CN101820344A - AAA server, home network access method and system - Google Patents

AAA server, home network access method and system Download PDF

Info

Publication number
CN101820344A
CN101820344A CN201010132470.5A CN201010132470A CN101820344A CN 101820344 A CN101820344 A CN 101820344A CN 201010132470 A CN201010132470 A CN 201010132470A CN 101820344 A CN101820344 A CN 101820344A
Authority
CN
China
Prior art keywords
control terminal
home gateway
home
aaa server
home network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201010132470.5A
Other languages
Chinese (zh)
Other versions
CN101820344B (en
Inventor
刘国荣
沈军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN2010101324705A priority Critical patent/CN101820344B/en
Publication of CN101820344A publication Critical patent/CN101820344A/en
Application granted granted Critical
Publication of CN101820344B publication Critical patent/CN101820344B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an AAA server and a home network access method and a system, relating to the field of network security, wherein the home network access method comprises the following steps of: sending a request of accessing a home network to an AAA server by a control terminal, wherein the access request comprises the account number of the home network; finding the IP address of the home gateway in the home network by the AAA server according to the account number of the home network; verifying the access right of the control terminal by the AAA server; after the access right of the control terminal passes the verification of the AAA server, generating a random number by the AAA server to serve as a session key of the communication of the control terminal and the home gateway; sending a security policy comprising the session key and the IP address of the home gateway to the control terminal by the AAA server; sending the security policy and the IP address of the control terminal to the home gateway; and carrying out communication between the control terminal and the home gateway by applying the security policy. The invention realizes the remote safe access of the home network by means of the security guarantee of network access.

