CN102694704B - Home gateway, and distinguishing method of user identities thereof - Google Patents
Home gateway, and distinguishing method of user identities thereof Download PDFInfo
- Publication number
- CN102694704B CN102694704B CN201210141291.7A CN201210141291A CN102694704B CN 102694704 B CN102694704 B CN 102694704B CN 201210141291 A CN201210141291 A CN 201210141291A CN 102694704 B CN102694704 B CN 102694704B
- Authority
- CN
- China
- Prior art keywords
- user
- home gateway
- unit
- information
- state information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a home gateway comprising a user authentication unit, a user management unit, a user status maintenance unit and a data packet marking unit. The user authentication unit is used to receive user authentication information, check the user authentication information to see whether the user authentication information matches stored user information, return an authentication status, and finish user authentication. The user management unit is used to perform initial setting and management on users, and finish the addition, deletion and change of the users. The user status maintenance unit is used to dynamically record and maintain access information of the users. The data packet marking unit is used to perform marking processing on data packets in order to distinguish users. According to the invention, distinguishing operation and management of actual users can be realized by using the home gateway, which is more conform to actual demands and can support different operations comprising traffic statistics, strategy rule setting, personalized services and the like for different users. The users can perform user-based personalized configurations on the home gateway. According to the invention, simple and convenient operation is achieved, and good practicability is obtained.
Description
Technical field
The present invention relates to computer network communication technology field, particularly a kind of method of home gateway and differentiation user identity thereof.
Background technology
Home network (HNK) is another high-tech product bringing people the information age.It is by existing computer networking technology, by household electrical appliances various in family and equipment networking.And home gateway (HG) is a nucleus equipment for connecting home network and the Internet, realize the exchange of household internal information and family's external information, for home network management and control most important." action and function of home gateway in home network " (Liu Shu, Sun Mingjun, telecommunications network technology, 2005.06) literary composition describes the critical role of home gateway in home network, and the structure of home network that home gateway is formed, the type of home gateway and module, home gateway for business carry out must support carried out concise and to the point elaboration with the problem such as management.The major function of home gateway is divided into two parts: be connected to household internal as all outside Access Networks, home Intranet is connected to outside a kind of physical interface simultaneously; Make residential customer can obtain the platform of various home services (comprising existing service and the following service that may occur).Along with the Internet constantly develops, and the improving constantly of household's IT application level, the functional requirement of home gateway presents variation, and it is no longer a simple network access device.
The proposition of the integration of three networks has had to home gateway the demand having more challenge, becomes household's IT application platform pass and builds standby.After China Telecom " my e family ", CHINAUNICOM " emotional affection 1+1 " and China Mobile's " Global Link family planning ", the integration of three networks allows telecom operators enter into the epoch of one " full-service operation ", except fixing and mobile network's operation, telecom operators obtain the resource in broadcasting and TV field by being allowed to and providing the right of related service, and this brings larger opportunity by giving the market expansion of telecom operators.The upper end of home gateway connects the broadband network of operator, and lower end is then the various application terminals connected by different interfaces in digital home, realizes as application such as IPTV, visual telephone, video monitoring and Smart Homes.
Traditional home gateway mainly plays the effect of Broadband Network Access, and the home gateway functionalities after the integration of three networks will expand its function along with the extensive use of household's IT application, and the effect played home business management and control, is in particular in following several respects.First, home gateway can provide the service channel of quality assurance, such as when transmitting video-frequency flow, to bandwidth chahnel and quality requirement very high, home gateway can be distributed to enough bandwidth according to the requirement of video flowing and ensure the quality of passage, so that terminal plays.The second, future digital family will have more information-based application, such as internet television, video telephone, video monitoring, Smart Home, tele-medicine etc., and these application all need to be managed by home gateway and control.In addition, the home gateway in integration of three networks epoch can also allow different home terminals interconnect, and to realize mutual cooperation, the more important thing is the feature that can give full play to each terminal, carries out different operations to same class business.Home gateway provides the service of various abundant, diversified, personalized, convenient, comfortable, the safety and efficiently in the fields such as medical treatment, education, life, work towards domestic consumer.
