple authentication methods for logging into an SSLVPN (Security Socket Layer Virtual Private Network) gateway. Currently, commonly used methods include password, certificate, password + certificate, and IMC SMS authentication. Among them, SMS authentication involves the SSLVPN gateway sending a dynamically generated random code to the user's mobile phone via SMS after the user enters their information. This is the SMS verification code. Only after the user enters the SMS verification code within a valid time can they successfully log in and access intranet resources.
[0003] With the increase in SMS platform types and customized SMS platform types, as well as changes in SMS platform parameters, various configurations are required on the gateway to support each SMS platform type and parameter change. This leads to continuous development, testing, and upgrades on the gateway side, resulting in high maintenance costs and affecting the normal service of the gateway.
[0004] Therefore, how to reduce maintenance costs while ensuring gateway service when the gateway can adapt to multiple SMS platforms is one of the technical issues worth considering. Summary of the Invention
[0005] In view of this, this application provides an authentication method and apparatus to reduce maintenance costs while ensuring gateway service when the gateway can adapt to multiple SMS platforms.
[0006] Specifically, this application is implemented through the following technical solution:
[0007] According to a first aspect of this application, an authentication method is provided, applied in a gateway, the method comprising:
[0008] Obtain the SMS platforms supported by the gateway from the cloud platform;
[0009] Based on the obtained SMS platform, determine the first target SMS platform to be referenced in the SSLVPN instance;
[0010] Obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory;
[0011] Upon receiving a user's authentication request, the second target SMS platform referenced in the authentication instance corresponding to the authentication request is determined, wherein the second target SMS platform is at least one of the first target SMS platforms;
[0012] The second target SMS platform is invoked to send an SMS verification code to the user;
[0013] The user is authenticated when they enter the SMS verification code.
[0014] According to a second aspect of this application, an authentication device is provided, disposed in a gateway, the device comprising:
[0015] The first acquisition module is used to acquire the SMS platforms supported by the gateway from the cloud platform;
[0016] The first determination module is used to determine the first target SMS platform to be referenced in the SSLVPN instance based on the obtained SMS platform.
[0017] The second acquisition module is used to obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory;
[0018] The second determining module is used to determine, upon receiving a user's authentication request, the second target SMS platform referenced in the authentication instance corresponding to the authentication request, wherein the second target SMS platform is at least one of the first target SMS platforms;
[0019] The calling module is used to call the second target SMS platform to send an SMS verification code to the user;
[0020] The authentication module is used to authenticate the user when the user enters the SMS verification code.
[0021] According to a third aspect of this application, a gateway is provided, including a processor and a machine-readable storage medium storing a computer program executable by the processor, the processor being prompted by the computer program to perform the method provided in the first aspect of the embodiments of this application.
[0022] According to a fourth aspect of this application, a machine-readable storage medium is provided, which stores a computer program that, when invoked and executed by a processor, causes the processor to perform the method provided in the first aspect of the embodiments of this application.
[0023] The beneficial effects of the embodiments of this application are as follows:
[0024] In the authentication method and apparatus provided in this application embodiment, the SMS platforms supported by the gateway are obtained from the cloud platform; based on the obtained SMS platforms, a first target SMS platform to be referenced in the SSLVPN instance is determined; the configuration parameters of the first target SMS platform are obtained from the cloud platform and loaded into memory; upon receiving a user's authentication request, a second target SMS platform referenced in the authentication instance corresponding to the authentication request is determined, wherein the second target SMS platform is at least one of the first target SMS platforms; the second target SMS platform is invoked to send an SMS verification code to the user; and the user is authenticated when the user enters the SMS verification code. Therefore, in this embodiment, the gateway itself no longer maintains the configuration parameters of each SMS platform; instead, the cloud platform maintains the configuration parameters of each gateway. This eliminates the need for the gateway to manually configure the configuration parameters of each SMS platform. Instead, when it is confirmed that SMS verification service needs to be provided, the gateway obtains the SMS platforms supported by the gateway and their corresponding configuration parameters from the cloud platform. This not only allows the gateway to adapt to multiple SMS platforms but also reduces maintenance costs while ensuring gateway service. Attached Figure Description
[0025] Figure 1 This is a flowchart illustrating an authentication method provided in an embodiment of this application;
[0026] Figure 2 This is a schematic diagram of the structure of an authentication device provided in an embodiment of this application;
[0027] Figure 3 This is a schematic diagram of the hardware structure of a gateway implementing an authentication method according to an embodiment of this application. Detailed Implementation
[0028] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application.