Description

Aaa server, home network access method and system
Technical field
The present invention relates to network safety filed, particularly relate to a kind of AAA (AuthenticationAuthorization Accounting, authentication, mandate and statistics) server, home network access method and system.
Background technology
Along with the Internet and household electrical appliance information-based development, family's broadband access network is more and more universal.One family can have a plurality of information terminals, as computer, Digital Television, video telephone, video monitoring system etc.These information terminals can be formed small-sized home network, and can pass through home gateway access carrier network.Following home network may realize comprising devices interconnect and management such as information equipment, communication equipment, amusement equipment, household electrical appliance even water, electricity and gas hotlist equipment, and data and multimedia messages are shared.By network, the user can the Remote domestic information terminal realizing home intelligence, as open air-conditioning before monitoring remote video, the prerequisite of getting home, bathtub is filled with hot water etc., for life brings great convenience.Yet Smart Home also comes risk for the household safety belt, in case home network is invaded, home appliance, individual privacy will be subjected to serious threat.Therefore, the safety of home network inserts, and becomes the matter of utmost importance that Smart Home will solve.
At present, the main flow scheme of the long-range access of local area network (LAN) is to realize by IPSec VPN (Virtual Private Network, Virtual Private Network) such as (Internet ProtocolSecurity, Internet protocol safeties), the client is remote access gateway directly, carries out access control by gateway.But there is certain defective in this type of scheme in family's network application, such as, home network generally adopts the dial mode access network, gateway IP dynamic change, and the IP address need be searched, be provided with to each access.The IP address dynamic change of the control terminal of remote access home network can't be used security strategies such as IP address filtering.In addition, home gateway security configuration professional very strong, most of client is difficult to be competent at.
Summary of the invention
The objective of the invention is to propose a kind of aaa server, home network access method and system, realized that the telesecurity of home network inserts.
For achieving the above object, the invention provides a kind of home network access method, comprising: the request that control terminal will insert described home network sends to aaa server, comprises the account number of described home network in the described access request; Described aaa server finds the IP address of the home gateway in the described home network according to the account number of described home network; Described aaa server is verified the access rights of described control terminal; After the checking of access rights by described aaa server of described control terminal, described aaa server generates the session key that random number is communicated by letter with described home gateway as described control terminal; Described aaa server will comprise that the security strategy of described session key and the IP address of described home gateway send to described control terminal, and the IP address of described security strategy and described control terminal is sent to described home gateway; Described control terminal and described home gateway are used described security strategy and are communicated.
In one embodiment, using described security strategy at described control terminal and described home gateway comprises before communicating: the fire compartment wall of described home gateway increases interim rules, and described interim rules comprises that allowing described control terminal to visit described home gateway lost efficacy until described security strategy.
In one embodiment, described control terminal and described home gateway are used described security strategy and communicated and comprise: described control terminal sends the request of the information terminal that visit is connected with described home gateway to described home gateway, comprises the account number of described information terminal in the described request; Described home gateway is converted to the account number of described information terminal the IP address of described information terminal; Described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is transmitted the communication data between described information terminal and the described control terminal as the communication agent of described information terminal.
In one embodiment, described control terminal and described home gateway are used described security strategy and communicated and comprise: described home gateway carries out encryption and decryption to described information terminal by described home gateway information transmitted.
For achieving the above object, the present invention also provides a kind of home network access method, comprise: the Smart Home controlling platform receives the request that control terminal inserts described home network, and the request of the described home network of described access is transmitted to aaa server, comprise the account number of described home network in the described access request; Described aaa server finds the IP address of the home gateway in the described home network according to the account number of described home network; Described aaa server is verified the access rights of described control terminal; After the checking of access rights by described aaa server of described control terminal, described aaa server generates the session key that random number is communicated by letter with described home gateway as described control terminal; Described aaa server will comprise that the security strategy of described session key and the IP address of described home gateway send to described Smart Home controlling platform, and the IP address of described security strategy and described control terminal is sent to described home gateway; Described control terminal and described home gateway are used described security strategy and are communicated by described Smart Home controlling platform.
In one embodiment, described control terminal and described home gateway are used described security strategy and communicated by described Smart Home controlling platform and comprise: described control terminal sends the request of the information terminal that visit is connected with described home gateway to described Smart Home controlling platform, comprises the account number of described information terminal in the described request; Described home gateway is converted to the account number of described information terminal the IP address of described information terminal; Described control terminal is visited described information terminal according to the IP address of described information terminal by described Smart Home controlling platform, or described home gateway is as the communication agent of described information terminal, transmits communication data between described information terminal and the described control terminal by described Smart Home controlling platform.
For achieving the above object, the present invention also provides a kind of aaa server, comprising: receiver module, be used to receive the request of the access home network that control terminal sends, and comprise the account number of described home network in the described access request; Search module, be used for account number, find the IP address of the home gateway in the described home network according to described home network; Authentication module is used to verify the access rights of described control terminal; Key production module is used for generating a session key that random number is communicated by letter with described home gateway as described control terminal after the checking of access rights by described aaa server of described control terminal; Sending module, be used for to comprise that the security strategy of described session key and the IP address of described home gateway send to described control terminal, the IP address of described security strategy and described control terminal is sent to described home gateway, and described control terminal and described home gateway are used described security strategy and are communicated.