At present, the home gateway product that operator releases to market, has abundant business function: 1. broadband access; 2. multi-user's online: possess multiport access function, multiple computers or plurality of devices in family can be realized and utilize same ADSL to surf the Net simultaneously; 3. get online without being tethered to a cable; 4. multiple service supporting: the access that the service terminal such as IPTV, family's monitoring can be supported; 5. quality of service guarantee: adopt QoS priority mechanism, ensures service operation steady and continuous; 6. home fire safety wall: client can be allowed safer when using the service of the every terms of information of operator; 7.USB interface: can external storage equipment be supported; 8. plug and play: without the need to configuration, power on and can use; 9. remote service: mutual by with Automatic Configuration Server (ACS), new business can remote loading open-minded, failure diagnosis is more flexible.
Along with the development of Internet technology, the functional requirement of people to home gateway is more and more abundanter.But existing home gateway has a feature: object Quan Shi of its monitoring and management for equipment, does not have real to provide business towards actual user.Such as, distinguish computer user only by the IP address of equipment, MAC Address and apparatus characteristic, these are all the attributes based on equipment, can not distinguish the actual user in family.Home gateway can be limited so to a certain extent to intelligent development.Such as: same equipment is used by multiple users of family, and existing gateway cannot be distinguished the behavior of user, providing personalized service, traffic statistics, different operations cannot be carried out for actual user in tactful management and control.
But this demand is ubiquitous, it is a problem urgently researched and solved.Such as: in one family, the head of a family is different with child's surf time section, and the Service Source difference that different members is concerned about and different members all need to distinguish user in routing policy management and control strategy difference etc.Simultaneously for the different user sharing same home gateway, need to carry out traffic statistics and charging respectively.The present invention is directed to this problem to propose a kind of home gateway that makes newly and can distinguish the solution of user.This scheme proposes to be intended to provide personalized service to user to home gateway and management provides technical support.
" action and function of home gateway in home network " this section of article proposes the technical requirement of China Telecom in 2006 for home gateway, proposes interface requirement, functional requirement, security requirement, administers and maintains requirement, performance requirement, running environment requires and appearance requirement to home gateway.Wherein indicate that home gateway is the interface unit of home network and external network, the function such as data retransmission, family internal network, QoS, safety, address administration, maintenance management is provided, access and application specific functionality can be provided.At network side, family gateway equipment must coordinate with the network equipment, and completing user accesses, and the management such as network address distribution, user information authentication controlling functions, with supporting network operation.In user side, family gateway equipment should be able to support that home network runs, and provides as address assignment, the network management services functions such as address resolution.Home gateway must be supported, according to the information such as source/destination IP, source/destination MAC, source/destination port numbers, entry/exit physical port, application protocol, to classify, according to the result of data flow classification, find customer service customer traffic.
These technology can not meet some new demands to a certain extent.Be mainly manifested in:
(1) functional requirement described in it all carries out work based on equipment, does not consider real this level of use user of equipment.Such as: address assignment, the network management services functions such as address resolution, all for equipment, are not put into real user identity within limit of consideration.
(2) user information authentication described in it completes at network side, is the certification that user arrives carrier server, is the network insertion in order to verify, with supporting network operation.This authentication function is too simple, and all users only have same verification method, cannot carry out personalization checking according to particular user.
(3) by Password Operations, could gateway device need be configured or manage user side user described in it.Support the two-level management of domestic consumer and administrator.This management method only for the static configuration of gateway device and management, cannot configure dynamically and manage in the normal work of gateway device.
The value-added service that CHINAUNICOM released in March, 2010, title is called " the green account in broadband ", its objective is that protection is pupillary and grows up healthy and sound, the online salvo provided.This technology can complete the traffic differentiation to user to a certain extent.The three zones of " the green account in broadband " is mainly:
Content-control, namely the head of a family can be the website of child's chosen content health, is set to the white list of surfing the Net;
Time controling, namely the head of a family can by hour in units of control surf time of child, also can be set in special time period online every day and total duration of surfing the Net every day, and can with control content combinations;
Application controls, namely by controlling the mode of particular network access port or agreement, realizes the restriction to application-specific access (as instant messaging).
Its implementation is Beijing UNICOM home broadband client, on original broadband access account basis, can obtain a suffix is that the sub-account of "@green " is for children's online, and by setting the rule of " sub-account ", realize filter Internet content, shielding the Internet flame, restriction child online duration, control and intervene the internet behavior of children with this.Generally speaking, this technology is the service from the angle of operator to be domestic consumer by the account of distributing different stage complete different stage.