[0029] The terminology used in this application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The singular forms “a,” “the,” and “the” used herein are also intended to include the plural forms unless the context clearly indicates otherwise. It should also be understood that the term “and / or” as used herein refers to and includes any and all possible combinations of one or more of the corresponding listed items.
[0030] It should be understood that although the terms first, second, third, etc., may be used in this application to describe various information, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of this application, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when," "when," or "in response to determination."
[0031] With the increase in SMS platform types and customized SMS platform types, as well as the changes in SMS platform parameters, and because SMS platforms lack standardized formats, gateways need to be developed, tested, and upgraded to adapt to each SMS platform type and parameter change. This results in relatively high development and maintenance costs, and version compatibility for the same type of function is not friendly. In view of this, this application provides an authentication method applied to a gateway. The gateway obtains the SMS platforms supported by the gateway from the cloud platform; based on the obtained SMS platforms, it determines the first target SMS platform to be referenced in the SSLVPN instance; it obtains the configuration parameters of the first target SMS platform from the cloud platform and loads them into memory; upon receiving a user's authentication request, it determines the second target SMS platform referenced in the authentication instance corresponding to the authentication request, where the second target SMS platform is at least one of the first target SMS platforms; it calls the second target SMS platform to send an SMS verification code to the user; and when the user enters the SMS verification code, the user is authenticated. In this way, the gateway does not need to maintain the configuration parameters of the SMS platforms, but only needs to obtain them from the cloud platform. Thus, it reduces maintenance costs while ensuring gateway service, even when the gateway can adapt to multiple SMS platforms.
[0032] The authentication method provided in this application is described in detail below.
[0033] See Figure 1 , Figure 1 This is a flowchart of an authentication method provided in this application. This method can be applied to a gateway, and when the gateway implements this method, it may include the following steps:
[0034] S101. Obtain the SMS platforms supported by the gateway from the cloud platform.
[0035] In this step, the gateway in this embodiment no longer maintains the configuration parameters of the supported SMS platforms. Instead, the cloud platform is used to maintain the SMS platforms and the configuration parameters of the SMS platforms maintained by each gateway. Specifically, the cloud platform can record the correspondence between the gateway of each gateway and the platform identifiers of the SMS platforms supported by that gateway.
[0036] In addition, when the cloud platform detects a change in the SMS platform supported by each gateway, it records the correspondence between the gateway identifier of that gateway and the platform identifier of the updated SMS platform in the cloud platform.
[0037] Based on this, in order to provide authentication functionality, the gateway can first obtain the SMS platforms supported by the network from the cloud platform. Specifically, the gateway can send a platform acquisition request to the cloud platform, which can carry the gateway's identifier. Then, upon receiving the platform acquisition request from the cloud platform, the gateway can parse the gateway identifier from the request and, based on the recorded correspondence between the gateway identifier and platform identifiers, determine the platform identifier corresponding to the gateway identifier in the request—that is, the platform identifier supported by the gateway—and send this platform identifier back to the gateway in the response result. In this way, the gateway can obtain the SMS platforms it supports.
[0038] S102. Based on the obtained SMS platform, determine the first target SMS platform to be referenced in the SSLVPN instance.
[0039] In this step, after obtaining the supported SMS platforms, you can select the SMS platform you want to use. It's important to note that after selecting the SMS platform, it needs to be referenced in the SSLVPN instance before SMS authentication can be performed. Therefore, the selected SMS platform to be referenced in the SSLVPN instance can be referred to as the first target SMS platform mentioned above.