For achieving the above object, the present invention also provides a kind of home network connecting system, comprising: aaa server is used to receive the request of the access home network that control terminal sends, and verify the access rights of described control terminal, comprise the account number of described home network in the described access request; Home gateway in the described home network, be used to receive that described aaa server sends comprises the security strategy that is used for the session key that described control terminal communicates by letter with described home gateway, described session key is the random number that described aaa server generates after the checking of access rights by described aaa server of described control terminal, wherein, described aaa server sends to described control terminal with the IP address of described security strategy and described home gateway, the IP address of described security strategy and described control terminal is sent to described home gateway, described control terminal and described home gateway are used described security strategy and are communicated, and the IP address of wherein said home gateway is found by the account number of described aaa server according to described home network.
In one embodiment, described home gateway also is used to fire compartment wall to increase interim rules, and described interim rules comprises that allowing described control terminal to visit described home gateway lost efficacy until described security strategy.
In one embodiment, described home gateway also is used to receive the request of the information terminal that visit that described control terminal sends is connected with described home gateway, the account number that comprises described information terminal in the described request, described home gateway is converted to the account number of described information terminal the IP address of described information terminal, described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is transmitted the communication data between described information terminal and the described control terminal as the communication agent of described information terminal.
For achieving the above object, the present invention also provides a kind of home network connecting system, comprising: the Smart Home controlling platform, be used to receive the request that control terminal inserts described home network, and comprise the account number of described home network in the described access request; Aaa server is used to receive the request of the described home network of described access that described Smart Home controlling platform transmits, and verifies the access rights of described control terminal; Home gateway in the described home network, be used to receive that described aaa server sends comprises the security strategy that is used for the session key that described control terminal communicates by letter with described home gateway, described session key is the random number that described aaa server generates after the checking of access rights by described aaa server of described control terminal, wherein, described aaa server sends to described Smart Home controlling platform with the IP address of described security strategy and described home gateway, the IP address of described security strategy and described control terminal is sent to described home gateway, described control terminal and described home gateway are used described security strategy and are communicated by described Smart Home controlling platform, and the IP address of wherein said home gateway is found by the account number of described aaa server according to described home network.
In one embodiment, described Smart Home controlling platform also is used to receive the request of the information terminal that visit that described control terminal sends is connected with described home gateway, the account number that comprises described information terminal in the described request, described Smart Home controlling platform is converted to the account number of described information terminal the IP address of described information terminal, described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is as the communication agent of described information terminal, transmits communication data between described information terminal and the described control terminal by described Smart Home controlling platform.
Based on technique scheme, the present invention utilizes aaa server to realize authentication, the access control by control terminal remote access home network to the client, by the safety guarantee of network insertion, has realized the method for the telesecurity access of home network.Though the IP address dynamic change of home gateway when control terminal inserts, can directly use fixing home network title to get final product.In addition, security strategy is dynamically issued by aaa server, need not client's configuration, has made things convenient for client's use.
Description of drawings
Accompanying drawing described herein is used to provide further explanation of the present invention, constitutes a part of the present invention.Illustrative examples of the present invention and explanation thereof only are used to explain the present invention, but do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the structural representation according to the home network connecting system of the embodiment of the invention one.
Fig. 2 is the structural representation according to the home network connecting system of the embodiment of the invention two.
Fig. 3 is the flow chart according to the home network access method of the embodiment of the invention one.
Fig. 4 is the flow chart according to the home network access method of the embodiment of the invention two.
Fig. 5 is the flow chart according to the home network access method of the embodiment of the invention three.
Fig. 6 is the structural representation according to the aaa server of the embodiment of the invention.
Embodiment
With reference to the accompanying drawings the present invention is described in more detail, exemplary embodiment of the present invention wherein is described.In the accompanying drawings, identical label is represented identical or similar assembly or element.
Fig. 1 is the structural representation according to the home network connecting system 100 of the embodiment of the invention one.Home network connecting system 100 comprises: control terminal 102, aaa server 104 and home network 110.
In one embodiment, home network 110 can comprise home gateway 116 and information terminal 112.Wherein, information terminal 112 can be the information equipment that computer, Digital Television, video telephone etc. have network savvy.Information terminal 112 is interconnected with home gateway 116, forms an independently internal network, and with the unified outlet of home gateway 116 as home network 110.In another embodiment, home network 110 also can include only a main frame as home gateway 116.In one embodiment, home gateway 116 can adopt safe access technology, as AKA (Authentication and Key Agreement, Authentication and Key Agreement) authentication techniques, and guarantees and aaa server 104 communication securities.
Control terminal 102 can be PC, notebook, mobile phone, the PDA intelligent terminals such as (Personal Digital Assistant, i.e. personal digital assistants) with function of surfing the Net.According to embodiments of the invention, control terminal 102 can long-rangely insert, control home gateway 116 and/or the information terminal 112 in the home network 110.In one embodiment, control terminal 102 can adopt safe access technology (as the AKA authentication techniques), and guarantees and aaa server 104 communication securities.
Aaa server 104 is systems that access authentication can be provided for control terminal 102, home network 110.Aaa server 104 can record controls terminal 102 and the online information of home network 110, comprises IP address, account number name etc.Aaa server 104 can be used to receive the request of the access home network 110 that control terminal 102 sends, and the access rights of access control terminal 102, wherein, inserts the account number that comprises home network 110 in the request, as myhome@foo.com.