This technology, as a kind of value-added service, has following shortcoming concerning user:
(1) user described in it is by applying for that a virtual sub-account carries out the differentiation of user, and major function realizes at carrier side.This function does not belong to the distinctive function of home gateway, just a kind of value-added service.An account can only apply for a sub-account, and whole process depends on operator, and user can not optionally expand and configure online rule.
(2) business function belonging to it is only limitted to green internet, protects pupillary growing up healthy and sound, the online salvo provided.Functionally there is no good extensibility, for other business demand.
(3) the network protection control strategy described in it completes in remote server, is not to be configured in gateway this locality, is not easy to personalized customization.In addition, security privacy easily leaks.
In prior art, have and a kind ofly realize accessing and control home gateway device, the system and method for home network.Wherein device comprises: descriptor retrieval unit, for obtaining device descriptive information and the business description information of devices in home network; Descriptor display unit, for according to described device descriptive information for the external world provides access path; And according to described business description information for the external world provides the option of operation controlling and/or browse the equipment state in described home network; Instruction retransmission unit, for when receiving from the control in the external world and/or browsing instructions, forwards described control and/or browsing instructions to the equipment in described home network.The technology that the application preferred embodiment of the present invention provides, makes user in different distances, can carry out diversified control by network to the indoor equipment in family, for user provides better life style and quality of life, has very strong practicality.
Also have a kind of method, equipment and system of logging in gateway in addition, the embodiment of the invention discloses one and realize gateway login method, gateway receives the gateway log-on message of user's input, and described gateway log-on message comprises the dynamic password information independently logging in gateway; Described gateway is according to the legitimacy of described gateway log-on message authentication of users.Correspondingly, the embodiment of the invention also discloses the network equipment and network system.By implementing the embodiment of the present invention, the fail safe in gateway login process can be improved.
The program its for new demand, still have weak point, be mainly manifested in:
(1) scheme belonging to it is by a series of functional unit, realize the system and method by the home gateway managing family network equipment, to allow user can carry out diversified control by network to the indoor equipment in family in different distances, not relating to home gateway and operate the differentiation of different user.
(2) method belonging to it is a kind of method of logging in gateway, the fail safe of gateway login process of main consideration and the checking of user identity.User profile is not promoted the use of user to log in the behavioural analysis of rear normal use network.
Realizing in process of the present invention, inventor finds that home gateway of the prior art all cannot distinguish user identity, thus also just well for user provides service, cannot need badly and want a kind of home gateway scheme can distinguishing user identity, to meet new user's request.
Summary of the invention
Use per family based on equipment to solve home gateway differentiation in prior art, the problem that cannot manage based on the differentiation of user, embodiments provides a kind of method of home gateway and differentiation user identity thereof.Described technical scheme is as follows:
A kind of home gateway, comprises user authentication unit, service management unit, User Status maintenance unit and packet marking unit, wherein,
Described user authentication unit, for receiving user authentication information, carries out checking mating with the user profile of storage by user authentication information, return authentication state, completing user certification;
Described service management unit, for carrying out Initialize installation and management to user, the interpolation of completing user, deleting and changing;
Described User Status maintenance unit, for the facility information of the information of record and maintenance customer's access network and the logging status of storage user and user's use dynamically;
Described packet marking unit, for carrying out mark process to the packet of different user.
Described home gateway comprises user state information memory cell further, for carrying out the storage and maintenance of user state information.
Described user state information memory cell comprises current user state information storing sub-units and historic user state information storing sub-units further, wherein,
Described current user state information storing sub-units, for storage and maintenance current user state information;
Described historic user state information storing sub-units, for the historical information of storage and maintenance user state information.
Described home gateway comprises user account information unit further, for storing user account information, the logging status of user and the facility information of user's use.
Described home gateway comprises client layer, network layer and physical layer, and wherein, described user authentication unit, service management unit, User Status maintenance unit and packet marking unit belong to client layer, for carrying out the management of user;
Described network layer is used for carrying out Route Selection, policy control, flow control and network management;
Described physical layer is for carrying out control and the realization of interface, controller, processor and memory.
Distinguish a method for user identity, be applied to home gateway as above, comprise:
Receive user authentication information by user authentication unit, user authentication information is carried out checking mating with the user profile of storage, return authentication state, completing user certification;
By service management unit, Initialize installation and management are carried out to user, the interpolation of completing user, delete and change;
Record with the information of maintenance customer's access network dynamically by User Status maintenance unit and store the logging status of user and the facility information of user's use;
By packet marking unit, mark process is entered to the packet of different user.