[0040] Specifically, when choosing the SMS platform to use, you can choose randomly, or you can choose according to the priority of each SMS platform or choose a commonly used SMS platform.
[0041] It should be noted that the gateway platform may support more than one SMS platform, depending on the actual situation.
[0042] It should be noted that an SSL VPN instance is a necessary configuration for the gateway when providing SSL VPN services. In addition to the SMS platform supported by the SSL VPN gateway, the SSL VPN instance may also include various accessible web resources / IP resources, as well as various referenceable functions, etc.
[0043] S103. Obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory.
[0044] In this step, after selecting the first target SMS platform, the configuration parameters of the first target SMS platform can be obtained from the cloud platform. For example, a parameter retrieval request can be sent to the cloud platform. The parameter retrieval request can carry the platform identifier of the first target SMS platform. In this way, the cloud platform can parse the platform identifier from the parameter retrieval request and then send the configuration parameters corresponding to the platform identifier to the gateway.
[0045] It should be noted that the cloud platform records the correspondence between the platform identifier of each SMS platform and the storage location of its configuration parameters. Based on this correspondence, the configuration parameters corresponding to the first target SMS platform required by the gateway can be obtained. These configuration parameters are then loaded into memory to provide a verification environment for subsequent user verification based on this first target SMS platform.
[0046] It is worth noting that when supporting a large number of SMS platforms, steps S101 to S103 can be executed separately to avoid network congestion. If the gateway supports a small number of SMS platforms, such as 1 or 2, steps S101 to S103 can be executed simultaneously to obtain the supported SMS platforms and configuration parameters from the cloud platform all at once.
[0047] S104. Upon receiving a user's authentication request, determine the second target SMS platform referenced in the authentication instance corresponding to the authentication request.
[0048] The second target SMS platform mentioned above is at least one of the first target SMS platforms.
[0049] In this step, after the SMS verification environment is configured in the gateway, it can receive authentication requests triggered by users. When the gateway receives the authentication request, it can determine the second target SMS platform used for the user's SMS verification. The second target SMS platform is one of the aforementioned first target SMS platforms.
[0050] It should be noted that when there are multiple target SMS platforms, in one embodiment, an SMS platform can be randomly selected to provide SMS authentication services for the user; alternatively, the service performance of each SMS platform can be statistically analyzed, and a second target SMS platform can be selected based on the service performance. Of course, there are other embodiments, which are not limited to this one.
[0051] It is worth noting that when performing user authentication, a corresponding authentication instance will be activated. This authentication instance refers to the configuration method for authentication during login, which may include, but is not limited to, SMS authentication. In addition, authentication methods may also include 3A authentication, local authentication, username and password authentication, certificate authentication, and so on.
[0052] S105. Invoke the second target SMS platform to send an SMS verification code to the user.
[0053] In this step, after identifying the second target SMS platform, a communication connection can be established with the second target SMS platform to trigger the second target SMS platform to send an SMS verification code to the user.
[0054] Specifically, the gateway obtains the user's login account, which may be a verification number, or it may determine the user's verification number based on the login account. Once the second target SMS platform is identified, the gateway sends the user's verification number (determined from the login account) to that platform. The second target SMS platform can then send an SMS verification code to that phone number.
[0055] S106. When the user enters the SMS verification code, the user authentication is successful.
[0056] In this step, after the user receives the SMS verification code, they can enter it into the verification interface provided by the gateway. The gateway then uses this code to authenticate the user. For example, the gateway can send the verification code to a second target SMS platform. The second target platform verifies whether the entered verification code matches the one sent to the user. If they match, it sends a verification success message to the gateway, which then confirms successful authentication. If they don't match, it sends a verification failure message, which confirms failed authentication. Alternatively, after generating the verification code, the second target SMS platform can send it to the user and simultaneously send it to the gateway for recording. When the user enters the verification code, the gateway can determine whether it matches the one sent by the second target platform. If they match, authentication is successful; otherwise, authentication fails.