According to embodiments of the invention, the home gateway 116 in the home network 110 can be used to receive that aaa server 104 sends comprises the security strategy that is used for the session key that control terminal 102 communicates by letter with home gateway 116.Session key is the random number that aaa server 104 generates after the access rights of control terminal 102 are passed through the checking of aaa server 104.If authentication failed, aaa server 104 can be refused the access request to home network 110 of control terminal 102.Aaa server 104 can send to control terminal 102 with the IP address of security strategy and home gateway 116, and the IP address of security strategy and control terminal 102 is sent to home gateway 116.Wherein, the IP address of home gateway 116 is found by the account number of aaa server 104 according to home network 110.Control terminal 102 and home gateway 116 can communicate by using security strategy.
In one embodiment, home gateway 116 has firewall functionality, and under the default situation, 116 of home gateways allow aaa server 104 visit home networks 110, and other external reference request is refused without exception.According to embodiments of the invention, in the authentication of control terminal 102 by aaa server 104, and, after aaa server 104 is handed down to home gateway 116 with the IP address of control terminal 102 and security strategy, home gateway 116 can be for fire compartment wall increases interim rules, and interim rules comprises that allowing control terminal 102 to visit home gateways 116 lost efficacy until security strategy.In one embodiment, home gateway 116 can carry out encryption and decryption by home gateway 116 information transmitted to information terminal 112.
In one embodiment, home gateway 116 also is used to receive the request of the information terminal 112 that visit that control terminal 102 sends is connected with home gateway 116, comprises the account number of information terminal 112 in the request, as tv.myhome@foo.com.Home gateway 116 can be converted to the account number of information terminal 112 the IP address of information terminal 112, and control terminal 102 can be according to the IP address visit information terminal 112 of information terminal 112.In another embodiment, home gateway 116 can be used as the communication agent of information terminal 112, the communication data between forwarding information terminal 112 and the control terminal 102.Home gateway 116 can be converted to the account number of information terminal 112 implicit IP address of information terminal 112 at home network 110, and request is transmitted to information terminal 112.For the return information of information terminal 112, home gateway 116 is transmitted to control terminal 102 after the address can being changed again.
The present invention utilizes aaa server to realize authentication, the access control by control terminal remote access home network to the client, by the safety guarantee of network insertion, has realized the method for the telesecurity access of home network.Though the IP address dynamic change of home gateway when control terminal inserts, can directly use fixing home network title to get final product.In addition, security strategy is dynamically issued by aaa server, need not client's configuration, has made things convenient for client's use.
Fig. 2 is the structural representation according to the home network connecting system 200 of the embodiment of the invention two.Home network connecting system 200 comprises: control terminal 202, aaa server 204, home network 210 and Smart Home controlling platform 206.
In one embodiment, home network 210 can comprise home gateway 216 and information terminal 212.Wherein, information terminal 212 can be the information equipment that computer, Digital Television, video telephone etc. have network savvy.Information terminal 212 is interconnected with home gateway 216, forms an independently internal network, and with the unified outlet of home gateway 216 as home network 210.In another embodiment, home network 210 also can include only a main frame as home gateway 216.
Control terminal 202 can be intelligent terminals such as PC with function of surfing the Net, notebook, mobile phone, PDA.According to embodiments of the invention, control terminal 202 can long-rangely insert, control home gateway 216 and/or the information terminal 212 in the home network 210.
Smart Home controlling platform 206 is used to receive the request that control terminal 202 inserts home network 210, inserts the account number that comprises home network 210 in the request, as myhome@foo.com.In one embodiment, Smart Home controlling platform 206 can be provided by operator, equally places network side with aaa server 204, so aaa server 204 need not Smart Home controlling platform 206 is carried out dynamic authentication.
Aaa server 204 is used to receive the request of the access home network 210 that Smart Home controlling platform 206 transmits, and the access rights of access control terminal 202.
Home gateway 216 in the home network 210, be used to receive that aaa server 204 sends comprises the security strategy that is used for the session key that control terminal 202 communicate by letter with home gateway 216, session key be the random number of aaa server 204 generations after the access rights of control terminal 202 are passed through the checking of aaa server 204.Wherein, aaa server 204 sends to Smart Home controlling platform 206 with the IP address of security strategy and home gateway 216, the IP address of security strategy and control terminal 202 is sent to home gateway 216, and wherein the IP address of home gateway 216 is found by the account number of aaa server 204 according to home network 210.Control terminal 202 and home gateway 216 can communicate by Smart Home controlling platform 206 by using security strategy.
In one embodiment, Smart Home controlling platform 206 can receive the request of the information terminal 212 that visit that control terminal 202 sends is connected with home gateway 216, comprises the account number of information terminal 212 in the request, as tv.myhome@foo.com.Home gateway 216 can be converted to the account number of information terminal 212 the IP address of information terminal 212, and control terminal 202 can pass through Smart Home controlling platform 206 visit information terminals 212 according to the IP address of information terminal 212.In another embodiment, home gateway 216 can be used as the communication agent of information terminal 212, by the communication data between Smart Home controlling platform 206 forwarding information terminals 212 and the control terminal 202.Home gateway 216 can be converted to the account number of information terminal 212 implicit IP address of information terminal 212 at home network 210, and request is transmitted to information terminal 212.For the return information of information terminal 212, home gateway 216 returns to control terminal 202 by Smart Home controlling platform 206 after can changing the address.
The present invention utilizes aaa server to realize authentication, the access control by control terminal remote access home network to the client, by the safety guarantee of network insertion, has realized the method for the telesecurity access of home network.Though the IP address dynamic change of home gateway when control terminal inserts, can directly use fixing home network title to get final product.And security strategy is dynamically issued by aaa server, need not client's configuration, has made things convenient for client's use.In addition, because the introducing of the Smart Home controlling platform of network side, the client can improve the compatibility of family's connecting system to home gateway by the information terminal in the Smart Home controlling platform visit home network.
Fig. 3 is the flow chart according to the home network access method 300 of the embodiment of the invention one.
In step 302, the request that control terminal will insert home network sends to aaa server, inserts the account number that comprises home network in the request.
In step 304, aaa server finds the IP address of the home gateway in the home network according to the account number of home network.
In step 306, the access rights of aaa server access control terminal.
In step 308, after the access rights of control terminal were passed through the checking of aaa server, aaa server generated the session key that random number is communicated by letter with home gateway as control terminal.
In step 310, aaa server will comprise that the security strategy of session key and the IP address of home gateway send to control terminal, and the IP address of security strategy and control terminal is sent to home gateway.
In step 312, control terminal and home gateway using security strategy communicate.