The method comprises the storage and maintenance being carried out user state information by user state information memory cell further.
The method comprises further:
User submits user authentication information to home gateway, and user authentication information, by inquiry, carries out checking mating with the user profile of storage, return authentication state by home gateway;
If coupling, return user authentication by state, user authentication passes through; Otherwise authentification failure, returns user authentication failure information, completes verification process.
The method comprises further:
User Status is divided into user logins, user publishes and repeats to login three kinds of states with user;
When user logins, gather user's current information write user current state information storing sub-units;
When user log off, by current for user corresponding record write historic user state information storing sub-units, and current record is removed;
When user repeats to login, by current respective user state information write historic user state information storing sub-units, and upgrade user's current state information in user's current state information storing sub-units.
The method comprises further:
In the porch of home gateway, obtain the user identity label of user profile and correspondence, marked on packet, carry out data retransmission or storage;
In the exit of home gateway, packet marking is removed, complete the processing data packets process in home gateway.
The beneficial effect that the technical scheme that the embodiment of the present invention provides is brought is:
By introducing client layer unit in home gateway, respectively store and management is carried out to the certification of user, setting, state, and the mark distinguishing user is carried out to all packets, thus realize the differentiation of home gateway to user.The scheme adopting embodiments of the invention to provide, can make home gateway distinguish actual user and manage, more realistic demand, can support that distinguishing user carries out work, comprises traffic statistics, policing rule setting, personalized service etc.The individual cultivation that user can carry out based on user to home gateway, simple, convenient, there is very strong practicality.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the home gateway position view in a network that the embodiment of the present invention provides;
Fig. 2 is the application scenarios schematic diagram that the embodiment of the present invention provides;
Fig. 3 is the home gateway three-decker schematic diagram that the embodiment of the present invention provides;
Fig. 4 is the home gateway structural representation that the embodiment of the present invention 1 provides;
Fig. 5 is the user authentication unit 100 operation principle schematic diagram that the embodiment of the present invention 1 provides;
Fig. 6 is the service management unit 200 operation principle schematic diagram that the embodiment of the present invention 1 provides;
Fig. 7 is the user state information transfer process schematic diagram that the embodiment of the present invention 1 provides;
Fig. 8 is the packet marking unit 400 workflow schematic diagram that the embodiment of the present invention 1 provides;
Fig. 9 is the User Status maintenance unit 300 workflow schematic diagram that the embodiment of the present invention 1 provides;
Figure 10 is the differentiation user framework workflow schematic diagram that the embodiment of the present invention 1 provides;
Figure 11 is the differentiation user method principle flow chart that the embodiment of the present invention 2 provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
The present invention is directed in existing home gateway mode of operation and distinguish user all based on equipment, can not carry out to actual user the problem distinguishing management, propose a kind of method to realize the distinguished management of home gateway to user.By this method, home gateway can distinguish subscriber identity information in user side, and make home gateway can provide different mode of operations for different user, home gateway can distinguish real user in other words.
Home gateway is a nucleus equipment for connecting home network and the Internet, and home gateway is divided into by we for convenience of description: user side and network side.The concrete method of salary distribution is see Fig. 1.Can distinguish user job to realize home gateway, by introducing a kind of client layer management entity in logic at gateway, this entity is made up of multiple functional unit.Recorded by this client layer management entity, manage, binding relationship (R) that (T) in time between maintenance customer's information (U) and facility information (D) changes, that is:
(U,D,T)→R
On basis, by binding relationship (R), the operation of user is carried out to the division of different working modes, realize the distinguished management of home gateway to user.
As shown in Figure 1, be home gateway position view in a network.
The present invention is mainly used in following scene, and users different in home network uses some equipment jointly by home gateway.In home network, we are divided into three layers: home gateway, mechanical floor and client layer.Generally, home gateway is all at mechanical floor to the differentiation of user, and in this scheme, home gateway needs to distinguish different user identity at client layer, provides different mode of operations.Fig. 2 is the present invention's application scenarios schematic diagram.
Fig. 3 is the home gateway three-decker schematic diagram that the present invention proposes.The home gateway functionalities entity that the present invention proposes mainly is divided into three layers: physical layer, network layer and client layer.Its topmost feature is the introduction of client layer management entity, comprises service management unit, user authentication unit, User Status maintenance unit and packet marking unit etc.The business can distinguishing user is jointly provided by the combination of client layer and network layer, physical layer.