[0057] By implementing the authentication method provided in this application, the gateway obtains the SMS platforms supported by the gateway from the cloud platform; based on the obtained SMS platforms, a first target SMS platform to be referenced in the SSLVPN instance is determined; the configuration parameters of the first target SMS platform are obtained from the cloud platform and loaded into memory; upon receiving a user's authentication request, a second target SMS platform referenced in the authentication instance corresponding to the authentication request is determined, wherein the second target SMS platform is at least one of the first target SMS platforms; the second target SMS platform is invoked to send an SMS verification code to the user; and the user is authenticated when the user enters the SMS verification code. Therefore, in this embodiment, the gateway itself no longer maintains the configuration parameters of each SMS platform; instead, the cloud platform maintains the configuration parameters of each gateway. This eliminates the need for the gateway to manually configure the configuration parameters of each SMS platform. Instead, when it confirms the need to provide SMS verification services, it obtains the SMS platforms supported by the gateway and their corresponding configuration parameters from the cloud platform. This not only allows the gateway to adapt to multiple SMS platforms but also reduces maintenance costs while ensuring gateway service.
[0058] It should be noted that before executing step S101, it is necessary to confirm that the SMS authentication function is enabled, that is, the SMS authentication function is in the enabled state.
[0059] Optionally, based on any of the above embodiments, step S105 can be executed in this embodiment according to the following method: when the number of the second target SMS platforms is greater than 1, the optimal target SMS platform among the second target SMS platforms is determined according to the routing information and / or link status of each second target SMS platform; the optimal target SMS platform is invoked to send an SMS verification code to the user.
[0060] Specifically, when the number of second target SMS platforms referenced in the authentication instance is greater than 1, it indicates that there are enough SMS platforms currently capable of providing SMS verification services. In this case, the gateway can determine the optimal target SMS platform among the current second target SMS platforms based on their routing information and / or link status. For example, based on routing information, the second target SMS platform with the shortest path can be selected as the optimal target SMS platform; based on link status, the second target SMS platform with the best current link status can be selected as the optimal target SMS platform; or, based on routing information and link status, several second target SMS platforms representing the path comparison segment indicated by the routing information can be selected first, and then the second target SMS platform with the best link status can be selected from these several second target SMS platforms as the optimal target SMS platform; or, several second target SMS platforms with relatively good link status indicated by the link status can be selected first, and then the second target SMS platform with a relatively superior path indicated by the routing information can be selected from these several second target SMS platforms as the optimal target SMS platform.
[0061] Based on this, the gateway can establish a connection with the optimal target SMS platform and send a verification notification to the optimal target SMS platform. This verification notification can carry the user's verification number so that the optimal target SMS platform can send an SMS verification code to the user.
[0062] When the number of second target SMS platforms is 1, the gateway can directly establish a connection with the second target SMS platform to send a verification notification to the second target SMS platform. The verification notification can carry the user's verification number so that the second target SMS platform can send an SMS verification code to the user.
[0063] Furthermore, the authentication method provided in this embodiment may also include the following process: if no SMS verification code is received based on the optimal target SMS platform, then an optimal target SMS platform is determined from a second target SMS platform other than the optimal target SMS platform; and the optimal target SMS platform is invoked to send an SMS verification code to the user.
[0064] Specifically, to ensure authentication security, SMS verification codes have an expiration date. If the gateway fails to receive the verification code within the set expiration period, it may be due to a malfunction of the optimal target SMS platform or the user receiving the verification code for some reason but failing to send it to the gateway. To avoid situations where users fail to receive verification codes due to the malfunction of the optimal target SMS platform, this embodiment proposes to determine the optimal target SMS platform from a second set of target SMS platforms, and then select a suboptimal target SMS platform from these second-best platforms. This suboptimal target SMS platform is then invoked to send the verification code to the user. If the suboptimal target SMS platform also fails to receive the verification code entered by the user, the process of selecting the optimal target SMS platform and sending the verification code continues. If the verification code is still not received after a set number of attempts, it can be confirmed that the user does not intend to access the network connected to the gateway, and thus the user authentication fails. This reduces, to some extent, the risk of users being unable to log in or experiencing delayed login due to the failure of only one supported SMS platform.