The present invention utilizes aaa server, makes the user carry out safe remote access to home gateway in the home network (or independent main frame) and/or the information terminal that links to each other with home gateway by control terminal.By the safety guarantee of network insertion, realized the safety access method of home network.
Fig. 4 is the flow chart according to the home network access method 400 of the embodiment of the invention two.
In one embodiment, home network can comprise home gateway and information terminal.Wherein, information terminal can be the information equipment that computer, Digital Television, video telephone etc. have network savvy.Information terminal and home gateway are interconnected, form an independently internal network, and with the unified outlet of home gateway as home network.In another embodiment, home network also can include only a main frame as home gateway.
In step 402, the request that control terminal will insert home network sends to aaa server, inserts the account number that comprises home network in the request, as myhome@foo.com.In one embodiment, control terminal can adopt safe access technology (as the AKA authentication techniques), and guarantees and the aaa server communication security.
In step 404, aaa server finds the IP address of the home gateway in the home network according to the account number of home network.Aaa server provides the system of access authentication for control terminal, home network.Aaa server can the record controls terminal and the online information of home network, comprises IP address, account number name etc.In one embodiment, home gateway can adopt safe access technology (as the AKA authentication techniques), and guarantees and the aaa server communication security.
In step 406, the access rights of aaa server access control terminal.In one embodiment, authority that can visit home network defined by the user.If authentication failed, aaa server will be refused the access request of control terminal to home network, flow process finishes.If the verification passes, then enter step 408.
In step 408, after the access rights of control terminal were passed through the checking of aaa server, aaa server generated the session key that random number is communicated by letter with home gateway as control terminal.
In step 410, aaa server will comprise that the security strategy of session key and the IP address of home gateway send to control terminal, and the IP address of security strategy and control terminal is sent to home gateway.In one embodiment, aaa server can be handed down to control terminal and home gateway with security strategy and the other side's IP address safety by the escape way of setting up as the AKA technology.Wherein, security strategy can comprise session key, encryption/decryption algorithm, Message Digest 5, out-of-service time, access rights etc.
In step 412, the fire compartment wall of home gateway increases interim rules, and interim rules comprises that allowing control terminal to visit home gateway lost efficacy until security strategy.In one embodiment, home gateway has firewall functionality, and under the default situation, home gateway only allows aaa server visit home network, and other access request is refused without exception.According to embodiments of the invention, in the authentication of control terminal by aaa server, and after aaa server was handed down to home gateway with the IP address of control terminal and security strategy, home gateway can increase interim rules for fire compartment wall.
In step 414, control terminal and home gateway using security strategy communicate.In one embodiment, control terminal can send the request of visiting the information terminal that is connected with home gateway to home gateway, comprises the account number of information terminal in the request, as tv.myhome@foo.com.Home gateway is converted to the account number of information terminal the IP address of information terminal.Control terminal is realized visit to information terminal according to the IP address of information terminal.In one embodiment, home gateway is converted to the implicit IP address of information terminal at home network, the agency that home gateway is communicated by letter with control terminal as information terminal with the account number of information terminal.In one embodiment, home gateway carries out encryption and decryption to information terminal by the home gateway information transmitted.
Fig. 5 is the flow chart according to the home network access method 500 of the embodiment of the invention three.
In step 502, the Smart Home controlling platform receives the request that control terminal inserts home network, and the request that will insert home network is transmitted to aaa server, inserts the account number that comprises home network in asking.
In step 504, aaa server finds the IP address of the home gateway in the home network according to the account number of home network.
In step 506, the access rights of aaa server access control terminal.
In step 508, after the access rights of control terminal were passed through the checking of aaa server, aaa server generated the session key that random number is communicated by letter with home gateway as control terminal.
In step 510, aaa server will comprise that the security strategy of session key and the IP address of home gateway send to the Smart Home controlling platform, and the IP address of security strategy and control terminal is sent to home gateway.
In step 512, control terminal and home gateway using security strategy communicate by the Smart Home controlling platform.In one embodiment, control terminal sends the request of visiting the information terminal that is connected with home gateway to the Smart Home controlling platform, comprises the account number of information terminal in the request.Home gateway is converted to the account number of information terminal the IP address of information terminal.Control terminal is according to the IP address visit information terminal of information terminal.In one embodiment, home gateway is as the communication agent of information terminal, by the communication data between Smart Home controlling platform forwarding information terminal and the control terminal.Home gateway is converted to the implicit IP address of information terminal at home network with the account number of information terminal, and request is sent to information terminal.For the return information of information terminal, undertaken being transmitted to control terminal by the Smart Home controlling platform after the address transition by home gateway.
The present invention utilizes aaa server, makes the user carry out safe remote access to home gateway in the home network (or independent main frame) and/or the information terminal that links to each other with home gateway by control terminal.By the safety guarantee of network insertion, realized the safety access method of home network.In addition, because the introducing of the Smart Home controlling platform of network side, the client can improve the compatibility of family's connecting system to home gateway by the information terminal in the Smart Home controlling platform visit home network.
Fig. 6 is the structural representation according to the aaa server 600 of the embodiment of the invention.Aaa server 600 comprises receiver module 602, searches module 604, authentication module 606, key production module 608 and sending module 610.
Receiver module 602 is used to receive the request of the access home network that control terminal sends, and inserts the account number that comprises home network in the request.
Search module 604, be used for account number, find the IP address of the home gateway in the home network according to home network.
Authentication module 606 is used for the access rights of access control terminal.
Key production module 608 is used for generating the session key that random number is communicated by letter with home gateway as control terminal after the access rights of control terminal are passed through the checking of aaa server.
Sending module 610 is used for and will comprises that the security strategy of session key and the IP address of home gateway send to control terminal, and the IP address of security strategy and control terminal is sent to home gateway, and control terminal and home gateway using security strategy communicate.
Description of the invention provides for example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is for better explanation principle of the present invention and practical application, thereby and makes those of ordinary skill in the art can understand the various embodiment that have various modifications that the present invention's design is suitable for special-purpose.