Embodiment 1
The home gateway structural representation that Fig. 4 provides for the embodiment of the present invention 1, comprises user authentication unit 100, service management unit 200, User Status maintenance unit 300 and packet marking unit 400, wherein,
User authentication unit 100, for receiving user authentication information, carries out checking mating with the user profile of storage by user authentication information, return authentication state, completing user certification.
The certification that user authentication unit 100 is responsible for user logs in.User submits authentication information by modes such as such as http protocols to home gateway, the user profile that home gateway is stored by inquiry, and the authentication information submitted to user carries out checking mating, and (if coupling, return authentication passes through return authentication state; If do not mated, authentification failure), thus complete verification process.Certification can be carried out to the identity of user by this functional unit home gateway, the logging status of user and the facility information of the current use of user can be stored by User Status maintenance unit 300 simultaneously.Fig. 5 is user authentication unit 100 operation principle schematic diagram.
Service management unit 200, for carrying out Initialize installation and management to user, the interpolation of completing user, deleting and changing.
Service management unit 200 is responsible for Initialize installation and the management of domestic consumer.Domestic consumer can be completed add, delete and change.Log in home gateway management system by http protocol to manage user, user profile is stored in user account memory by certain format, and its functional sequence as shown in Figure 6.Here user profile and account and password, set by keeper, owns, use in user side for home gateway oneself.It stores content format as shown in Table 1.
Table one
User Status maintenance unit 300, for record and the information of maintenance customer's access network dynamically.
User Status maintenance unit 300 is for record and the information of maintenance customer's access network dynamically.Concrete operations scene mainly contains three kinds, comprising: user logins, user publishes and repeats to login with user.For concrete user operation scene, in User Status maintenance unit 300, user state information upgrades dynamically.As time goes on user state information entry, can complete the life cycle of oneself, changes to user's historic state information from user's current state.Its information transfer process as shown in Figure 7.
Especially, User Status maintenance unit 300 can also be used for storing the logging status of user and the facility information of user's use.
Packet marking unit 400, for carrying out the mark process distinguishing user to packet.
In order to process respectively the packet of different user, need at family's intra-gateway mark packet being carried out to user.In the porch of home gateway, obtain the user identity label of user profile and correspondence, marked on packet, carry out data retransmission or storage by certain policing rule.In the exit of gateway, packet marking is removed simultaneously, complete the processing data packets process in whole gateway.Concrete process as shown in Figure 8.
Further, the home gateway in the present embodiment 1, also comprises user state information memory cell 500, for carrying out the storage and maintenance of user state information.
User state information memory cell 500 comprises current user state information storing sub-units and historic user state information storing sub-units further, and wherein, current user state information storing sub-units, for storage and maintenance current user state information; Historic user state information storing sub-units, for the historical information of storage and maintenance user state information.
The facility information that the logging status of particular user and user use is stored in user state information memory cell 500, is managed by User Status maintenance unit 300.
Current user state information storing sub-units and historic user state information storing sub-units store information by set form, as shown in table two and table three, be respectively current user state information storing sub-units and store information format and historic user state information storing sub-units storage information format.
Table two
Table three
The storage of historic user state information, can bring the problem of the memory space of home gateway, can be according to demand, maximum history entries N is set by user's configuration interface, retain N number of entry of temporally inverted order arrangement in historical information, remove all the other entries, do not overflowed with guarantee information.
Especially, User Status maintenance unit 300, for different user operations, carries out different concrete operations, and its operation as shown in Figure 9.Wherein, when user logins, gather user's current information write user current state information storing sub-units; When user log off, by current for user corresponding record write historic user state information storing sub-units, and current record is removed; When user repeats to login, by current respective user state information write historic user state information storing sub-units, and upgrade user's current state information in user's current state information storing sub-units.
Further, the home gateway that the present embodiment 1 provides also comprises user account information unit 600, for storing user account information.
On the basis of the present embodiment unit, just can distinguish user.After packet is marked, make the owning user can determining arbitrary data bag on home gateway.Utilize this differentiation user job framework, according to various demand, can set and develop different application modules to realize the differentiation user job of gateway.Such as, customer flow can be divided to add up, divide user's routing policy and point user individual service.Its workflow diagram as shown in Figure 10.