[0065] Optionally, based on any of the above embodiments, step S103 can be executed in this embodiment according to the following method: determine whether the configuration parameters of the first target SMS platform exist in the memory; if not, obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into the memory.
[0066] Specifically, after the gateway obtains its supported SMS platforms and selects the first target SMS platform, it may have already provided authentication services using that platform. This means the gateway may already have the configuration parameters of the first target SMS platform stored in its memory. Therefore, there's no need for the gateway to retrieve these parameters from the cloud platform again. This embodiment proposes that, to avoid wasting resources by repeatedly retrieving already stored configuration parameters from the cloud platform, the gateway first checks if the configuration parameters of the first target SMS platform are stored in its local memory. If not, it retrieves the configuration parameters from the cloud platform and loads them into memory. If the parameters are present, it waits for the user's authentication request to execute the authentication process.
[0067] Optionally, the above configuration parameters may include, but are not limited to, information such as SMS platform address, authentication key, and channel number. Furthermore, different SMS platforms may support different configuration parameters. Therefore, in this embodiment, only the configuration parameters of each SMS platform need to be maintained on the cloud platform, thus eliminating the need to maintain and save them on each gateway device, thereby saving gateway device resources.
[0068] Optionally, based on any of the above embodiments, the authentication method provided in this embodiment may further include the following process: receiving an update request sent by the cloud platform, wherein the update request is sent when the SMS platform supported by the gateway or when the parameters of the SMS platform change, and the update request includes the changed SMS platform and / or the parameters of the SMS platform to be updated; and authenticating the user according to the update request after receiving the user's authentication request.
[0069] Specifically, when the cloud platform detects a change in the SMS platforms supported by the gateway, or a change in the configuration parameters of any supported SMS platform, the cloud platform will send an update request to the gateway. More specifically, if an SMS platform supported by the gateway is no longer supported, the update request can be a deletion request. This deletion request will carry the platform identifier of the SMS platform to be deleted. Upon receiving the deletion request, the gateway can parse the platform identifier from the request and then delete the SMS platform corresponding to that identifier and its configuration parameters from the gateway. This ensures the validity of the SMS platforms used by the gateway to provide authentication services, thereby better serving user authentication needs.
[0070] When the cloud platform discovers that the gateway has added a new supported SMS platform, the aforementioned update request can be an add request. This add request can include the platform identifier of the new SMS platform and its configuration parameters (i.e., the parameters to be configured). Upon receiving this add request, the gateway can parse the platform identifier and configuration parameters from it, then record them and load the configuration parameters into memory.
[0071] When the cloud platform detects a change in the configuration parameters of the SMS platform supported by the gateway, the aforementioned update request can become a change request. This change request can carry the platform identifier of the SMS platform to be modified and the latest configuration parameters (i.e., the parameters to be configured mentioned above). Upon receiving this change request, the gateway can parse the platform identifier and the latest configuration parameters, record them, and load the latest configuration parameters into memory.
[0072] In this way, the gateway can perform user authentication operations based on the latest supported SMS platforms and configuration parameters. This not only reduces costs but also enables the updating of SMS platforms and their configuration parameters, greatly improving the efficiency and effectiveness of user authentication.
[0073] Based on the same inventive concept, this application also provides an authentication device corresponding to the above-described authentication method. Specific implementation details of this authentication device can be found in the above description of the authentication method, and will not be elaborated upon here.
[0074] See Figure 2 , Figure 2 This application provides an exemplary embodiment of an authentication device, which is disposed in a gateway. The device includes:
[0075] The first acquisition module 201 is used to acquire the SMS platforms supported by the gateway from the cloud platform;
[0076] The first determining module 202 is used to determine the first target SMS platform to be referenced in the SSLVPN instance based on the obtained SMS platform.