Claims (12)

1. a home network access method is characterized in that, comprising:
The request that control terminal will insert described home network sends to aaa server, comprises the account number of described home network in the described access request;
Described aaa server finds the IP address of the home gateway in the described home network according to the account number of described home network;
Described aaa server is verified the access rights of described control terminal;
After the checking of access rights by described aaa server of described control terminal, described aaa server generates the session key that random number is communicated by letter with described home gateway as described control terminal;
Described aaa server will comprise that the security strategy of described session key and the IP address of described home gateway send to described control terminal, and the IP address of described security strategy and described control terminal is sent to described home gateway; With
Described control terminal and described home gateway are used described security strategy and are communicated.
2. home network access method according to claim 1 is characterized in that, uses described security strategy at described control terminal and described home gateway and comprises before communicating:
The fire compartment wall of described home gateway increases interim rules, and described interim rules comprises that allowing described control terminal to visit described home gateway lost efficacy until described security strategy.
3. home network access method according to claim 1 is characterized in that, described control terminal and described home gateway are used described security strategy and communicated and comprise:
Described control terminal sends the request of visiting the information terminal that is connected with described home gateway to described home gateway, comprises the account number of described information terminal in the described request;
Described home gateway is converted to the account number of described information terminal the IP address of described information terminal; With
Described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is transmitted the communication data between described information terminal and the described control terminal as the communication agent of described information terminal.
4. home network access method according to claim 3 is characterized in that, described control terminal and described home gateway are used described security strategy and communicated and comprise:
Described home gateway carries out encryption and decryption to described information terminal by described home gateway information transmitted.
5. a home network access method is characterized in that, comprising:
The Smart Home controlling platform receives the request that control terminal inserts described home network, and the request of the described home network of described access is transmitted to aaa server, comprises the account number of described home network in the described access request;
Described aaa server finds the IP address of the home gateway in the described home network according to the account number of described home network;
Described aaa server is verified the access rights of described control terminal;
After the checking of access rights by described aaa server of described control terminal, described aaa server generates the session key that random number is communicated by letter with described home gateway as described control terminal;
Described aaa server will comprise that the security strategy of described session key and the IP address of described home gateway send to described Smart Home controlling platform, and the IP address of described security strategy and described control terminal is sent to described home gateway; With
Described control terminal and described home gateway are used described security strategy and are communicated by described Smart Home controlling platform.
6. home network access method according to claim 5 is characterized in that, described control terminal and described home gateway are used described security strategy and communicated by described Smart Home controlling platform and comprise:
Described control terminal sends the request of visiting the information terminal that is connected with described home gateway to described Smart Home controlling platform, comprises the account number of described information terminal in the described request;
Described home gateway is converted to the account number of described information terminal the IP address of described information terminal; With
Described control terminal is visited described information terminal according to the IP address of described information terminal by described Smart Home controlling platform, or described home gateway is as the communication agent of described information terminal, transmits communication data between described information terminal and the described control terminal by described Smart Home controlling platform.
7. an aaa server is characterized in that, comprising:
Receiver module is used to receive the request of the access home network that control terminal sends, and comprises the account number of described home network in the described access request;
Search module, be used for account number, find the IP address of the home gateway in the described home network according to described home network;
Authentication module is used to verify the access rights of described control terminal;
Key production module is used for generating a session key that random number is communicated by letter with described home gateway as described control terminal after the checking of access rights by described aaa server of described control terminal; With
Sending module, be used for to comprise that the security strategy of described session key and the IP address of described home gateway send to described control terminal, the IP address of described security strategy and described control terminal is sent to described home gateway, and described control terminal and described home gateway are used described security strategy and are communicated.
8. a home network connecting system is characterized in that, comprising:
Aaa server is used to receive the request of the access home network that control terminal sends, and verifies the access rights of described control terminal, comprises the account number of described home network in the described access request;
Home gateway in the described home network, be used to receive that described aaa server sends comprises the security strategy that is used for the session key that described control terminal communicates by letter with described home gateway, described session key is the random number that described aaa server generates after the checking of access rights by described aaa server of described control terminal
Wherein, described aaa server sends to described control terminal with the IP address of described security strategy and described home gateway, the IP address of described security strategy and described control terminal is sent to described home gateway, described control terminal and described home gateway are used described security strategy and are communicated, and the IP address of wherein said home gateway is found by the account number of described aaa server according to described home network.
9. home network connecting system according to claim 8 is characterized in that, described home gateway also is used to fire compartment wall to increase interim rules, and described interim rules comprises that allowing described control terminal to visit described home gateway lost efficacy until described security strategy.
10. home network connecting system according to claim 8, it is characterized in that, described home gateway also is used to receive the request of the information terminal that visit that described control terminal sends is connected with described home gateway, the account number that comprises described information terminal in the described request, described home gateway is converted to the account number of described information terminal the IP address of described information terminal, described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is transmitted the communication data between described information terminal and the described control terminal as the communication agent of described information terminal.
11. a home network connecting system is characterized in that, comprising:
The Smart Home controlling platform is used to receive the request that control terminal inserts described home network, comprises the account number of described home network in the described access request;
Aaa server is used to receive the request of the described home network of described access that described Smart Home controlling platform transmits, and verifies the access rights of described control terminal;
Home gateway in the described home network, be used to receive that described aaa server sends comprises the security strategy that is used for the session key that described control terminal communicates by letter with described home gateway, described session key is the random number that described aaa server generates after the checking of access rights by described aaa server of described control terminal
Wherein, described aaa server sends to described Smart Home controlling platform with the IP address of described security strategy and described home gateway, the IP address of described security strategy and described control terminal is sent to described home gateway, described control terminal and described home gateway are used described security strategy and are communicated by described Smart Home controlling platform, and the IP address of wherein said home gateway is found by the account number of described aaa server according to described home network.
12. home network connecting system according to claim 11, it is characterized in that, described Smart Home controlling platform also is used to receive the request of the information terminal that visit that described control terminal sends is connected with described home gateway, the account number that comprises described information terminal in the described request, described Smart Home controlling platform is converted to the account number of described information terminal the IP address of described information terminal, described control terminal is visited described information terminal according to the IP address of described information terminal, or described home gateway is as the communication agent of described information terminal, transmits communication data between described information terminal and the described control terminal by described Smart Home controlling platform.
CN2010101324705A 2010-03-23 2010-03-23 AAA server, home network access method and system Active CN101820344B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101324705A CN101820344B (en) 2010-03-23 2010-03-23 AAA server, home network access method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101324705A CN101820344B (en) 2010-03-23 2010-03-23 AAA server, home network access method and system