As mentioned above, each functional unit that the present embodiment 1 provides, be all in the client layer of home gateway, home gateway also comprises network layer and physical layer.Client layer is for carrying out the management of user, and network layer is used for carrying out Route Selection, policy control, flow control and network management; Physical layer is for carrying out control and the realization of interface, controller, processor and memory.
In the present embodiment 1, home gateway introduces client layer management entity, can manage on home gateway, maintenance customer's identity information, and the user profile of maintenance to be used in the normal work of home gateway.Manage user in home gateway this locality, be not subject to any restriction of common carrier and affect, meanwhile, implementation procedure is externally transparent, has certain security privacy to ensure., home gateway marks packet based on user identity meanwhile, be convenient to carry out in this locality meeting the operations distinguishing user.Further, home gateway can be made according to user profile and the binding relationship identification of device hardware information and the owning user of diffServ network data, functionally have very strong autgmentability.
Embodiment 2
The embodiment of the present invention 2 provides a kind of method that home gateway distinguishes user, as shown in figure 11, wherein,
Step 10, receives user authentication information by user authentication unit, is carried out checking mating by user authentication information, return authentication state, completing user certification with the user profile of storage.
User submits user authentication information to home gateway, and user authentication information, by inquiry, carries out checking mating with the user profile of storage, return authentication state by home gateway; If coupling, return user authentication by state, user authentication passes through; Otherwise authentification failure, returns user authentication failure information, completes verification process.
Step 20, carries out Initialize installation and management by service management unit to user, the interpolation of completing user, deletes and changes.
Step 30, records the information with maintenance customer's access network dynamically by User Status maintenance unit.
User Status is divided into user logins, user publishes and repeats to login three kinds of states with user;
When user logins, gather user's current information write user current state information storing sub-units;
When user log off, by current for user corresponding record write historic user state information storing sub-units, and current record is removed;
When user repeats to login, by current respective user state information write historic user state information storing sub-units, and upgrade user's current state information in user's current state information storing sub-units.
Especially, also the logging status of user and the facility information of user's use is stored by User Status maintenance unit.
Step 40, carries out mark process by packet marking unit to the packet of different user.
In the porch of home gateway, obtain the user identity label of user profile and correspondence, marked on packet, carry out data retransmission or storage;
In the exit of home gateway, packet marking is removed, complete the processing data packets process in home gateway.
Comprise the storage and maintenance being carried out user state information by user state information memory cell further.
The present embodiment 2 can be implemented in home gateway this locality and manages subscriber identity information, safeguards, enables home gateway distinguish user real identification information in user side.Propose and with the addition of home gateway logical subscriber layer management entity, for home gateway maintenance management user, distinguishing user for gateway and provide support.
The method that the present embodiment 2 provides, can the mode of recording user networked information, for rationally, the related information of recording user layer and mechanical floor imperfectly.
In addition, the present embodiment 2 can carry out mark to the data traffic of different user and distinguish, thus the traffic statistics of realization differentiation user, routing policy setting and other personalized service scheme.
In sum, the scheme that each embodiment of the present invention provides, by introducing client layer unit in home gateway, carries out store and management to the certification of user, setting, state respectively, and the mark distinguishing user is carried out to all packets, thus realize the differentiation of home gateway to user.The scheme adopting embodiments of the invention to provide, can make home gateway distinguish actual user and manage, more realistic demand, can support that distinguishing user carries out work, comprises traffic statistics, policing rule setting, personalized service etc.The individual cultivation that user can carry out based on user to home gateway, simple, convenient, there is very strong practicality.Home gateway introduces client layer management entity, can manage on home gateway, maintenance customer's identity information, and the user profile of maintenance to be used in the normal work of home gateway.Manage user in home gateway this locality, be not subject to any restriction of common carrier and affect, meanwhile, implementation procedure is externally transparent, has certain security privacy to ensure., home gateway marks packet based on user identity meanwhile, be convenient to carry out in this locality meeting the operations distinguishing user.Further, home gateway can be made according to user profile and the binding relationship identification of device hardware information and the owning user of diffServ network data, functionally have very strong autgmentability.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a home gateway, is characterized in that, comprises user authentication unit, service management unit, User Status maintenance unit and packet marking unit, wherein,
Described user authentication unit, for receiving user authentication information, carries out checking mating with the user profile of storage by user authentication information, return authentication state, completing user certification;
Described service management unit, for carrying out Initialize installation and management to user, the interpolation of completing user, deleting and changing;
Described User Status maintenance unit, for the facility information of the information of record and maintenance customer's access network and the logging status of storage user and user's use dynamically;
Described packet marking unit, for carrying out mark process to the packet of different user;
Described home gateway comprises client layer, network layer and physical layer, wherein,
Described user authentication unit, service management unit, User Status maintenance unit and packet marking unit belong to client layer, for carrying out the management of user;
Described network layer is used for carrying out Route Selection, policy control, flow control and network management;
Described physical layer is for carrying out control and the realization of interface, controller, processor and memory;
In the porch of described home gateway, obtain the user identity label of user profile and correspondence, marked on packet, carry out data retransmission or storage;
In the exit of home gateway, packet marking is removed, complete the processing data packets process in home gateway.