[0077] The second acquisition module 203 is used to acquire the configuration parameters of the first target SMS platform from the cloud platform and load them into memory;
[0078] The second determining module 204 is used to determine, upon receiving a user's authentication request, the second target SMS platform referenced in the authentication instance corresponding to the authentication request, wherein the second target SMS platform is at least one of the first target SMS platforms;
[0079] The calling module 205 is used to call the second target SMS platform to send an SMS verification code to the user;
[0080] The authentication module 206 is used to authenticate the user when the user enters the SMS verification code.
[0081] Optionally, based on the above embodiments, the calling module 205 in this embodiment is specifically used to determine the optimal target SMS platform among the second target SMS platforms according to the routing information and / or link status of each second target SMS platform when the number of the second target SMS platforms is greater than 1; and to call the optimal target SMS platform to send an SMS verification code to the user.
[0082] Optionally, based on any of the above embodiments, the second acquisition module 203 in this embodiment is specifically used to determine whether the configuration parameters of the first target SMS platform exist in the memory; if not, it obtains the configuration parameters of the first target SMS platform from the cloud platform and loads them into the memory.
[0083] Furthermore, the aforementioned calling module 205 is also configured to, if no SMS verification code is received based on the optimal target SMS platform, determine the optimal target SMS platform from a second target SMS platform other than the optimal target SMS platform; and call the optimal target SMS platform to send an SMS verification code to the user.
[0084] Optionally, based on any of the above embodiments, the authentication device provided in this embodiment may further include:
[0085] A receiving module (not shown in the figure) is used to receive an update request sent by the cloud platform. The update request is sent when the SMS platform supported by the gateway or the parameters of the SMS platform change. The update request includes the changed SMS platform and / or the parameters of the SMS platform to be updated.
[0086] Based on this, the authentication module 206 is also used to authenticate the user according to the update request after receiving the user's authentication request.
[0087] By providing the aforementioned authentication device, in this embodiment, the gateway itself no longer maintains the configuration parameters of each SMS platform. Instead, the cloud platform maintains the configuration parameters of each gateway. In this way, the gateway does not need to manually configure the configuration parameters of each SMS platform. Instead, when it is confirmed that SMS verification service needs to be provided, it obtains the SMS platforms supported by the gateway and their corresponding configuration parameters from the cloud platform. This not only allows the gateway to adapt to multiple SMS platforms but also reduces maintenance costs while ensuring gateway service.
[0088] Based on the same inventive concept, embodiments of this application provide a gateway, such as... Figure 3As shown, the gateway includes a processor 301 and a machine-readable storage medium 302. The machine-readable storage medium 302 stores a computer program executable by the processor 301. The processor 301 is prompted by the computer program to execute the authentication method provided in any embodiment of this application. Furthermore, the gateway also includes a communication interface 303 and a communication bus 304, wherein the processor 301, the communication interface 303, and the machine-readable storage medium 302 communicate with each other via the communication bus 304.
[0089] The communication bus mentioned in the gateway above can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. This communication bus can be divided into address bus, data bus, control bus, etc. For ease of illustration, only one thick line is used to represent it in the diagram, but this does not mean that there is only one bus or one type of bus.
[0090] The communication interface is used for communication between the aforementioned gateway and other devices.
[0091] The machine-readable storage medium 302 described above can be a memory, which may include random access memory (RAM), DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory), or non-volatile memory (NVM), such as at least one disk storage device. Optionally, the memory may also be at least one storage device located remotely from the aforementioned processor.
[0092] The processors mentioned above can be general-purpose processors, including central processing units (CPUs), network processors (NPs), etc.; they can also be digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components.
[0093] For the gateway and machine-readable storage medium embodiments, since the methods involved are basically similar to those in the aforementioned method embodiments, the description is relatively simple, and relevant details can be found in the descriptions of the method embodiments.
[0094] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0095] The specific implementation process of the functions and roles of each unit / module in the above device can be found in the implementation process of the corresponding steps in the above method, and will not be repeated here.