Publications (2)

Publication Number Publication Date
CN101820344A true CN101820344A (en) 2010-09-01
CN101820344B CN101820344B (en) 2012-05-30

Family

ID=42655300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101324705A Active CN101820344B (en) 2010-03-23 2010-03-23 AAA server, home network access method and system

Country Status (1)

Country Link
CN (1) CN101820344B (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075929A (en) * 2011-01-26 2011-05-25 深圳三晟生物科技有限公司 Access authentication method, gateway and system for smart home system
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN103188332A (en) * 2011-12-30 2013-07-03 中国移动通信集团公司 Remote desktop access control management method, equipment and system
CN103763306A (en) * 2013-12-27 2014-04-30 上海斐讯数据通信技术有限公司 Remote network access support system and remote network access method
CN103954014A (en) * 2014-05-20 2014-07-30 珠海格力电器股份有限公司 Control method and control system of air conditioner as well as related equipment
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router
WO2016106560A1 (en) * 2014-12-30 2016-07-07 华为技术有限公司 Remote access implementation method, device and system
CN105933436A (en) * 2016-06-01 2016-09-07 西安科技大学 Portable home gateway
CN106130958A (en) * 2016-06-08 2016-11-16 美的集团股份有限公司 The communication system of home appliance and terminal and method, home appliance, terminal
CN106257949A (en) * 2015-06-16 2016-12-28 赵依军 Indoor wireless communication net and Internet of things system
CN106572148A (en) * 2016-10-09 2017-04-19 美的智慧家居科技有限公司 Intelligent product network configuration method and network configuration system
CN106656946A (en) * 2015-11-03 2017-05-10 东莞酷派软件技术有限公司 Dynamic authentication method and device
CN106878436A (en) * 2017-03-02 2017-06-20 深圳酷宅科技有限公司 A kind of Hotel Guest Room Control System based on intelligent gateway
CN107872421A (en) * 2016-09-23 2018-04-03 中国电信股份有限公司 Node authentication method and system and relevant device
CN107948178A (en) * 2017-12-04 2018-04-20 深圳绿米联创科技有限公司 Intelligent domestic system and information ciphering method and device, terminal
CN108769007A (en) * 2018-05-28 2018-11-06 上海顺舟智能科技股份有限公司 Gateway security authentication method, server and gateway
WO2019019018A1 (en) * 2017-07-25 2019-01-31 深圳前海达闼云端智能科技有限公司 Control method, control apparatus and control system for intelligent device
CN110611573A (en) * 2019-09-27 2019-12-24 华东师范大学 Authentication protocol in intelligent home based on HLC and Hash collision puzzle
TWI713793B (en) * 2017-10-19 2020-12-21 中華電信股份有限公司 IOT SYSTEM USING IPv6 AND OPERATING METHOD THEREOF
CN113885349A (en) * 2021-11-04 2022-01-04 深圳海智创科技有限公司 Local area network autonomous distributed intelligent home management method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060239452A1 (en) * 2005-04-25 2006-10-26 Samsung Electronics Co., Ltd. Apparatus and method for providing security service
CN101075994A (en) * 2006-05-19 2007-11-21 株式会社日立制作所 Household gateway device
CN101335647A (en) * 2008-07-24 2008-12-31 中兴通讯股份有限公司 Family network access method and family network management system
CN101478403A (en) * 2009-01-15 2009-07-08 中山大学 UPnP digital household gateway apparatus having security mechanism

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060239452A1 (en) * 2005-04-25 2006-10-26 Samsung Electronics Co., Ltd. Apparatus and method for providing security service
CN101075994A (en) * 2006-05-19 2007-11-21 株式会社日立制作所 Household gateway device
CN101335647A (en) * 2008-07-24 2008-12-31 中兴通讯股份有限公司 Family network access method and family network management system
CN101478403A (en) * 2009-01-15 2009-07-08 中山大学 UPnP digital household gateway apparatus having security mechanism