2. home gateway as claimed in claim 1, it is characterized in that, described home gateway comprises user state information memory cell further, for carrying out the storage and maintenance of user state information.
3. home gateway as claimed in claim 2, it is characterized in that, described user state information memory cell comprises current user state information storing sub-units and historic user state information storing sub-units further, wherein,
Described current user state information storing sub-units, for storage and maintenance current user state information;
Described historic user state information storing sub-units, for the historical information of storage and maintenance user state information.
4. home gateway as claimed in claim 1, it is characterized in that, described home gateway comprises user account information unit further, for storing user account information.
5. distinguish a method for user identity, be applied to home gateway as claimed in claim 1, it is characterized in that, comprising:
Receive user authentication information by user authentication unit, user authentication information is carried out checking mating with the user profile of storage, return authentication state, completing user certification;
By service management unit, Initialize installation and management are carried out to user, the interpolation of completing user, delete and change;
Record with the information of maintenance customer's access network dynamically by User Status maintenance unit and store the logging status of user and the facility information of user's use;
By packet marking unit, mark process is carried out to the packet of different user;
In the porch of described home gateway, obtain the user identity label of user profile and correspondence, marked on packet, carry out data retransmission or storage;
In the exit of home gateway, packet marking is removed, complete the processing data packets process in home gateway.
6. method as claimed in claim 5, it is characterized in that, the method comprises further:
The storage and maintenance of user state information is carried out by user state information memory cell.
7. method as claimed in claim 5, it is characterized in that, the method comprises further:
User submits user authentication information to home gateway, and user authentication information, by inquiry, carries out checking mating with the user profile of storage, return authentication state by home gateway;
If coupling, return user authentication by state, user authentication passes through; Otherwise authentification failure, returns user authentication failure information, completes verification process.
8. method as claimed in claim 5, it is characterized in that, the method comprises further:
User Status is divided into user logins, user publishes and repeats to login three kinds of states with user;
When user logins, gather user's current information write user current state information storing sub-units;
When user log off, by current for user corresponding record write historic user state information storing sub-units, and current record is removed;
When user repeats to login, by current respective user state information write historic user state information storing sub-units, and upgrade user's current state information in user's current state information storing sub-units.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210141291.7A CN102694704B (en) | 2012-05-08 | 2012-05-08 | Home gateway, and distinguishing method of user identities thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210141291.7A CN102694704B (en) | 2012-05-08 | 2012-05-08 | Home gateway, and distinguishing method of user identities thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102694704A CN102694704A (en) | 2012-09-26 |
| CN102694704B true CN102694704B (en) | 2015-07-15 |
Family
ID=46859995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210141291.7A Expired - Fee Related CN102694704B (en) | 2012-05-08 | 2012-05-08 | Home gateway, and distinguishing method of user identities thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102694704B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429867B (en) * | 2014-09-19 | 2019-02-05 | 中国移动通信集团公司 | A kind of pattern of fusion home gateway and its access method of application service |
| CN105591765A (en) * | 2014-10-20 | 2016-05-18 | 中国电信股份有限公司 | Flow positioning method, device and system |
| CN105933466A (en) * | 2016-04-21 | 2016-09-07 | 广西广播电视信息网络股份有限公司 | Method for accurate user identification and serving in data transmission network |
| CN106713301A (en) * | 2016-12-16 | 2017-05-24 | 四川长虹电器股份有限公司 | Internet of Things security defense system for intelligent terminal |
| CN109121136B (en) * | 2017-06-22 | 2022-07-05 | 中国电信股份有限公司 | Network access method, terminal connection method, terminal verification method, gateway and system |
| US10728218B2 (en) * | 2018-02-26 | 2020-07-28 | Mcafee, Llc | Gateway with access checkpoint |
| CN110446214A (en) * | 2018-05-03 | 2019-11-12 | 中兴通讯股份有限公司 | Manage method, device and equipment, the storage medium of network access process |
| CN109525575A (en) * | 2018-11-08 | 2019-03-26 | 北京首信科技股份有限公司 | The method and system of online control |
| CN111565429A (en) * | 2019-02-14 | 2020-08-21 | 中兴通讯股份有限公司 | Method and device for receiving indication information and storage medium |
| CN113163324B (en) * | 2020-01-03 | 2022-11-29 | 中国移动通信集团江西有限公司 | Household user identification method and module |
| WO2023276071A1 (en) * | 2021-06-30 | 2023-01-05 | 楽天グループ株式会社 | Service provision system, service provision method, and program |
| CN114173197A (en) * | 2021-12-04 | 2022-03-11 | 深圳市魔乐视科技有限公司 | Standby method and standby time control system of network set top box |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060062319A (en) * | 2004-12-03 | 2006-06-12 | 삼성에스디에스 주식회사 | Home network gateway for assigning authority and administering connection classfied by user and control method thereof |
| CN101188604A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A right authentication method for network user |
| CN102340504A (en) * | 2011-09-27 | 2012-02-01 | 深圳市深信服电子科技有限公司 | Method, device and system for recognizing remote desktop user identity |
| CN102340526A (en) * | 2010-07-20 | 2012-02-01 | 中国联合网络通信集团有限公司 | Method and system for issuing directed information and home gateway |
-
2012
- 2012-05-08 CN CN201210141291.7A patent/CN102694704B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060062319A (en) * | 2004-12-03 | 2006-06-12 | 삼성에스디에스 주식회사 | Home network gateway for assigning authority and administering connection classfied by user and control method thereof |
| CN101188604A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A right authentication method for network user |
| CN102340526A (en) * | 2010-07-20 | 2012-02-01 | 中国联合网络通信集团有限公司 | Method and system for issuing directed information and home gateway |
| CN102340504A (en) * | 2011-09-27 | 2012-02-01 | 深圳市深信服电子科技有限公司 | Method, device and system for recognizing remote desktop user identity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102694704A (en) | 2012-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102694704B (en) | Home gateway, and distinguishing method of user identities thereof | |
| CN103827866B (en) | Network connection formula WMG for communication network | |
| CN101282254B (en) | Method, system and apparatus for managing household network equipment | |
| US8280978B2 (en) | Demarcation between service provider and user in multi-services gateway device at user premises | |
| CN103024001A (en) | Business scheduling method and device, and fusion equipment | |
| CN104809369B (en) | Packet sets method, client, server and the system of equipment access rights | |
| KR20040076857A (en) | Method, system, and data structure for multimedia communications | |
| CN103856356B (en) | It is a kind of based on user from the home network implementation method of management and control | |
| CN102726069A (en) | Dynamic service groups based on session attributes | |
| CN108769009A (en) | Data communications method, smart machine and intelligent gateway | |
| CN103150621A (en) | Social device resource management | |
| CN103078855A (en) | Method, device and system for realizing equipment access | |
| CN102449978A (en) | Dynamically configuring attributes of a parent circuit on a network element | |
| CN103166950A (en) | Social device anonymity via full, content only, and functionality access views | |
| CN102546330A (en) | Intelligent home system | |
| CN110519306A (en) | A kind of the equipment access control method and device of Internet of Things | |
| CN104683320A (en) | Home network multimedia content sharing access control method and device | |
| CN104349208A (en) | Message processing method, message processing device, gateway, set-top box and network television system | |
| CN104468552B (en) | A kind of connection control method and device | |
| CN102271098B (en) | Networking method and system | |
| US20050002388A1 (en) | Data structure method, and system for multimedia communications | |
| CN103096181B (en) | A kind of provide the method for interactive application business, equipment | |
| CN106686598A (en) | Node accessing method of Zigbee network | |
| CN205901982U (en) | Intelligent network secure communication and stream media play terminal | |
| CN105245376B (en) | Residential quarters network control system based on SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150715 |