[0096] For the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to in the description of the method embodiments. The device embodiments described above are merely illustrative. The units / modules described as separate components may or may not be physically separate. The components shown as units / modules may or may not be physical units / modules, that is, they may be located in one place or distributed across multiple network units / modules. Some or all of the units / modules can be selected to achieve the purpose of this application according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0097] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of protection of this application.
Claims
1. An authentication method, characterized in that, The method, applied in a gateway, includes: Obtain the SMS platforms supported by the gateway from the cloud platform; Based on the obtained SMS platform, determine the first target SMS platform to be referenced in the SSLVPN instance; Obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory; Upon receiving a user's authentication request, the second target SMS platform referenced in the authentication instance corresponding to the authentication request is determined, wherein the second target SMS platform is at least one of the first target SMS platforms; The second target SMS platform is invoked to send an SMS verification code to the user; The user is authenticated when they enter the SMS verification code.
2. The method according to claim 1, characterized in that, Invoking the second target SMS platform to send an SMS verification code to the user includes: When the number of the second target SMS platforms is greater than 1, the optimal target SMS platform among the second target SMS platforms is determined based on the routing information and / or link status of each second target SMS platform. The optimal target SMS platform is invoked to send an SMS verification code to the user.
3. The method according to claim 1, characterized in that, Obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory, including: Determine whether the configuration parameters of the first target SMS platform exist in memory; If it does not exist, the configuration parameters of the first target SMS platform are obtained from the cloud platform and loaded into memory.
4. The method according to claim 2, characterized in that, Also includes: If no SMS verification code is received based on the optimal target SMS platform, then the optimal target SMS platform is determined from the second target SMS platform other than the optimal target SMS platform. It then invokes the optimal target SMS platform to send an SMS verification code to the user.
5. The method according to claim 1, characterized in that, Also includes: The gateway receives an update request sent by the cloud platform. The update request is sent when the SMS platform supported by the gateway or when the parameters of the SMS platform change. The update request includes the changed SMS platform and / or the parameters of the SMS platform to be updated. Upon receiving a user's authentication request, the user is authenticated according to the update request.
6. An authentication device, characterized in that, The device, configured in the gateway, includes: The first acquisition module is used to acquire the SMS platforms supported by the gateway from the cloud platform; The first determination module is used to determine the first target SMS platform to be referenced in the SSLVPN instance based on the obtained SMS platform. The second acquisition module is used to obtain the configuration parameters of the first target SMS platform from the cloud platform and load them into memory; The second determining module is used to determine, upon receiving a user's authentication request, the second target SMS platform referenced in the authentication instance corresponding to the authentication request, wherein the second target SMS platform is at least one of the first target SMS platforms; The calling module is used to call the second target SMS platform to send an SMS verification code to the user; The authentication module is used to authenticate the user when the user enters the SMS verification code.
7. The apparatus according to claim 6, characterized in that, The calling module is specifically used to determine the optimal target SMS platform among the second target SMS platforms based on the routing information and / or link status of each second target SMS platform when the number of second target SMS platforms is greater than 1. The optimal target SMS platform is invoked to send an SMS verification code to the user.
8. The apparatus according to claim 6, characterized in that, The second acquisition module is specifically used to determine whether the configuration parameters of the first target SMS platform exist in the memory; if not, it obtains the configuration parameters of the first target SMS platform from the cloud platform and loads them into the memory.
9. The apparatus according to claim 7, characterized in that, The calling module is further configured to determine the optimal target SMS platform from a second target SMS platform other than the optimal target SMS platform if no SMS verification code is received based on the optimal target SMS platform. It then invokes the optimal target SMS platform to send an SMS verification code to the user.
10. The apparatus according to claim 6, characterized in that, Also includes: The receiving module is used to receive an update request sent by the cloud platform. The update request is sent when the SMS platform supported by the gateway or when the parameters of the SMS platform change. The update request includes the changed SMS platform and / or the parameters of the SMS platform to be updated. The authentication module is also used to authenticate the user according to the update request after receiving the user's authentication request.