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075929B (en) * 2011-01-26 2014-04-02 杨秀英 Access authentication method, gateway and system for smart home system
CN102075929A (en) * 2011-01-26 2011-05-25 深圳三晟生物科技有限公司 Access authentication method, gateway and system for smart home system
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN103188332B (en) * 2011-12-30 2015-11-25 中国移动通信集团公司 A kind of remote desktop access control management method, equipment and system
CN103188332A (en) * 2011-12-30 2013-07-03 中国移动通信集团公司 Remote desktop access control management method, equipment and system
CN103763306A (en) * 2013-12-27 2014-04-30 上海斐讯数据通信技术有限公司 Remote network access support system and remote network access method
CN103763306B (en) * 2013-12-27 2018-05-01 上海斐讯数据通信技术有限公司 System and remote network access method are supported in remote network access
CN104902531B (en) * 2014-03-03 2019-11-05 腾讯科技(深圳)有限公司 Connect method, application authorization server, terminal and the router of network
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router
CN103954014A (en) * 2014-05-20 2014-07-30 珠海格力电器股份有限公司 Control method and control system of air conditioner as well as related equipment
WO2016106560A1 (en) * 2014-12-30 2016-07-07 华为技术有限公司 Remote access implementation method, device and system
CN111478873A (en) * 2015-06-16 2020-07-31 赵依军 Indoor wireless communication network and Internet of things system
CN106257949A (en) * 2015-06-16 2016-12-28 赵依军 Indoor wireless communication net and Internet of things system
CN106656946B (en) * 2015-11-03 2020-05-19 东莞酷派软件技术有限公司 Dynamic authentication method and device
CN106656946A (en) * 2015-11-03 2017-05-10 东莞酷派软件技术有限公司 Dynamic authentication method and device
CN105933436A (en) * 2016-06-01 2016-09-07 西安科技大学 Portable home gateway
CN106130958B (en) * 2016-06-08 2019-02-01 美的集团股份有限公司 The communication system and method for household appliance and terminal, household appliance, terminal
CN106130958A (en) * 2016-06-08 2016-11-16 美的集团股份有限公司 The communication system of home appliance and terminal and method, home appliance, terminal
CN107872421A (en) * 2016-09-23 2018-04-03 中国电信股份有限公司 Node authentication method and system and relevant device
CN106572148A (en) * 2016-10-09 2017-04-19 美的智慧家居科技有限公司 Intelligent product network configuration method and network configuration system
CN106572148B (en) * 2016-10-09 2020-09-04 美智光电科技有限公司 Network distribution method and network distribution system of intelligent product
CN106878436B (en) * 2017-03-02 2020-10-30 深圳酷宅科技有限公司 Hotel guest room control system based on intelligent gateway
CN106878436A (en) * 2017-03-02 2017-06-20 深圳酷宅科技有限公司 A kind of Hotel Guest Room Control System based on intelligent gateway
WO2019019018A1 (en) * 2017-07-25 2019-01-31 深圳前海达闼云端智能科技有限公司 Control method, control apparatus and control system for intelligent device
TWI713793B (en) * 2017-10-19 2020-12-21 中華電信股份有限公司 IOT SYSTEM USING IPv6 AND OPERATING METHOD THEREOF
CN107948178A (en) * 2017-12-04 2018-04-20 深圳绿米联创科技有限公司 Intelligent domestic system and information ciphering method and device, terminal
CN108769007A (en) * 2018-05-28 2018-11-06 上海顺舟智能科技股份有限公司 Gateway security authentication method, server and gateway
CN110611573A (en) * 2019-09-27 2019-12-24 华东师范大学 Authentication protocol in intelligent home based on HLC and Hash collision puzzle
CN110611573B (en) * 2019-09-27 2021-10-15 华东师范大学 Authentication communication method in intelligent home based on HLC and Hash collision puzzle
CN113885349A (en) * 2021-11-04 2022-01-04 深圳海智创科技有限公司 Local area network autonomous distributed intelligent home management method and system

Also Published As

Publication number Publication date
CN101820344B (en) 2012-05-30

Similar Documents

Publication Publication Date Title
CN101820344B (en) AAA server, home network access method and system
CN100539501C (en) Unified Identity sign and authentication method based on domain name
CN1711740B (en) Lightweight extensible authentication protocol password preprocessing
CN102594823B (en) Trusted system for remote secure access of intelligent home
US20200213305A1 (en) Managing internet of things devices using blockchain operations
EP1502463B1 (en) Method , apparatus and computer program product for checking the secure use of routing address information of a wireless terminal device in a wireless local area network
CN110324287A (en) Access authentication method, device and server
CN103067340A (en) Authentication method for remote control network information domestic appliance, and system and internet domestic gateway
EP2480990A1 (en) System and method for automatically verifying storage of redundant contents into communication equipments, by data comparison
CN101212374A (en) Method and system for remote access to campus network resources
Ma et al. An architecture for accountable anonymous access in the internet-of-things network
CN104902470B (en) A kind of connection control method and system of the hotspot based on dynamic key
CN102823219B (en) Protect the method to the access via the addressable data of the equipment realizing this method or service and relevant device
CN101984693A (en) Monitoring method and monitoring device for access of terminal to local area network (LAN)
CN109818943A (en) A kind of authentication method suitable for low orbit satellite Internet of Things
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN102035703A (en) Family wireless network and implementation method thereof
CN101335647A (en) Family network access method and family network management system
CN101697550A (en) Method and system for controlling access authority of double-protocol-stack network
CN110474922A (en) A kind of communication means, PC system and access control router
Zhu et al. Attribute-guard: Attribute-based flow access control framework in software-defined networking
Castilho et al. Proposed model to implement high-level information security in internet of things
CN101193129A (en) Generation method and device for authentication user name
CN114301967B (en) Control method, device and equipment for narrowband Internet of things
CN106330654B (en) A kind of radio data transmission method between virtual LAN based on WPA2-PSK

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant